Jump to content
Sign in to follow this  
420

Autologin Secure 2.0 - anyone get it to work?

Recommended Posts

Same here.

-----------------------

2.

just a hint for those who would like to use this also for customers with dynamic IP addresses (theoratically, because I could not test yet)

 

Just go the the autologin.php and do this in function tep_autologincookie

 

 ? ?setcookie( "osC_AutoCookieLogin", md5($check_customer['customers_id'].$check_customer['customers_email_address'].$check_customer['customers_password']), time()+60*60*24*14, "/", ?"", 0 );

 

and in the function tep_doautologin

 

? ?

$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where md5(CONCAT(customers_id,customers_email_address,customers_password'))= '" . $HTTP_COOKIE_VARS['osC_AutoCookieLogin'] . "'");

 

 

 

Ok, I actually have this contribution working fine. It does what it is supposed to do. It remembers me...unless my IP address change, then I have to log back in. So I tried to do the above, but I got this:

 

1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''))= 'd740638457ced3f7f502fb0ec6c618af'' at line 1

select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from customers where md5(CONCAT(customers_id,customers_email_address,customers_password'))= 'd740638457ced3f7f502fb0ec6c618af'

[TEP STOP]

 

Any help?

 

Oh and here is my revelant code:

function tep_autologincookie ($on) {
global $customer_id;
if ($on) {
    if (tep_session_is_registered('customer_id')) {

     $check_customer_query = tep_db_query("select customers_id, customers_password, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
     if (tep_db_num_rows($check_customer_query)) {
// 	 echo "COOKIE ON";
   $check_customer = tep_db_fetch_array($check_customer_query);
   $ip_address = tep_get_ip_address();
       setcookie( "osC_AutoCookieLogin", md5($check_customer['customers_id'].$check_customer['customers_email_address'].$check_customer['customers_password']), time()+60*60*24*14, "/",  "", 0 );
     }
 }
   } else {
//  echo "COOKIE OFF";
    setcookie( "osC_AutoCookieLogin", "", 0, "/",  "", 0 );
}
}


function tep_doautologin () {
global $HTTP_COOKIE_VARS, $cart, $customer_id, $customer_default_address_id, $customer_first_name, $customer_country_id, $customer_zone_id;
global $navigation;
if (isset($HTTP_COOKIE_VARS['osC_AutoCookieLogin'])) {
   $ip_address = tep_get_ip_address();
     $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where md5(CONCAT(customers_id,customers_email_address,customers_password'))= '" . $HTTP_COOKIE_VARS['osC_AutoCookieLogin'] . "'");
   if (tep_db_num_rows($check_customer_query)) {
    $check_customer = tep_db_fetch_array($check_customer_query);
    if (SESSION_RECREATE == 'True') {
     tep_session_recreate();
    }

Edited by TCwho

Share this post


Link to post
Share on other sites

OK I have fixed the problem. For those that want to take out the IP Address check.... instead of the code changes mentioned in the First page..

 

this is working for me so far...:

 

        setcookie( "osC_AutoCookieLogin", md5($check_customer['customers_id'].$check_customer['customers_email_address'].$check_customer['customers_password']), time()+60*60*24*14, "/",  "", 0 );

 

The above is the same as code in first page... but here is the corrected code for second part:

 

    $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where md5(CONCAT(customers_id,customers_email_address,customers_password,'" . "'))= '" . $HTTP_COOKIE_VARS['osC_AutoCookieLogin'] . "'");

 

Hope this helps others!

Edited by TCwho

Share this post


Link to post
Share on other sites

hi, could I see that code working?

 

I tried it but I get the biggest mess (with any code on this thread), the remember me is clicked, browser closed, the reopened, not recognised, clicking account or shopping cart and get page not found ... UGH ...


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites
hi, could I see that code working?

 

I tried it but I get the biggest mess (with any code on this thread), the remember me is clicked, browser closed, the reopened, not recognised, clicking account or shopping cart and get page not found ... UGH ...

