41 replies to this topic

[wizardsandwars]

I downloaded this last nite and got it installed.

It appeared to be working nicely. However, when I went to this site,

http://www.searchengineworld.com/cgi-bin/s.../sim_spider.cgi

I discovered that with the autologin enabled, the spiders can't see your site, at all.

If anyone out there is useing this contribution, make sure you go there and see if spiders can see YOUR website.

[dreamscape]

hey Wizards,

I noticed the same thing too when I installed it... it is because most spiders (maybe all) do not spider secure pages (HTTPS/SSL) and the autologin routine redirects through HTTPS.

a quick fix is to check if the user has cookies enabled.  if they do, then do the autologin routine.  if not, then do not do it b/c they are either a bot or have cookies disabled (neither of which can use the autologin anyways).

I just came up with this, installed it, and then tested on the search engine spider sim and my pages can now be spidered... also cookie users can still auto login.

HERE IT IS:

in includes/modules/autologin.php, place this code before the start of the autologin code (at the very top after the comments):

setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60); 



$cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"]; 



if ($cookieinfo == "CookieOn") {

basically sets a temp cookie to determine if cookies are enabled, and if so, then continues with the auto login routine.  if not, then it is skipped over (no HTTPS redirect, so we get spidered!)

also, at the end of the autologin.php files, you will need to close the if statement, so put a } right before the closing ?>:

}

?>

Also, what I am thinking of doing, is that since only cookied users can use the autologin, only present the option to them on login.php using the same if statement (or perhaps placing it in application_top.php and setting a variable like $COOKIES_ENABLED = true and then the check for cookies would just become if ($COOKIES_ENABLED == true) to use across different pages to check if the user has enabled cookies.

Also, after the check, it might be a good idea to delete the temp cookie since we create it on every page to check for cookies enabled, but I haven't thought that far ahead.

[wizardsandwars]

Nice work!

OK, I'll put this in tonight, and I'll look at some of your other suggestions, as well.

I hadn't realized that spiders couldn't spider a site on SSL. In fact, I put almost the entire shop on SSL. In other words, once the customer hits a secure page, he says in secured pages until he leaves. That way there are no warnings that they are "about to leave a sucure page" and what not.

[dreamscape]

Wizards,

I changed it some... I moved the cookie test to application_top, so that on a few other pages, I can check if cookies are on alot easier...

so in application_top.php I added:

// Determine if cookies are enabled  

setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60); 

$cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"]; 

if ($cookieinfo == "CookieOn") {

global $cookies_on;

  $cookies_on = true;

}

I dunno if it matters where it goes, but I put if right after the require configure line (about line 35).

so then in modules/autologon.php, I took out the cookie check since I moved it to app_top, and use this now:

if ($cookies_on == true) {

then in /login.php, the part that was added in from the contrib for users to select if they want to be remembered, I changed from:

if (ALLOW_AUTOLOGON != 'false') {

to

if ((ALLOW_AUTOLOGON != 'false') && ($cookies_on == true)) {

this way, if a user has cookies disabled, they don't even see a hint of the autologin feature, since it doesn't work for them...

I think we have something now  

[hatimad]

Hi,

sorry i am a dummy and cant figure out what do you mean by

Quote

so then in modules/autologon.php, I took out the cookie check since I moved it to app_top, and use this now:  

 if ($cookies_on == true) {

could you possibly explain what changes you made in
/catalog/includes/modulesautologon.php
and
/cataloge/login.php

thank you

Hats

[hatimad]

can anyone help?

[mikerat]

Hi Hatimad,

You are not a dummy ... it just sounds more complicated than it is.  Add the text in red (I think it is around line 185ish in /catalog/includes/application_top.php):

// define how the session functions will be used
  require(DIR_WS_FUNCTIONS . 'sessions.php');
  tep_session_name('osCsid');

// Determine if cookies are enabled  
setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60);
$cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"];
if ($cookieinfo == "CookieOn") {
  global $cookies_on;
  $cookies_on = true;
}

// include the database functions
  require(DIR_WS_FUNCTIONS . 'database.php');

Edit the very bottom of the same file where it says HMCS:Begin Autologon (Remember the green text is already there ... just add the code in red):

// HMCS: Begin Autologon ******************************************************************
if ($cookies_on == true) {
  if (ALLOW_AUTOLOGON == 'true') {                                // Is Autologon enabled?
    if (basename($PHP_SELF) != FILENAME_LOGIN) {                  // yes
      if (!tep_session_is_registered('customer_id')) {
        include('includes/modules/autologon.php');
  }
    }
  } else {
    setcookie("email_address", "", time() - 3600, $cookie_path);  //no, delete email_address cookie
    setcookie("password", "", time() - 3600, $cookie_path);       //no, delete password cookie
  }
}
// HMCS: End Autologon ******************************************************************

I hope this is useful to you.

