61 replies to this topic

[chance_plus]

Hello i french
i a version oscommerce-2.3.1 installed, i try autologon but this work when i remove the if condition in autologon.php
//THE IF
if (tep_validate_password($password, $check_customer['customers_password'])) {

are you a solution for replace this, i thinks it's now not secure, thanks.

[Jack_mcs]

chance_plus, on 29 December 2010, 21:19, said:

Hello i french
i a version oscommerce-2.3.1 installed, i try autologon but this work when i remove the if condition in autologon.php
//THE IF
if (tep_validate_password($password, $check_customer['customers_password'])) {

are you a solution for replace this, i thinks it's now not secure, thanks.

I don't know what section of code you are referring to but it works fine in pre-2.3 shops and there is only once change needed for it to work in 2.3 shops so I don't see a problem.

[kyser]

Jack_mcs, on 29 December 2010, 23:59, said:

I don't know what section of code you are referring to but it works fine in pre-2.3 shops and there is only once change needed for it to work in 2.3 shops so I don't see a problem.

what is the modification for 2.3 or 2.3.1? , I updated my 2.2 to 2.3.1 via the update instruction , is it not a real 2.3
I installed your contribution , but I can not make it works, perhaps, I need the modifications you are talking about

thanks!!!!

[Jack_mcs]

kyser, on 03 January 2011, 18:58, said:

what is the modification for 2.3 or 2.3.1? , I updated my 2.2 to 2.3.1 via the update instruction , is it not a real 2.3
I installed your contribution , but I can not make it works, perhaps, I need the modifications you are talking about

thanks!!!!

For the changes to the login.php file, this section of code

<?php // HMCS: Begin Autologon	********************************************************** ?>
<script language="javascript"><!--
function win_autologon() {
  window.open("<?php echo FILENAME_INFO_AUTOLOGON; ?>","info_autologon","height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes").focus();
}
//--></script>
<?php // HMCS: End	Autologon	**********************************************************  ?>

should be placed after this in the 2.3 login.php file

  require(DIR_WS_INCLUDES . 'template_top.php');
?>

I haven't tried installing it in a 2.3 shop yet but that should allow it to work.

[kyser]

Jack_mcs, on 03 January 2011, 19:15, said:

For the changes to the login.php file, this section of code

<?php // HMCS: Begin Autologon	********************************************************** ?>
<script language="javascript"><!--
function win_autologon() {
  window.open("<?php echo FILENAME_INFO_AUTOLOGON; ?>","info_autologon","height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes").focus();
}
//--></script>
<?php // HMCS: End	Autologon	**********************************************************  ?>

should be placed after this in the 2.3 login.php file

  require(DIR_WS_INCLUDES . 'template_top.php');
?>

I haven't tried installing it in a 2.3 shop yet but that should allow it to work.

you should try , I notice that the function 'tep_validate_password($plain, $encrypted)' { is different with 2.3(1)
I can 't make it works , do we have to set ssl , is it compulsory?? I notice that I got 2 cookies which expire in 2012 in firefox , however when I log off and go back to account.php again ,it does not log automatically. the Id (osCsid=3abdac709ac4fb48b81a89b4d5f539a3) is changing every time when I go to account

thanks

Edited by kyser, 04 January 2011, 03:41.

[kyser]

If I am already logged and I open an other web tab to the root of the catalog , I should be automatically logged again ???
does it works on google chrome ?

Edited by kyser, 04 January 2011, 03:53.

[Jack_mcs]

I'll look at it when I get a chance.

[kyser]

Jack_mcs, on 04 January 2011, 04:34, said:

I'll look at it when I get a chance.

Finally I could make it work , as a member say before
we need to turn off this condition for 2.3(1):
"if (tep_validate_password($password, $check_customer['customers_password'])) {"


As I say before, the password encryption is different in 2.3(1)
that's why something wrongs about that I guess.

Anyways, by this reply I would especially present all my respects and my gratitude for your contribution...

Thanks Jack!

[kyser]

when I log with ssl activated the cookies are set in .site.com (cookie path for https)
however when I click on product or page link not secured (http), I am not logged
I guest it is normal due to the fact that cookies are set in .site.com path only and not in www.site.com path (cookie path for http)

how can I do to set loging's cookies in http and https domains in the same time in order to switch easily from secure page to unsecured page without probs?

thanks!

Edited by kyser, 15 January 2011, 06:17.

[Jack_mcs]

The overall cookier doamin is set in the configure file of your shop.

[kyser]

Jack_mcs, on 15 January 2011, 11:18, said:

The overall cookier doamin is set in the configure file of your shop.

you are right! , the problem has no connections with autologon , I discovered that suhosin made the problem by encrypting session name!

by the way , is it possible to autologon customers directly via the index page instead of login or account page ?

thanks for your attention

[Jack_mcs]

Once the customer sets up the login so that a cookie is on their computer, when they return they should be logged in without ever going to the login page.

[kyser]

Jack_mcs, on 19 January 2011, 15:46, said:

Once the customer sets up the login so that a cookie is on their computer, when they return they should be logged in without ever going to the login page.

however, with ssl activated, secured pages and unsecured pages use different cookies connected with two different domain names,
if I am correct, according to the fact that the cookies (email_address and password) are set only in secured page (ex: loging.php), the index page (http:// , not secured) can't access to the https cookies. In my case , after some time I am loosing my autologon on unsecured pages , but right after I clicked "account" (https), I am logged automatically again in all pages of the website thanks to your contribution.

your contribution set new cookies (email_address and password) for one year , it does not affect "osCsid" cookies (expired when the web browser is closed, according to the cookie data in the web browser)

please, correct me if I am wrong and give me some tips if my autologon installation seems to be mistaken

thanks!!!!!!!!!!!

