 |
|
| View previous topic :: View next topic |
| Author |
Message |
ainars
Lance Corporal
Joined: 24 Jun 2002
Posts: 10
|
 Posted: Fri Mar 28, 2003 3:18 pm Post subject: |
 |
|
i changed cookie lifetime to 12 hours. i want to find some way how to force users to relogin (to get new cookie with shorter lifetime).
the problem is that by default cookie lifetime is 180 days or something like that.
for different reasons i delete 10-20 user accounts every day. most of users never logout and never delete cookies from cimputer. when they come back to my PHPNuke site after some 3 months they are being recognised as registered users even if their acounts are deleted.
thank you. |
|
| Back to top |
|
 |
|
|
|
jdawes
Sergeant
Joined: 03 Feb 2003
Posts: 23
|
| Posted: Wed Apr 02, 2003 9:04 pm Post subject: |
|
|
I haven't found a method by which to do this yet other than decreasing the cookie expiry time, and/or getting users to delete their cookies when they are finished.
Perhaps, is there a way we could get the cookie to delete once they leave or logout or maybe only work for the browser session that they are in?
I do not know a lot about cookies but are there other possible fixes which would assist multiple users on the same machine from using each others accounts? |
|
| Back to top |
|
|
chris
President
Joined: 06 Nov 2002
Posts: 1047
Location: Outer Space
|
| Posted: Fri Apr 04, 2003 4:29 am Post subject: |
|
|
ainars,
the way I understand the userinfo() function in modules/Your_Account/index.php, PHP-Nuke first gets the user record from the $prefix_users table for the name supplied by the user, then does the following check:
| Code: |
if(($uname == $cookie[1]) AND ($userinfo[pass] == $cookie[2]))
|
and welcomes the user only if it succeeds.
If you deleted that user, $userinfo[uname] would be empty (it is the user name found in the table), but $uname would be always filled, because it is the name the user tries to login with. So perhaps the trick would be to change $uname with $userinfo[uname] in the above check:
| Code: |
if(($userinfo[uname] == $cookie[1]) AND ($userinfo[pass] == $cookie[2])) {
|
It is line 143 of modules/Your_Account/index.php. Backup this file and do the change, being very careful about side effects in the other places where userinfo() is also called. You will need to test all affected cases.
Regards
Chris |
|
| Back to top |
|
|
jdawes
Sergeant
Joined: 03 Feb 2003
Posts: 23
|
| Posted: Sat Apr 05, 2003 9:02 pm Post subject: |
|
|
| Does this work? I'm not keen to hack the site I am running in case it breaks? If someone tests this and it works could they post here pls? |
|
| Back to top |
|
|
ainars
Lance Corporal
Joined: 24 Jun 2002
Posts: 10
|
| Posted: Sun Apr 06, 2003 11:14 am Post subject: |
|
|
jdawes and chris,
thank you for your answers.
if I delete an user, he/she can not access "my account" anymore. the problem is that deleted users (who have cookies in their computers) if they come back, they are listed in "online users" list. they can access some modules which are available for registered users only.
they see "you are an anonymous user", but at the same time they see "hello, deleted_username".
PHPNuke is great, but it's too difficult for people who just start to use Internet. some people don't understand what is "login" and "logout" of course they don't know what is cookie and they don't know about temporary internet files in their computers. i spent a lot of time to make PHPNuke more easy. i removed/changed a lot of things. my visitors are happy about it.
internet cafes are very popular in my country. i have a very busy website and some 30% of visitors come from cafes. Most of users never log out - they just close the browser window and that's all. next user on the same computer is autimatically logged in and he/she changes password, user info etc... every day i receive emails with questions "what's wrong with my account", "why did you change my password and my userinfo"... i am tired of it.
as i wrote, i changed cookie lifetime and some day (when all old cookies will be expired) this problem will be resolved. but i think that it's not normal that by default cookie expiration time is 180 days or something like that.
