CPG won't logout, persistant cookie? CPG won't logout, persistant cookie?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

CPG won't logout, persistant cookie?

Started by bryanbrazil, May 04, 2006, 09:31:53 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

bryanbrazil

I've searched the forum, but still can't figure this one out. I'm using Postnuke 0.762, pnCPG 3.3, and CPG 1.45. Everything was previously working fine. When I log into Postnuke, I'm also logged into CPG. However, now if I logout of Postnuke, I remain logged into CPG. The only thing that fixes it is to manually delete the browser cookies. This happens in IE and FireFox.

I'm wondering, is there a way to have the logout function delete the cookie, not just the session id? Or is there another solution? Thanks for any insight you can provide.

http://www.bryanbrazil.com

login: test
pass: test

CPG can be accessed through the Photos button in the upper right of the page.

casNuy

For now there is no real solution. If you close the browser it should be fine.

Cas

bryanbrazil

#2
Quote from: casNuy on May 04, 2006, 08:34:27 PM
For now there is no real solution. If you close the browser it should be fine.

Cas

There's no way to modify the logout function to delete the cookie, huh? Closing the browser doesn't work for me. If CPG is left logged in, it will remain logged in when the browser is re-opened, even if Postnuke isn't logged in. The only way to prevent access to CPG for a user not logged in to Postnuke is to manually logout of CPG. This isn't the best solution, though, because I'd like to remove the login/logout links from the CPG menu. Hope this all makes sense. :-) The perfect solution for me would be to have the cookie deleted when the logout function is called. I forgot to mention before that I'm using the mod to prevent access to CPG outside of pnCPG.

Great work on pnCPG, Cas, it is much appreciated!

Paver

I think what I did is similar to what you want.  I use the main PostNuke login to login into CPG and TNG using casNuy's pnCPG and pnTNG, and use the PostNuke logout to log out of both as well.  I believe what I did to do the logout was to modify the PostNuke logout function to add in the CPG and TNG logouts.  It's not pretty code-wise since I think it uses redirects and the manual hack of the PostNuke function, but it works nicely.  (I coded it months ago so that's why I say "I think".)

If you're interested, I could see if it's easy to post.

bryanbrazil

Yep, that sound exactly like what I want to do! If the code's easy to find, please post so I can try it out. If not, don't worry, I can live with things the way they are. Thanks for the help, guys.

Quote from: Paver on May 05, 2006, 05:33:06 AM
I think what I did is similar to what you want.  I use the main PostNuke login to login into CPG and TNG using casNuy's pnCPG and pnTNG, and use the PostNuke logout to log out of both as well.  I believe what I did to do the logout was to modify the PostNuke logout function to add in the CPG and TNG logouts.  It's not pretty code-wise since I think it uses redirects and the manual hack of the PostNuke function, but it works nicely.  (I coded it months ago so that's why I say "I think".)

If you're interested, I could see if it's easy to post.

Paver

Actually this is easier than I thought.  The more major thing I coded was to hack the PostNuke "add user" function so it would add the user to the CPG and TNG user tables as well.

As I said, it's not pretty because it uses redirects, but here it is.  The overview is that your Logout link in Coppermine points to the PostNuke logout, which logs you out of PostNuke, then redirects you to the Coppermine logout which logs you out of Coppermine, then redirects you back to the main site, in my case the PostNuke login screen since I don't have any public pages.  The order of logging out may seem loopy, but I think I had problems if I did it the more straight-forward way.

In PostNuke's modules/User/user.php, modify the function as shown:
function user_user_logout($var)
{
    pnUserLogOut();

    // redirect_index(_YOUARELOGGEDOUT);
    $referer = "http://your.domain.com/cpg/logout.php";
    // pageheader('Logging out', "<META http-equiv=\"refresh\" content=\"3;url=$referer\">");
    redirect_index('Logging out',$referer);
}

where you modify $referer to point to your Coppermine's logout.php.

Then in Coppermine's logout.php, modify as shown (near the beginning):
// MOD begin
if (USER_ID && defined('UDB_INTEGRATION')) $cpg_udb->logout_page();
$referer = "http://your.domain.com/";
header("Location: $referer");
exit(0);
// MOD end


Then in your Coppermine theme, you need to modify the Logout link so it uses the PostNuke logout:
    addbutton($sys_menu_buttons,'{LOGOUT_LNK}','{LOGOUT_TITLE}','../user.php?module=NS-User&op=logout','logout','');

or using HTML if your theme doesn't use the addbutton() shortcut.

I also hacked the Coppermine login button and login function so that you're redirected to the PostNuke login. 

Of course like any hacks, you should clearly place comment lines around your hacks so that it's easy to find them when you upgrade.

I think that should do it, but I might have forgotten something.  If you try it, let me know if it works.

bryanbrazil

#6
OK, I made all of the modifications, and everything seemed to go well. When I logout of CPG, it also logs out of Postnuke. However, once I've logged out of CPG or Postnuke, I get a blank page when trying to access CPG, with the following  path in the browser's address bar:

http://www.bryanbrazil.com/cm/index_pn.php?parm=|1|0|0|0||http://www.bryanbrazil.com/pn/|english||y|default||n|1|||&check=0c9d5d1af9e1ce0fb5c7c0367c5eb21e

CPG won't load until a user is logged back into Postnuke. Before, I had a custom error message that displayed and redirected to the homepage. Any ideas? If not, I'll probably just go back to the way it was before. I only had issues when someone uses the logout button, most people probably won't have multiple users on the same computer and won't have issues.

Let me know what you think...

Thanks,
Bryan

Paver

I remember running into this at some point but I don't remember what caused it. 

Basically, your index_pn.php is quitting unexpectedly.  This script should parse those params in the URL and forward the browser to another URL.  In your case, you are not getting forwarded to that other URL.  I see the problem when I go to your site right now.  If I copy your URL and replace your domain with mine, the same URL (and its parameters) works on my site fine and the browser is redirected to the appropriate new URL.  I just checked my index_pn.php and I am fairly certain I didn't modify it from the original file.  I think I am using pnCPG 3.1 though.  I don't know if there's a difference in the new version relevant to this problem.

I guess since Coppermine was not logged out before, the problem (whatever it is) was not present.  I would try to track down the place where index_pn.php quits by putting in "print" statements here and there in the code to see what's happening.

bryanbrazil

#8
OK, I figured it out, thanks to your suggestion to use the Print command.

I changed:

if ($f_username==""){
if ($guestorg =='n'){
header ("Location : $home") ;
exit;
}
}


to:

if ($f_username==""){
if ($guestorg =='y'){
header ("Location : $home") ;
exit;
}
}


I don't know why changing the value of guestorg worked, I was just guesing when I made the change!

Thanks everyone, I think I have it working just like I want it.

Paver

I don't allow guest access to my Coppermine gallery so maybe that's it.

In any case, I'm glad to hear you got it working.