Edited by kyser, 19 January 2011, 20:53.

[Jack_mcs]

kyser, on 19 January 2011, 20:50, said:

however, with ssl activated, secured pages and unsecured pages use different cookies connected with two different domain names,
if I am correct, according to the fact that the cookies (email_address and password) are set only in secured page (ex: loging.php), the index page (http:// , not secured) can't access to the https cookies. In my case , after some time I am loosing my autologon on unsecured pages , but right after I clicked "account" (https), I am logged automatically again in all pages of the website thanks to your contribution.

your contribution set new cookies (email_address and password) for one year , it does not affect "osCsid" cookies (expired when the web browser is closed, according to the cookie data in the web browser)

I don't have an answer for you. It works correctly for shops I've installed it into, though none have been 2.3 shops. Assuming the changes you made are correct, my guess is that your configure file is not setup correctly.

[kyser]

Jack_mcs, on 20 January 2011, 00:22, said:

I don't have an answer for you. It works correctly for shops I've installed it into, though none have been 2.3 shops. Assuming the changes you made are correct, my guess is that your configure file is not setup correctly.

<?php
define('HTTP_SERVER', 'http://www.site.com');
define('HTTPS_SERVER', 'https://www.site.com');
define('ENABLE_SSL', true);
define('HTTP_COOKIE_DOMAIN', '.site.com');
define('HTTPS_COOKIE_DOMAIN', '.site.com');
define('HTTP_COOKIE_PATH', '/xxxx/');
define('HTTPS_COOKIE_PATH', '/xxxx/');
define('DIR_WS_HTTP_CATALOG', '/xxxx/');
define('DIR_WS_HTTPS_CATALOG', '/xxxx/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_QUANTITY_ICONS', DIR_WS_ICONS . 'qicons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
define('DIR_FS_CATALOG', '/home/admin/domains/xxxx/public_html/xxxxx/');
define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

define('DB_SERVER', 'localhost');
define('DB_SERVER_USERNAME', 'xxxx');
define('DB_SERVER_PASSWORD', 'xxx');
define('DB_DATABASE', 'xxxx');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', 'mysql');
?>

in session under admin , "force cookies and recreate session have to be desactivated ?

Edited by kyser, 20 January 2011, 10:05.

[Jack_mcs]

kyser, on 20 January 2011, 09:58, said:

define('HTTP_COOKIE_DOMAIN', '.site.com');
define('HTTPS_COOKIE_DOMAIN', '.site.com');

in session under admin , "force cookies and recreate session have to be desactivated ?

Try changing the above to

.www.site.com

Force cookies should be off, generally speaking. I haven't tested it with this contribution since I never run a shop with it on so I can't say if that is the cause or not but it is worth a try. Be sure to enable Prevent Spider Sessions if Force Cookies is off.

[kyser]

Jack_mcs, on 20 January 2011, 14:27, said:

Try changing the above to

.www.site.com

Force cookies should be off, generally speaking. I haven't tested it with this contribution since I never run a shop with it on so I can't say if that is the cause or not but it is worth a try. Be sure to enable Prevent Spider Sessions if Force Cookies is off.

when you log the first time via login.php with https, after some months , your shop can autolog in any http pages directly or do you need to reach a https page ?
do you have a shop which use autologon , I would like to check its behavior

thanks!

Edited by kyser, 20 January 2011, 17:17.

[Jack_mcs]

kyser, on 20 January 2011, 17:16, said:

when you log the first time via login.php with https, after some months , your shop can autolog in any http pages directly or do you need to reach a https page ?
do you have a shop which use autologon , I would like to check its behavior

thanks!

The login is done automatically. If you create a login today and then come back tomorrow, as soon as you go to the home page, you will be logged in. Yes, I have shops that it is installed in but they are not for testing. I sugget you install a blank RC2 shop and test it since the contribution is known to work with it. If that works, you can then use it for comparing. If it doesn't, then there is something wrong with your setup.

[RMD27]

Guys

My php & html knowledge is non existent which will become apparent when I tell you my issue

I have this in the login.php

</script>
<?php // HMCS: Begin Autologon	********************************************************** ?>
<script language="javascript"><!--
function win_autologon() {
  window.open("<?php echo FILENAME_INFO_AUTOLOGON; ?>","info_autologon","height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes").focus();
}
//--></script>
<?php // HMCS: End	Autologon	*****************************
</head>
<body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0">
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->

and I get the error


Parse error: syntax error, unexpected '<' in /home/***/***/login.php on line 123


Line 123 is </head>

Any pointers on sorting this issue is appreciated!

EDIT


Okay, I sorted my mistake, I didnt see the ?> at the end of the *****************************************

Edited by RMD27, 24 February 2011, 14:03.

[RMD27]

Hello!

This contribution was working fine on my shop [img]http://forums.oscommerce.com/public/style_emoticons/default/thumbsup.gif[/img] until I implemented SSL.[img]http://forums.oscommerce.com/public/style_emoticons/default/sad.gif[/img]

Now it doesn't work at all. I/customers have to manually log in

Anyone have a clue as to what I need to check to sort out this problem???[img]http://forums.oscommerce.com/public/style_emoticons/default/huh.gif[/img]

Shop is v2.2 RC2

Edited by RMD27, 16 March 2011, 07:48.