 

here is my configure.php (without the database info)

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.painted4kids.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://painted4kids.hostexcellence.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'http://painted4kids.com');
 define('HTTPS_COOKIE_DOMAIN', 'https://painted4kids.hostexcellence.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/hsphere/local/home/kristin/painted4kids.com/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites

Here is how I have mine setup. Note that I have a ' . ' in the cookie domain ...

 

  define('HTTP_SERVER', 'http://www.My_Domain_Here.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.My_Domain_Here.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', '.My_Domain_Here.com');
 define('HTTPS_COOKIE_DOMAIN', '.My_Domain_Here.com');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');

 

But one thing I forgot to mention also. If I were you I would disable the ssl settings for a moment to make sure to see if it works ... if it does work then you know for sure its your setup in configure... if it doesnt work... >>one step closer down troubleshooting list

Share this post


Link to post
Share on other sites
Here is how I have mine setup.  Note that I have a ' . ' in the cookie domain ...

 

 ?define('HTTP_SERVER', 'http://www.My_Domain_Here.com'); // eg, http://localhost - should not be empty for productive servers
?define('HTTPS_SERVER', 'https://www.My_Domain_Here.com'); // eg, https://localhost - should not be empty for productive servers
?define('ENABLE_SSL', true); // secure webserver for checkout procedure?
?define('HTTP_COOKIE_DOMAIN', '.My_Domain_Here.com');
?define('HTTPS_COOKIE_DOMAIN', '.My_Domain_Here.com');
?define('HTTP_COOKIE_PATH', '/catalog/');
?define('HTTPS_COOKIE_PATH', '/catalog/');

 

But one thing I forgot to mention also. If I were you I would disable the ssl settings for a moment to make sure to see if it works ... if it does work then you know for sure its your setup in configure... if it doesnt work...  >>one step closer down troubleshooting list

 

 

Well it used to work just fine before I added the shared SSL, so i know the problems lies there. I will test the . version of the cookies.

 

BRB


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites
Well it used to work just fine before I added the shared SSL, so i know the problems lies there. I will test the . version of the cookies.

 

BRB

 

 

Tried again without SSL, works just fine with these settings:

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://www.painted4kids.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'http://www.painted4kids.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'http://painted4kids.com');
 define('HTTPS_COOKIE_DOMAIN', 'http://painted4kids.com');

 

Tried it with SSL with the https cookie domain empty, tried with the . for the http and the https, and with the dot for the https only ... at my wits end.


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites
try this:

 

 ?define('HTTP_COOKIE_DOMAIN', '.painted4kids.com');
define('HTTPS_COOKIE_DOMAIN', '.painted4kids.hostexcellence.com');

 

 

I WISH ... it all reacts the same, I get the page not found unless I reload thhe page, then all is magically well ... and it is totally independent of what I put in the cookie domains. UGH.


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites
I WISH ... it all reacts the same, I get the page not found unless I reload thhe page, then all is magically well ... and it is totally independent of what I put in the cookie domains. UGH.

 

 

OMG some Easter magic!!! I emptied my cache for the last time today, deleted all offline files too (done that 10 times before today, I swear ...) ... and OMG I was still logged in after coming back. It must be a fluke, right? I was giggling ...

 

Can someone please double check to see if it works for them too?

 

http://www.painted4kids.com/index_testarea.php


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites
OMG some Easter magic!!! I emptied my cache for the last time today, deleted all offline files too (done that 10 times before today, I swear ...) ... and OMG I was still logged in after coming back. It must be a fluke, right? I was giggling ...

 

Can someone please double check to see if it works for them too?

 

http://www.painted4kids.com/index_testarea.php

 

sigh. Tried it again 30 minutes later and it doesn't work any more ...


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites
it just worked for me .. I think you got it now

 

Well sounds great, at least it works for you. It doesn't work for me ...