[ This Message was edited by: ainars on 2003-04-06 14:40 ] |
|
| Back to top |
|
|
Andee
Private
Joined: 03 Nov 2003
Posts: 2
|
| Posted: Mon Nov 03, 2003 2:07 pm Post subject: |
|
|
| Could somebody tell me where to change the cookie lifetime as I would like to reduce it to 72 hours |
|
| Back to top |
|
|
chris
President
Joined: 06 Nov 2002
Posts: 1047
Location: Outer Space
|
|
| Back to top |
|
|
Andee
Private
Joined: 03 Nov 2003
Posts: 2
|
| Posted: Mon Nov 03, 2003 11:41 pm Post subject: |
|
|
| Sorry I should have said, it is the users cookie I want to reduce the time of not the admin cookie. |
|
| Back to top |
|
|
chris
President
Joined: 06 Nov 2002
Posts: 1047
Location: Outer Space
|
| Posted: Tue Nov 04, 2003 2:56 am Post subject: |
|
|
Then, go to modules/Your_Account/index.php, find the line
| Code: |
setcookie("user","$info",time()+2592000);
|
and change the seconds number to your liking.
There are other calls to setcookie() in the code. If this does not do what you want, you might want to change them too:
| Code: |
./includes/sessions.php: setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
./includes/sessions.php: setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
./includes/sessions.php: setcookie($cookiename . '_data', serialize($sessiondata), $current_time + 31536000, $cookiepath, $cookiedomain, $cookiesecure);
./includes/sessions.php: setcookie($cookiename . '_sid', $session_id, 0, $cookiepath, $cookiedomain, $cookiesecure);
./includes/sessions.php: setcookie($cookiename . '_data', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
./includes/sessions.php: setcookie($cookiename . '_sid', '', $current_time - 31536000, $cookiepath, $cookiedomain, $cookiesecure);
./includes/usercp_register.php: setcookie("user","$info",time()+15552000);
./modules/Forums/viewtopic.php: setcookie($board_config['cookie_name'] . '_t', serialize($tracking_topics), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
./modules/Forums/posting.php: setcookie($board_config['cookie_name'] . '_t', serialize($tracking_topics), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
./modules/Forums/index.php: setcookie($board_config['cookie_name'] . '_f_all', time(), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
./modules/Forums/viewforum.php: setcookie($board_config['cookie_name'] . '_f', serialize($tracking_forums), 0, $board_config['cookie_path'], $board_config['cookie_domain'], $board_config['cookie_secure']);
./modules/News/article.php: setcookie("user","$info",time()+$cookieusrtime);
./modules/News/index.php: setcookie("ratecookie","$info",time()+3600);
./modules/Your_Account/index.php: setcookie("user");
./modules/Your_Account/index.php: setcookie("user","$info",time()+2592000);
./admin.php: setcookie("admin");
./auth.php: setcookie("admin","$admin",time()+2592000);
./mainfile.php: setcookie("lang",$newlang,time()+31536000);
./mainfile.php: setcookie("lang",$language,time()+31536000);
./mainfile.php: setcookie("lang",$language,time()+31536000);
./mainfile.php: setcookie("p_msg");
./mainfile.php: setcookie("p_msg",$mid,time()+600);
|
Of the above, you will probably want to check only those that have to do with the "user" cookie. |
|
| Back to top |
|
|
chris
President
Joined: 06 Nov 2002
Posts: 1047
Location: Outer Space
|
| Posted: Thu Nov 06, 2003 7:03 am Post subject: |
|
|
BTW, I reread it and I forgot to add:
If you want the user cookie to be destroyed as soon as the user closes his browser, you should make a temporary cookie by just ommitting the time altogether:
| Code: |
setcookie("user","$info");
|
From the PHP manual on setcookie:
| Quote: |
expire: The time the cookie expires....If not set, the cookie will expire at the end of the session (when the browser closes).
|
|
|
| Back to top |
|
|
chris
President
Joined: 06 Nov 2002
Posts: 1047
Location: Outer Space
|
| Posted: Thu Nov 06, 2003 7:05 am Post subject: |
|
|
| BTW, again, for the sake of completeness, this has been handled already in user Log off ! |
|
| Back to top |
|
|
Amoeba
Lance Corporal
Joined: 07 Nov 2003
Posts: 10
Location: Seattle, WA, DuHmerica
|
| Posted: Fri Nov 07, 2003 12:37 pm Post subject: |
|
|
If you want to reduce the cookie life of users as they login, you'll need edit ==>
| Code: | | function docookie() { } |
in modules/Your_Account/index.php. This will not affect the admin cookie life. Please note that there ARE variables passed to the docookie function so doing a search for "function docookie(" (without quotes) will do you just fine.