[hatimad]

Hi Mike,

thanks a lot, i did exactly what you said but it still shows the SID along with my default.php

am i suppose to make any changes in

/catalog/includes/modules/autologon.php
and
/cataloge/login.php

thanks for your help

hats

[mikerat]

Go to this online spider simulator and check if the search engines can see your links:

http://www.searchengineworld.com/cgi-bin/s.../sim_spider.cgi

After you type in your domain it will list any links it sees.

Let me know if this helps.

[hatimad]

Hi,

i typed in url of my default.php and it spidered all my links but SID was attached with all of the links

when other search engins spiders do they spider it with sid?

thanks

Hats

[mikerat]

Yes, they do.  There is a workaround that disables the SID for the search engines.  Just go to this thread http://forums.oscommerce.com/viewtopic.php...ight=sid+killer and follow the instructions at the start of the thread ... it works just fine for me.

[hatimad]

i tried to install SID killer few days ago, but since autologon was installed it didnt let it work. it will get stuck at the logoff and wont go ahead, and show me the blank page


i will try to install it again since i have applied your fix to the autologon contibution and let you know

thanks for your help

Hats

[dreamscape]

ohh... sorry for not replying earlier... quite some time ago I dumped the autologin... I had it installed for about 30 minutes and decided, ya know its just not worth it... its a neat idea, but the way it works, re-reouting every page through login/logoff.php just makes for alot of headaches...

it is a great idea I think, just needs to be worked on some I think.

[hatimad]

Hi,

i tried to install the SID killer again but the same problem it gets stuck at logoff.php in secure server and keeps refrashing blank logoff.php

Joshua,
can you give me idea how did you make it work?

thank you

[wizardsandwars]

Hatimad,

as far as I know, the Sid Killer will not work properly is you have SSL on a different server as you regular domain.

[hatimad]

ok, i just now removed the autologon contribution and installed SID Killer v1.2

i checked my site at http://www.searchengineworld.com/cgi-bin/s.../sim_spider.cgi and there is no session ID attached to the links

Quote

as far as I know, the Sid Killer will not work properly is you have SSL on a different server as you regular domain

is there any known problem i am missing?

thanks

[wizardsandwars]

Well, many people have problems with it logging me out when I go from a SSL page to a non SSL page.

[hatimad]

yes you are right i noticed it...thanks for pointing it out..

any solutions?

thanks

[blueline]

Guys.....for some reason this mod isn't physically installing a cookie on my machine. I've done everything I can......but no luck.

I do have cookies enabled, and am getting them from other sites. I tested it using the code above, and cookies are on...

I actually get a cookie on my machine (the temp test cookie) but I don't get the actual logon cookie.

Guys?

Thanks,
-Chris

Edited by blueline, 15 November 2003 - 06:03 PM.

[aedmonds]

blueline, on Nov 15 2003, 10:00 AM, said:

Guys.....for some reason this mod isn't physically installing a cookie on my machine. I've done everything I can......but no luck.

I do have cookies enabled, and am getting them from other sites. I tested it using the code above, and cookies are on...

I actually get a cookie on my machine (the temp test cookie) but I don't get the actual logon cookie.

Guys?

Thanks,
-Chris

Hey Chris,

I had the same problem...I've been working on getting this implemented on my site but have been very frustrated. What I found was the problem for me was that I was using the "Use Search -Engine Safe URLs" option but contribution works off of a PHP get path which pulled up "action" for my path. Try sorting your cookies by when they were last modified and play around with it. My cookies were coming up with the domain "action." You need to go into the code if you are having this problem...

Hope that helps...

Although I'm having a problem of my own. The Autologon feature works great on my computer, but whenever I use my brother's computer, login, close the browser, and open up the site again, I get automatically sent to a secured logoff page. So maybe someone can help me with that one?

Maybe the wizards might return and give some help...

Thanks

-Aaron

Edited by aedmonds, 20 November 2003 - 10:07 PM.