 

So what i did now is I removed the links account, checkout and shopping cart for users not logged in, as those led into nirvana. Only logged in users will see those, so no more page not found. For those that get the remember me to work, this won't show ... I didn't have any other idea.

 

Could it be my PC??

 

Could someone else please create an account and check if it works for them to close the window after hitting remember me, reopen another one and still be logged in?

 

Monika


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites
Just tried it again, this time it did not remember me ... my ip address is the same so I know it cant be that (orginal contribution also uses ip to remember you)

...

 

hmm dont know what to tell you

 

maybe some else can help you with you configure.php ....

 

Was wondering if someone could test this for me, as it seems to work for me.... but only sometimes.

 

www.natelevy.com/bw/store/

 

This site store will soon be located at www.blackwidowsecurity.com --- but for now its still being 'tested'

 

As for my config, my cookie domain is set up as .natelevy.com

 

Thanks in advance.

 

Nate

Share this post


Link to post
Share on other sites
Was wondering if someone could test this for me, as it seems to work for me.... but only sometimes.

 

www.natelevy.com/bw/store/

 

This site store will soon be located at www.blackwidowsecurity.com --- but for now its still being 'tested'

 

As for my config, my cookie domain is set up as .natelevy.com

 

Thanks in advance.

 

Nate

 

 

lol my friend, I hate you :-) ... it works!

I'm so jealous ... of course, without SSL it worked for me to!!!

 

:-)

Monika


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites
lol my friend, I hate you :-) ... it works!

I'm so jealous ... of course, without SSL it worked for me to!!!

 

:-)

Monika

 

 

:blush: Thanks... but here is my issue.

 

These cookies should last up to two weeks, but for some reason mine expire at the end of each session. My testing shows that just closing my browser or even restarting my computer will log the account off?

 

Any ideas? >_<

Share this post


Link to post
Share on other sites
lol my friend, I hate you :-) ... it works!

I'm so jealous ... of course, without SSL it worked for me to!!!

 

:-)

Monika

 

 

Oh and by the way, you're still using oscommerce pics like the green arrow on the account page, so you need to leave the OSCommerce copyright in ...


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites
:blush: Thanks... but here is my issue.

 

These cookies should last up to two weeks, but for some reason mine expire at the end of each session.  My testing shows that just closing my browser or even restarting my computer will log the account off?

 

Any ideas?  >_<

 

Hiya again, well I didn't restart my computer but I closed the window and reopened and I was still logged on ...


:-)

Monika

 

addicted to writing code ... can't get enough of databases either, LOL!

 

my toolbox: Textpad - Compare and Merge - phpMyAdmin - WS_FTP - Photoshop - How to search the forum

 

Interactive Media Award July 2007 ~ category E-Commerce

my advice on the forum is for free, PMs where you send me work are considered consultation which I charge for ...

Share this post


Link to post
Share on other sites

the dot in configure.php helped

 

first I have used

 

define('HTTP_COOKIE_DOMAIN', 'shop.domain.com');

define('HTTPS_COOKIE_DOMAIN', 'shop.domain.com');

 

aftrer changing to

 

define('HTTP_COOKIE_DOMAIN', '.domain.com');

define('HTTPS_COOKIE_DOMAIN', '.domain.com');

 

it started to work :)

Share this post


Link to post
Share on other sites

Heres one i need help with:

 

this line of code:

 

if ( (ALLOW_AUTOLOGON == 'true') && ((isset($HTTP_COOKIE_VARS['cookie_test']) && (SESSION_FORCE_COOKIE_USE == 'True')) || (SESSION_FORCE_COOKIE_USE != 'True')) ) {

 

 

is causing this error:

 

 

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home2/techinfo/techinfoline-www/cre/includes/login_pwa.php on line 76

 

 

can anyone elaborate on the syntax problem in this line please, thanks :)


-------------------------------------------------

Best Regards,

 

ggbig (maestro)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×