Once you find the function, the 2nd line inside the docookie function reads (in an unmodifed nuke 6.9 index file):
setcookie("user","$info",time()+2592000);
To reduce the cookielife, change time()+2592000. Please note that expire field of setcookie is based on seconds. There are 84600 seconds in a day so if you want the cookie to expire in 14 days, you would need to do "14*86400".
Example:
| Quote: | | setcookie("user","$info",time()+14*86400); |
is the same as
| Quote: | | setcookie("user","$info",time()+1209600); |
both cookies will expire in 14 days.
Juan
PS: Seems you have some coding issues with blocks/other modules if you delete users from the DB and they still see modules/blocks reserved for registered users. The reason.. If you delete them from the DB and the user still has a cookie and they see "welcome, deleted_users" then that particular script is echoing information from the cookie and not the DB information. So if your script, whatever script that may be, gives access based on cookie information without comparing cookie information to the DB, it is a poorly written script. Any and all scripts should compare the cookie to the DB prior to giving any access. |
|
| Back to top |
|
|
fuadsongoku
Private
Joined: 16 Mar 2007
Posts: 1
|
| Posted: Fri Mar 16, 2007 7:45 am Post subject: Set login to 2 hours/auto-delete cookie when browser close |
|
|
I am not sure whether I answered your question, but check this out.
-------------------------------------------------------------
Solution 1
This is to set time limitation when user login to their account. In example below, the user will be given 2 hours before needed to relogin again.
This is the original code from (phpnuke) C:\apache\htdocs\html\modules\Your_Account\index.php:
// search for the function docookie in the file mentioned above (index.php)
function docookie($setuid, $setusername, $setpass, $setstorynum, $setumode, $setuorder, $setthold, $setnoscore, $setublockon, $settheme, $setcommentmax) {
$info = base64_encode("$setuid:$setusername:$setpass:$setstorynum:$setumode:$setuorder:$setthold:$setnoscore:$setublockon:$settheme:$setcommentmax");
setcookie("user","$info",time()+2592000);
}
If u can see the line:
setcookie("user","$info",time()+2592000);
'2592000' --> Change this to 7200. It will become:
setcookie("user","$info",time()+7200);
*Note: 7200 is equivalent to 60 seconds x 60 minutes x 2 hours. User will need to relogin again after 2 hours. This is based on your server time/localhost time. Not client pc time.
----------------------------------------------------
Solution 2
Now this is how u want the cookie to be automatically deleted when the browser is closed and user will be forced to relogin again:
referring to the same line in solution 1:
setcookie("user","$info",time()+2592000);
change it to this:
setcookie("user","$info"); // U are removing the third parameter 'time()+2592000'
*Note: The cookie will be deleted once the browser is closed.
| Quote: | the problem is that by default cookie lifetime is 180 days or something like that.
for different reasons i delete 10-20 user accounts every day. most of users never logout and never delete cookies from cimputer. when they come back to my PHPNuke site after some 3 months they are being recognised as registered users even if their acounts are deleted. |
To answer this, u need to modify the delete user code. If u are to delete a user, u need to delete as well the session data attached to that user (only that specific user row) in nuke_session that contains the username of person u want to delete. |
|
| Back to top |
|
|
adenjhon
Private
Joined: 14 Oct 2009
Posts: 1
|
| Posted: Wed Oct 14, 2009 8:15 pm Post subject: |
|
|
| chris wrote: | | BTW, again, for the sake of completeness, this has been handled already in user Log off ! |
This is right. I am agreed with you...
A "cookie" is a small text file that is placed on a user's computer hard drive by a website.These cookies have a short lifetime and expire within a few minutes of the user leaving the site. Your comptia certification online exam is the example of this. Take exin certification workshop and you will learn more abot every thing through experiance. Workshops are very necessary for personal and professional learning. |
|
| Back to top |
|
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
Forums Index
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
