custom website login logs you into coppermine too? custom website login logs you into coppermine too?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

custom website login logs you into coppermine too?

Started by superstilk, February 10, 2009, 08:56:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

superstilk

I'm new to this...I created a simple custom login page ( http://family.neocitie.com/login.php ) to my site which uses the coppermine users database.  when I login to my custom site, i would like to be logged into coppermine (family.neocitie.com/FOTOS) as well, but i dont know how to do that.  if anyone can supply some scripts or hints to get me right direction that would be great.  Thanks.

Joachim Müller

Use the coppermine cookie instead on your custom login page. Alternatively, send your visitors to Coppermine's login page in the first place. Using              <form action="http://family.neocitie.com/FOTOS/login.php" method="post" name="loginbox">

<!-- Start standard table -->
<table align="center" width="100%" cellspacing="1" cellpadding="0" class="maintable">
        <tr>
                <td class="tableh1" colspan="2">Enter your username and password to login</td>
        </tr>
                 
                 
                  <tr>
                        <td class="tableb" width="40%">Username</td>
                        <td class="tableb" width="60%"><input type="text" class="textinput" name="username" style="width: 100%" tabindex="1" /></td>
                  </tr>

                  <tr>
                          <td class="tableb">Password</td>
                        <td class="tableb"><input type="password" class="textinput" name="password" style="width: 100%" tabindex="2" /></td>
                  </tr>
                  <tr>
                    <td colspan="2" align="center" class="tableb">Remember me <input name="remember_me" type="checkbox" class="checkbox" value="1" tabindex="3" /></td>
                  </tr>
                  <tr>

                    <td align="center" class="tablef"><a href="forgot_passwd.php" class="topmenu">I forgot my password</a></td>
                    <td align="left" class="tablef"><input name="submitted" type="submit" class="button" value="Login" tabindex="4" /></td>
                  </tr>
</table>
<!-- End standard table -->

</form>
<script language="javascript" type="text/javascript">
<!--
document.loginbox.username.focus();
-->
</script>
on your custom page should do the trick.

But, first of all, you need to upgrade: you're using cpg1.4.12, while the most recent stable release currently is cpg1.4.20, so you're running 8 versions behind. Upgrading is mandatory in terms of security!

superstilk

I see what this trying to do.  However, I'm not trying to create custom login to coppermine only.  I have a login to my site, link posted above, that logs you into the rest of the site.  the user database is my coppermine photogallery user database,  however I would like my site login to, not only create a user session for my site, but also login that user into coppermine.  my login page script is


<?php 
include 'dbc.php';

$user_name mysql_real_escape_string($_POST['user_name']);

if (
$_POST['Submit']=='Login')
{
$user_password addslashes($_POST['user_password']);
$sql "SELECT user_id,user_name FROM cpg_users WHERE 
            user_name = '
$user_name' AND 
            user_password = '
$user_password'";
            

$result mysql_query($sql) or die (mysql_error()); 
$num mysql_num_rows($result);

        if ( 
$num != ) { 

        
// A matching row was found - the user is authenticated. 
       
session_start(); 
   list($user_id,$user_name) = mysql_fetch_row($result);
// this sets variables in the session 
$_SESSION['user_name']= $user_name

if (isset($_GET['ret']) && !empty($_GET['ret']))
{
header("Location: $_GET[ret]");
} else
{
header("Location: index.htm");
}
//echo "Logged in...";
exit();
    } 

header("Location: login.php?msg=Invalid Login");
//echo "Error:";
exit();
}

?>


<title>Our Family Website Login</title>

<p align="center">
<img border="0" src="images/CHROMElogoshadow.jpg" width="399" height="50"></p>
<link href="styles.css" rel="stylesheet" type="text/css">

<br>
<table width="280" border="1" align="center" cellpadding="3" cellspacing="0">
  <tr>
    <td bgcolor="#AAAA84" class="mnuheader" height="30" width="280" >
<div align="center"><font face="Arial" style="font-size: 17pt">
<strong style="font-weight: 400">Our Family Website Login</strong></font></div></td>
  </tr>
  <tr>
    <td bgcolor="#C2C2A7" class="mnubody" height="100" width="280">
<form name="form1" method="POST" action="" style="word-spacing: 0; line-height: 90%; margin-top: 0; margin-bottom: 0">
        <p align="center"><br>
<font face="Arial">Username:<sp></font>
          <input name="user_name" type="text" id="user_name" size="26"><font face="Arial"><br>
<br>
Password:
          </font>
          <input name="user_password" type="password" id="user_password" size="26">
        </p>
        <p align="center" ><input type="submit" name="Submit" style="height: 25px; width: 100px"value="Login"></p>
        <p align="left"><a href="forgot.php">Forgot your password?</a></p>
      </form></td>
  </tr>
</table><br>
<?php if (isset($_GET['msg'])) { echo "<div class



I will also upgrade my coppermine to the current version....thanks for the help

superstilk

forgot the rest of that login.php script

=\"msg\"> $_GET[msg] </div>"; } ?>

Joachim Müller

So what? If you insist to keep your custom login script, you'll have to come up with a custom bridge as well that connects your custom login system and the user management of coppermine. You coded the first system - you'll have to code the second system (a custom bridge) as well. There's little we could do to help you.

stevehello1234

Hey superstilk - did you get anywhere with this one ?

I have a similar requirement for my volleyball vlub - I 'm thinking along the lines of :

1) Insert users into Coppermine database directly (need to discover how the password enryption is done)
2) On my main site I'd need to replicate the Coppermine login process (cookie)

Ta

Steve

Joachim Müller

Quote from: stevehello1234 on March 06, 2009, 10:15:19 AM
1) Insert users into Coppermine database directly (need to discover how the password enryption is done)
Just MD5

Quote from: stevehello1234 on March 06, 2009, 10:15:19 AM
2) On my main site I'd need to replicate the Coppermine login process (cookie)
Why don't you make all your custom pages coppermine-driven instead? That's much easier. Keep your custom pages within coppermine's root folder.

stevehello1234

cheers Joachim

yeah its just that I have an existing database of users and passwords etc, roles etc....


Joachim Müller

Well, then the advice I posted above applies to you as well: come up with your custom bridge file. In my book it would be much easier though to import all the existing data into coppermine's user table and use coppermine's user management instead of onw you have created for yourself. Not sure why you're trying to re-invent the wheel, but you probably have your reasons. Sure enough you have considered this thoroughly, so you should be aware as well of the drawbacks that a custom-coded solution has: there are no standards as far as interfaces are concerned - you have to code all interfaces as well. See the custom bridge file that you need to come up with as such an interface that "translates" commands between your custom user management and coppermine. In fact, the bridging system is what we (as coppermine developers) can provide. Of course you can choose the other way as well and try to use the cookie set by coppermine and directly hook on coppermine's auth system, but you can't expect help with that: such help would in fact mean that we would have to code this for you, which is something beyond of what you can expect from free support.