Login via email and password Login via email and password
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Login via email and password

Started by gavu, April 07, 2008, 01:02:45 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

gavu

April 07, 2008, 01:02:45 PM
hi, i've been trying to find out how to tell cpg to authenticate users via e-mail and password

i have found something in /bridge/udb_base.php on lines 55 -> 63 and 770 -> 786
whaterver i do, it seems not to use the user_password table

is there a way plugin/mod/edit to do this?
it's not a bug, it's a feature

Hot Rides

#1
April 15, 2008, 08:35:21 PM
I would like to know this as well

gavu

#2
April 15, 2008, 09:02:31 PM
this is what worked for me, hope it helpes you too
edit /bridge/coppermin.inc.php

Code Select

// Login function
        function login( $email = null, $password = null, $remember = false ) {
                global $CONFIG;

                // Create the session_id from concat(cookievalue,client_id)
                $session_id = $this->session_id.$this->client_id;

                // Check if encrypted passwords are enabled
                if ($CONFIG['enable_encrypted_passwords']) {
                        $encpassword = md5($password);
                } else {
                        $encpassword = $password;
                }

                // Check for user in users table
                $sql =  "SELECT user_id, user_email, user_password FROM {$this->usertable} WHERE ";
                $sql .= "user_email = '$email' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                $results = cpg_db_query($sql);

                // If exists update lastvisit value, session, and login
                if (mysql_num_rows($results)) {

                        // Update lastvisit value
                        $sql =  "UPDATE {$this->usertable} SET user_lastvisit = NOW() ";
                        $sql .= "WHERE user_email = '$email' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                        cpg_db_query($sql, $this->link_id);
       
                        $USER_DATA = mysql_fetch_assoc($results);
                        mysql_free_result($results);
       
                        // If this is a 'remember me' login set the remember field to true
                        if ($remember) {
                                $remember_sql = ",remember = '1' ";
                        } else {
                                $remember_sql = '';
                        }
       
                        // Update guest session with user's information
                        $sql  = "update {$this->sessionstable} set ";
                        $sql .= "user_id={$USER_DATA['user_id']} ";
                        $sql .= $remember_sql;
                        $sql .= "where session_id=md5('$session_id');";
                        cpg_db_query($sql, $this->link_id);

                        return $USER_DATA;
                } else {

                        return false;
                }
        }


(thanks to foulu, he helped me)
it's not a bug, it's a feature

Hot Rides

#3
April 16, 2008, 01:50:08 AM
does that need to replace the login function thats already there?

Joachim Müller

#4
April 16, 2008, 07:48:25 AM
Sure - you can't have two definitions for one function. Try for yourself if you don't believe that. You'll need to replace the existing function definition with the new one.

Nibbler

#5
April 16, 2008, 10:32:48 AM
This mod is based on the vulnerable pre 1.4.18 code. Should be as follows to be secure:

Code Select

// Login function
        function login( $email = null, $password = null, $remember = false ) {
                global $CONFIG;

                // Create the session_id from concat(cookievalue,client_id)
                $session_id = $this->session_id.$this->client_id;

                // Check if encrypted passwords are enabled
                if ($CONFIG['enable_encrypted_passwords']) {
                        $encpassword = md5($password);
                } else {
                        $encpassword = $password;
                }

                // Check for user in users table
                $sql =  "SELECT user_id, user_email, user_password FROM {$this->usertable} WHERE ";
                $sql .= "user_email = '$email' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                $results = cpg_db_query($sql);

                // If exists update lastvisit value, session, and login
                if (mysql_num_rows($results)) {

                        // Update lastvisit value
                        $sql =  "UPDATE {$this->usertable} SET user_lastvisit = NOW() ";
                        $sql .= "WHERE user_email = '$email' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                        cpg_db_query($sql, $this->link_id);
       
                        $USER_DATA = mysql_fetch_assoc($results);
                        mysql_free_result($results);
       
                        // If this is a 'remember me' login set the remember field to true
                        if ($remember) {
                                $remember_sql = ",remember = '1' ";
                        } else {
                                $remember_sql = '';
                        }
       
                        // Update guest session with user's information
                        $sql  = "update {$this->sessionstable} set ";
                        $sql .= "user_id={$USER_DATA['user_id']} ";
                        $sql .= $remember_sql;
                        $sql .= "where session_id = '" . md5($session_id) . "'";
                        cpg_db_query($sql, $this->link_id);

                        return $USER_DATA;
                } else {

                        return false;
                }
        }
Print
Go Up Pages1
User actions