Latest News: (loading..)
Sign in to follow this  
Followers 0
wizardsandwars

Auto Login BUG

42 posts in this topic

I downloaded this last nite and got it installed.

 

It appeared to be working nicely. However, when I went to this site,

 

http://www.searchengineworld.com/cgi-bin/s.../sim_spider.cgi

 

I discovered that with the autologin enabled, the spiders can't see your site, at all.

 

If anyone out there is useing this contribution, make sure you go there and see if spiders can see YOUR website.

Share this post


Link to post
Share on other sites

hey Wizards,

 

I noticed the same thing too when I installed it... it is because most spiders (maybe all) do not spider secure pages (HTTPS/SSL) and the autologin routine redirects through HTTPS.

 

a quick fix is to check if the user has cookies enabled. if they do, then do the autologin routine. if not, then do not do it b/c they are either a bot or have cookies disabled (neither of which can use the autologin anyways).

 

I just came up with this, installed it, and then tested on the search engine spider sim and my pages can now be spidered... also cookie users can still auto login.

 

HERE IT IS:

 

in includes/modules/autologin.php, place this code before the start of the autologin code (at the very top after the comments):

setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60); 



$cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"]; 



if ($cookieinfo == "CookieOn") {

 

basically sets a temp cookie to determine if cookies are enabled, and if so, then continues with the auto login routine. if not, then it is skipped over (no HTTPS redirect, so we get spidered!)

 

also, at the end of the autologin.php files, you will need to close the if statement, so put a } right before the closing ?>:

}

?>

 

Also, what I am thinking of doing, is that since only cookied users can use the autologin, only present the option to them on login.php using the same if statement (or perhaps placing it in application_top.php and setting a variable like $COOKIES_ENABLED = true and then the check for cookies would just become if ($COOKIES_ENABLED == true) to use across different pages to check if the user has enabled cookies.

 

Also, after the check, it might be a good idea to delete the temp cookie since we create it on every page to check for cookies enabled, but I haven't thought that far ahead.

Share this post


Link to post
Share on other sites

Nice work!

 

OK, I'll put this in tonight, and I'll look at some of your other suggestions, as well.

 

I hadn't realized that spiders couldn't spider a site on SSL. In fact, I put almost the entire shop on SSL. In other words, once the customer hits a secure page, he says in secured pages until he leaves. That way there are no warnings that they are "about to leave a sucure page" and what not.

Share this post


Link to post
Share on other sites

Wizards,

 

I changed it some... I moved the cookie test to application_top, so that on a few other pages, I can check if cookies are on alot easier...

 

so in application_top.php I added:

// Determine if cookies are enabled  

setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60); 

$cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"]; 

if ($cookieinfo == "CookieOn") {

global $cookies_on;

 $cookies_on = true;

}

 

I dunno if it matters where it goes, but I put if right after the require configure line (about line 35).

 

so then in modules/autologon.php, I took out the cookie check since I moved it to app_top, and use this now:

if ($cookies_on == true) {

 

then in /login.php, the part that was added in from the contrib for users to select if they want to be remembered, I changed from:

if (ALLOW_AUTOLOGON != 'false') {

to

if ((ALLOW_AUTOLOGON != 'false') && ($cookies_on == true)) {

this way, if a user has cookies disabled, they don't even see a hint of the autologin feature, since it doesn't work for them...

 

I think we have something now :D

Share this post


Link to post
Share on other sites

Hi,

 

sorry i am a dummy and cant figure out what do you mean by

 

so then in modules/autologon.php, I took out the cookie check since I moved it to app_top, and use this now:  

 if ($cookies_on == true) {

 

could you possibly explain what changes you made in

/catalog/includes/modulesautologon.php

and

/cataloge/login.php

 

thank you

 

Hats

Share this post


Link to post
Share on other sites

Hi Hatimad,

 

You are not a dummy ... it just sounds more complicated than it is. Add the text in red (I think it is around line 185ish in /catalog/includes/application_top.php):

 

// define how the session functions will be used

require(DIR_WS_FUNCTIONS . 'sessions.php');

tep_session_name('osCsid');

 

// Determine if cookies are enabled

setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60);

$cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"];

if ($cookieinfo == "CookieOn") {

global $cookies_on;

$cookies_on = true;

}

 

// include the database functions

require(DIR_WS_FUNCTIONS . 'database.php');

 

Edit the very bottom of the same file where it says HMCS:Begin Autologon (Remember the green text is already there ... just add the code in red):

 

// HMCS: Begin Autologon ******************************************************************

if ($cookies_on == true) {

if (ALLOW_AUTOLOGON == 'true') { // Is Autologon enabled?

if (basename($PHP_SELF) != FILENAME_LOGIN) { // yes

if (!tep_session_is_registered('customer_id')) {

include('includes/modules/autologon.php');

}

}

} else {

setcookie("email_address", "", time() - 3600, $cookie_path); //no, delete email_address cookie

setcookie("password", "", time() - 3600, $cookie_path); //no, delete password cookie

}

}

// HMCS: End Autologon ******************************************************************

 

I hope this is useful to you.

