-
Posts
206 -
Joined
-
Last visited
-
Days Won
2
Stephan Gebbers's Achievements
-
i got fooled by the way Oscommerce handles admin sessions again. when you use the build in htaccess protection it never logs you out (or automaticly logs you in with htaccess user/pass). i guess i gonna deactivate that and just use standard htaccess with differenc user/pass. confusing as F when you forget how it is supposed to work.
-
I realy like your error handler vor mysql error messages! Good Job!
you think it would work without problems with an older oscommerce version as well?
-
Glad it was helpful. The changes are to parts of the code that are in all oscommerce shops so there shouldn't be any problems.
-
btw: i'm not sure if it is a good idea to send the error_log to the root folder of the shop. i changed that, so it will save it as error_log.txt into folder includes and forbid web access to *.txt in the htaccess of includes folder
also, the email is send but after the query nothing can be added to $msg. it will not show after the error query. not shure why.. i moved the URI line in front of the line with the error query and that shows up in email now.
-
-
strange! i moved with my bootstrapped oscommerce to a new server (debian9, php7, mariadb) and mysql session timeout does not work again. even with the modifications from your addon. but only in admin. catalog user sessions timout as expected. any idea where to look?
Regards,
Stephan
- Show previous comments 3 more
-
In theory, it should work fine. I mean the only thing that admin panel session time entry is doing is being stored in the database table to be applied to the conditional statement in /admin/includes/functions/sessions.php to evaluate the time passed since the last page load.
And, it's the exact same script for the catalog side.
Let me know if you find out. I'm semi-technical and not that great with sessions. I'd be curious to know. Thanks.
-
good to waste some time :/
so, after forever trying to find whats wrong, i took a closer look into the application_top and login.php
check that.
application_top.php
// try to automatically login with the HTTP Authentication values if it exists if (!tep_session_is_registered('auth_ignore')) { if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && !empty($_SERVER['PHP_AUTH_PW'])) { $redirect_origin['auth_user'] = $_SERVER['PHP_AUTH_USER']; $redirect_origin['auth_pw'] = $_SERVER['PHP_AUTH_PW']; } }
and login.php
if (tep_session_is_registered('redirect_origin') && isset($redirect_origin['auth_user']) && !isset($HTTP_POST_VARS['username'])) { $username = tep_db_prepare_input($redirect_origin['auth_user']); $password = tep_db_prepare_input($redirect_origin['auth_pw']); } else { $username = tep_db_prepare_input($HTTP_POST_VARS['username']); $password = tep_db_prepare_input($HTTP_POST_VARS['password']); }
so, it is made by design not to expire when you use htaccess/htpassword function build in with administrators manager within oscommerce. you are getting logged in again and again until you press logoff or restart your browser where you would have to login by httpauth again.
good to know :/ so now, without the build in htaccess/htpasswd function it works as expected. the session runs out and i have to relogin.
but one question lasts.. why did it not work as supposed to on my old server? :D
-
yeah, that's good to know, ...I have not set up the htpassword protection on the new BS Edge development site for the admin login yet. So, I did not test that piece of it with the modified contribution, though I thought it should not make a difference.
I'm not sure as to why it did not work on the other server.
I'll try and test it on my set-up at some point. Thank you for the follow-up.
Demitry