Correctly updating Last Visit Correctly updating Last Visit
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Correctly updating Last Visit

Started by radianation, December 30, 2005, 09:25:29 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

radianation

I'm working on a modification for properly updating the "Last Visit" information for a user in the database even if they have the Remember Me option ticked when they initially login. I had this modification working for 1.3.2 awhile back, but when I upgraded I didn't have a backup and overwrote my files.

The basic idea was that in the init.inc.php there was a call to a function that read the cookie information and then checked that information against the database. I modified this routine to include some code from the standard login procedure that essentially updated the database with the current date for the last visit. At the time there was also no IP information stored in the database and I manually added this as well since it was being collected for other purposes (i.e. comments, E-Cards, etc.)

So, my question now is, how can this be achieved with 1.4.2?

On lines 261 - 265 of init.inc.php I see the following function and authentication check:

// Parse cookie stored user profile
user_get_profile();

// Authenticate
$cpg_udb->authenticate();


I am honestly not sure what is happening with $cpg_ud->authenticate();
I see in the functions.php that $cpg_uid is being populated by the userid, but I don't see a function called authenticate in any of the files?


My next search lead me to login.php, and I noticed on lines 36 to 52 I see a routine that looks familiar to me.

if (isset($_POST['submitted'])) {
    if ( $USER_DATA = $cpg_udb->login( addslashes($_POST['username']), addslashes($_POST['password']), isset($_POST['remember_me']) ) ) {
        $referer=preg_replace("'&'","&",$referer);
        pageheader($lang_login_php['login'], "<META http-equiv=\"refresh\" content=\"3;url=$referer\">");
        msg_box($lang_login_php['login'], sprintf($lang_login_php['welcome'], $USER_DATA['user_name']), $lang_continue, $referer);
        pagefooter();
        exit;
    } else {
        log_write("Failed login attempt with Username: {$_POST['username']} from IP {$_SERVER['REMOTE_ADDR']} on " . localised_date(-1,$log_date_fmt),CPG_SECURITY_LOG);

        $login_failed = <<<EOT
                  <tr>
                          <td colspan="2" align="center" class="tableh2">
                        <font size="1" color="red"><b>{$lang_login_php['err_login']}<b></font>
                        </td>
                  </tr>
EOT;


It seems like in the first half of this routine would be a logical spot to include some code to populate the database with the last visit, but that looks like it would only work if the information was submitted, and it's my guess that if it's reading from the cookie there is no "submit" process occuring.

Any help is greatly appreciated. I'll keep looking it over in the meantime. Perhaps I can find a backup of my old file somewhere...  ???

Nibbler

The information is already in the sessions table, best idea would be to read it from there instead.

radianation

Can you show me where it's being written to the sessions table (which file?)

Nibbler

It's in the only file it could possibly be in - bridge/coppermine.inc.php

radianation

Isn't it theoretically possible that it could have been in any file? Thanks for your help.

mrdee

Just thought I would ask if you succeeded in getting this working, and whether you may be able to post the code for changing the latest version?  I recently moved to this software from 4images, and this is one feature I really miss (I have to look at raw server logs now, and don't really want to disable the "remember me" feature).  Thanks in advance if you can help...