Share this post


Link to post
Share on other sites

Hi Mike,

 

thanks a lot, i did exactly what you said but it still shows the SID along with my default.php

 

am i suppose to make any changes in

 

/catalog/includes/modules/autologon.php

and

/cataloge/login.php

 

thanks for your help

 

hats

Share this post


Link to post
Share on other sites

Hi,

 

i typed in url of my default.php and it spidered all my links but SID was attached with all of the links

 

when other search engins spiders do they spider it with sid?

 

thanks

 

Hats

Share this post


Link to post
Share on other sites

i tried to install SID killer few days ago, but since autologon was installed it didnt let it work. it will get stuck at the logoff and wont go ahead, and show me the blank page

 

 

i will try to install it again since i have applied your fix to the autologon contibution and let you know

 

thanks for your help

 

Hats

Share this post


Link to post
Share on other sites

ohh... sorry for not replying earlier... quite some time ago I dumped the autologin... I had it installed for about 30 minutes and decided, ya know its just not worth it... its a neat idea, but the way it works, re-reouting every page through login/logoff.php just makes for alot of headaches...

 

it is a great idea I think, just needs to be worked on some I think.

Share this post


Link to post
Share on other sites

Hi,

 

i tried to install the SID killer again but the same problem it gets stuck at logoff.php in secure server and keeps refrashing blank logoff.php

 

Joshua,

can you give me idea how did you make it work?

 

thank you

Share this post


Link to post
Share on other sites

Hatimad,

 

as far as I know, the Sid Killer will not work properly is you have SSL on a different server as you regular domain.

Share this post


Link to post
Share on other sites

ok, i just now removed the autologon contribution and installed SID Killer v1.2

 

i checked my site at http://www.searchengineworld.com/cgi-bin/s.../sim_spider.cgi and there is no session ID attached to the links

 

as far as I know, the Sid Killer will not work properly is you have SSL on a different server as you regular domain

 

is there any known problem i am missing?

 

thanks

Share this post


Link to post
Share on other sites

yes you are right i noticed it...thanks for pointing it out..

 

any solutions?

 

thanks

Share this post


Link to post
Share on other sites

Guys.....for some reason this mod isn't physically installing a cookie on my machine. I've done everything I can......but no luck.

 

I do have cookies enabled, and am getting them from other sites. I tested it using the code above, and cookies are on...

 

I actually get a cookie on my machine (the temp test cookie) but I don't get the actual logon cookie.

 

Guys?

 

Thanks,

-Chris

Edited by blueline

Share this post


Link to post
Share on other sites
Guys.....for some reason this mod isn't physically installing a cookie on my machine. I've done everything I can......but no luck.

 

I do have cookies enabled, and am getting them from other sites. I tested it using the code above, and cookies are on...

 

I actually get a cookie on my machine (the temp test cookie) but I don't get the actual logon cookie.

 

Guys?

 

Thanks,

-Chris

Hey Chris,

 

I had the same problem...I've been working on getting this implemented on my site but have been very frustrated. What I found was the problem for me was that I was using the "Use Search -Engine Safe URLs" option but contribution works off of a PHP get path which pulled up "action" for my path. Try sorting your cookies by when they were last modified and play around with it. My cookies were coming up with the domain "action." You need to go into the code if you are having this problem...

 

Hope that helps...

 

Although I'm having a problem of my own. The Autologon feature works great on my computer, but whenever I use my brother's computer, login, close the browser, and open up the site again, I get automatically sent to a secured logoff page. So maybe someone can help me with that one?

 

Maybe the wizards might return and give some help...

 

Thanks

 

-Aaron

Edited by aedmonds

Share this post


Link to post
Share on other sites

Actually, I am not getting a cookie installed at all. I tried the "test" cookie process in application_top and that works, but the auto login cookies just don't install....

Share this post


Link to post
Share on other sites
Actually, I am not getting a cookie installed at all. I tried the "test" cookie process in application_top and that works, but the auto login cookies just don't install....

Is your "test" cookie being called with the PHP setcookie function or the OSC tep_setcoookie function? I changed all of mine to use the tep_setcookie function...not sure if that makes any difference... <_<

 

Another thing I did was I changed all of the:

$cookie_url_array = parse_url((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . substr(DIR_WS_CATALOG, 0, -1));
$cookie_path = $cookie_url_array['path'];

to the following:

if (function_exists('session_set_cookie_params')) {
session_set_cookie_params(0, $cookie_path, $cookie_domain);
} elseif (function_exists('ini_set')) {
 ini_set('session.cookie_lifetime', '0');
 ini_set('session.cookie_path', $cookie_path);
 ini_set('session.cookie_domain', $cookie_domain);
}

 

Not sure if that has any effect either...guess we'll find out now, won't we....

 

Can somebody tell me if that will effect OSC in any negative way?

 

Thanks

 

-Aaron

Share this post


Link to post
Share on other sites

Actually, the "test" cookie is being called with the setcookie function that comes with PHP. That works.

 

The other cookie which is being called by the tep_setcookie function is not working.

 

I have included the code below so that you can see.

 

The "test" cookie

// Determine if cookies are enabled  
setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60); 
$cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"]; 
if ($cookieinfo == "CookieOn") {
global $cookies_on;
$cookies_on = true;
}

 

The "autologin" cookie

// HMCS: Begin Autologon	******************************************************************
if ($cookies_on == true) { 
if (ALLOW_AUTOLOGON == 'true') {                                // Is Autologon enabled?
 if (basename($PHP_SELF) != FILENAME_LOGIN) {                  // yes
   if (!tep_session_is_registered('customer_id')) {
     include('includes/modules/autologon.php');
}
 }
} else {
 setcookie("email_address", "", time() - 3600, $cookie_path);  //no, delete email_address cookie
 setcookie("password", "", time() - 3600, $cookie_path);       //no, delete password cookie
}
}
// HMCS: End Autologon  ******************************************************************

 

Thanks a bunch guys.

-Chris

Share this post


Link to post
Share on other sites

Actually Chris, the autologn cookie code that you posted is only deleting the cookie. Notice how it is giving a value of "" and the time is set for the past.

 

Lets see what is in your autologon.php code...

Share this post


Link to post
Share on other sites

Here ya go. Thanks for the help.

 

<?php
/*
 $Id: autologon.php,v 1.11 2003/01/18 20:00:00  Exp $

 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce
 Copyright (c) 2003 HMCservices
 Released under the GNU General Public License
*/
if ($cookies_on == true) {

$cookie_url_array = parse_url((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . substr(DIR_WS_CATALOG, 0, -1));
$cookie_path = $cookie_url_array['path'];	
if (($email_address != "") && ($password != "")) {
 $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
 if (tep_db_num_rows($check_customer_query)) {
   $check_customer = tep_db_fetch_array($check_customer_query);
   if (tep_validate_password($password, $check_customer['customers_password'])) {
      if (SESSION_RECREATE == 'True') {
         tep_session_recreate();
       }
     $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'");
     $check_country = tep_db_fetch_array($check_country_query);

     $customer_id = $check_customer['customers_id'];
     $customer_default_address_id = $check_customer['customers_default_address_id'];
     $customer_first_name = $check_customer['customers_firstname'];
     $customer_country_id = $check_country['entry_country_id'];
     $customer_zone_id = $check_country['entry_zone_id'];
     if(!tep_session_is_registered('customer_id'))
         tep_session_register('customer_id');
     if(!tep_session_is_registered('customer_default_address_id'))
         tep_session_register('customer_default_address_id');
     if(!tep_session_is_registered('customer_first_name'))
  tep_session_register('customer_first_name');
     if(!tep_session_is_registered('customer_country_id'))
         tep_session_register('customer_country_id');
     if(!tep_session_is_registered('customer_zone_id'))
         tep_session_register('customer_zone_id');

     setcookie('email_address', $email_address, time()+ (365 * 24 * 3600), $cookie_path, '', ((getenv('HTTPS') == 'on') ? 1 : 0));
     setcookie('password', $check_customer['customers_password'], time()+ (365 * 24 * 3600), $cookie_path, '', ((getenv('HTTPS') == 'on') ? 1 : 0));
     $date_now = date('Y-m-d');
     $qr = "update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . $customer_id . "'";
     tep_db_query($qr);
     $cart->restore_contents();    // restore cart contents
   }
 }
} else {
 if($autologon_executed != 'true'){
   $autologon_page = '<html><head><meta http-equiv="Refresh" content="0;URL=' . tep_href_link(FILENAME_LOGOFF, '', 'SSL') . '"></head><body></body></html>';
   $autologon_link = ((getenv('HTTPS') == 'on') ? 'https://' : 'http://') . $SERVER_NAME . $REQUEST_URI . (strpos($REQUEST_URI, "?") ? '&' : '?') . SID;
   $autologon_executed = 'true';
   if(!tep_session_is_registered('autologon_link'))
       tep_session_register('autologon_link');
   if(!tep_session_is_registered('autologon_executed'))
tep_session_register('autologon_executed');
   tep_session_close();
   exit($autologon_page);
 }
}
if (tep_session_is_registered('autologon_link')) {
 $x = $autologon_link;
 tep_session_unregister('autologon_link');
 tep_redirect($x);
}
}
?>

 

Thanks again/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0