Allow user for 31 days Allow user for 31 days
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Allow user for 31 days

Started by tortech, March 21, 2012, 11:21:51 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

tortech

How to allow user to show gallery only for 31 days since the day of first time visit.

Αndré

By default Coppermine just saves the registration date and the date of the last visit. Is it okay that we check against the registration date, or do you really need to check against the first visit?

tortech

For me is necessery to store in database the day of first visit (when user watch gallery).
From this day program must count each day and after 31 days user stays unregistered.
How to do it programatically?




Quote from: Αndré on March 21, 2012, 03:08:06 PM
By default Coppermine just saves the registration date and the date of the last visit. Is it okay that we check against the registration date, or do you really need to check against the first visit?

Αndré

Open bridge/coppermine.inc.php, find
                    // If exists update lastvisit value, session, and login
                    if (mysql_num_rows($results)) {

and below, add
                            switch($CONFIG['login_method']){
                                case 'both':
                                    $where = "(user_name = '$username' OR user_email = '$username') AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                                    break;
                                case 'email':
                                    $where = "user_email = '$username' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                                    break;
                                case 'username':
                                default:
                                    $where = "user_name = '$username' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                                    break;
                            }
                            list($lastvisit, $regdate) = mysql_fetch_row(cpg_db_query("SELECT {$this->field['lastvisit']}, {$this->field['regdate']} FROM {$this->usertable} WHERE ".$where));
                            if (!$lastvisit) {
                                cpg_db_query("UPDATE {$this->usertable} SET user_regdate = NOW() WHERE ".$where);
                            } else {
                                if ($regdate < time() - 60*60*24*31) {
                                    return false;
                                }
                            }


This code will update the registration date on first login and then will check against it on each login.

Αndré

To kick users that are already logged in open bridge/coppermine.inc.php, find
                // Clean up old sessions every 5 minutes at maximum
                if ($CONFIG['session_cleanup'] < time() - 300) {

and below, add
                    $sql = "DELETE FROM {$this->sessionstable} WHERE user_id IN (SELECT {$this->field['user_id']} FROM {$this->usertable} WHERE {$this->field['regdate']} < ".(time() - 60*60*24*31).")";
                    cpg_db_query($sql, $this->link_id);

tortech

Thank you for listing of code.
J try this changes on version CPG 15.12. For me is working good.
Notice:
This code dont change information in database.
Is neccessery to store oryginal file coppermine.inc.php because administrator is also unregistered.


Quote from: Αndré on March 21, 2012, 05:06:27 PM
To kick users that are already logged in open bridge/coppermine.inc.php, find
                // Clean up old sessions every 5 minutes at maximum
                if ($CONFIG['session_cleanup'] < time() - 300) {

and below, add
                    $sql = "DELETE FROM {$this->sessionstable} WHERE user_id IN (SELECT {$this->field['user_id']} FROM {$this->usertable} WHERE {$this->field['regdate']} < ".(time() - 60*60*24*31).")";
                    cpg_db_query($sql, $this->link_id);


Αndré

I don't understand what you're trying to say. But I agree, that the current modification will also lock out admin accounts. I'll update the code accordingly to fix that issue.

tortech

J think the easies way to unblock administrator account is to copy oryginal file coppermine.inc.php



Quote from: Αndré on March 23, 2012, 10:01:18 AM
I don't understand what you're trying to say. But I agree, that the current modification will also lock out admin accounts. I'll update the code accordingly to fix that issue.

tortech

Also program can insert actual daytime to administrator account.

Quote from: tortech on March 23, 2012, 10:57:49 AM
J think the easies way to unblock administrator account is to copy oryginal file coppermine.inc.php

Αndré

Quote from: tortech on March 23, 2012, 10:57:49 AM
J think the easies way to unblock administrator account is to copy oryginal file coppermine.inc.php
I don't think that this is the easiest way. Instead, undo the above changes and use this updated code.

Open bridge/coppermine.inc.php, find
                    // If exists update lastvisit value, session, and login
                    if (mysql_num_rows($results)) {

and below, add
                            switch($CONFIG['login_method']){
                                case 'both':
                                    $where = "(user_name = '$username' OR user_email = '$username') AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                                    break;
                                case 'email':
                                    $where = "user_email = '$username' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                                    break;
                                case 'username':
                                default:
                                    $where = "user_name = '$username' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                                    break;
                            }
                            list($lastvisit, $regdate, $group_id) = mysql_fetch_row(cpg_db_query("SELECT {$this->field['lastvisit']}, {$this->field['regdate']}, {$this->field['usertbl_group_id']} FROM {$this->usertable} WHERE ".$where));
                            if (!$lastvisit) {
                                cpg_db_query("UPDATE {$this->usertable} SET user_regdate = NOW() WHERE ".$where);
                            } else {
                                if (!in_array($group_id, $this->admingroups) && $regdate < time() - 60*60*24*31) {
                                    return false;
                                }
                            }


find
                // Clean up old sessions every 5 minutes at maximum
                if ($CONFIG['session_cleanup'] < time() - 300) {

and below, add
                    $sql = "DELETE FROM {$this->sessionstable} WHERE user_id IN (SELECT {$this->field['user_id']} FROM {$this->usertable} WHERE {$this->field['usertbl_group_id']} NOT IN (".implode(', ', $this->admingroups).") AND {$this->field['regdate']} < ".(time() - 60*60*24*31).")";
                    cpg_db_query($sql, $this->link_id);

tortech

Thank you for listing of code.
Now program CPG 15.12 is working good .
Administrator account is active.



Quote from: Αndré on March 23, 2012, 11:45:54 AM
I don't think that this is the easiest way. Instead, undo the above changes and use this updated code.

Open bridge/coppermine.inc.php, find
                    // If exists update lastvisit value, session, and login
                    if (mysql_num_rows($results)) {

and below, add
                            switch($CONFIG['login_method']){
                                case 'both':
                                    $where = "(user_name = '$username' OR user_email = '$username') AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                                    break;
                                case 'email':
                                    $where = "user_email = '$username' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                                    break;
                                case 'username':
                                default:
                                    $where = "user_name = '$username' AND BINARY user_password = '$encpassword' AND user_active = 'YES'";
                                    break;
                            }
                            list($lastvisit, $regdate, $group_id) = mysql_fetch_row(cpg_db_query("SELECT {$this->field['lastvisit']}, {$this->field['regdate']}, {$this->field['usertbl_group_id']} FROM {$this->usertable} WHERE ".$where));
                            if (!$lastvisit) {
                                cpg_db_query("UPDATE {$this->usertable} SET user_regdate = NOW() WHERE ".$where);
                            } else {
                                if (!in_array($group_id, $this->admingroups) && $regdate < time() - 60*60*24*31) {
                                    return false;
                                }
                            }


find
                // Clean up old sessions every 5 minutes at maximum
                if ($CONFIG['session_cleanup'] < time() - 300) {

and below, add
                    $sql = "DELETE FROM {$this->sessionstable} WHERE user_id IN (SELECT {$this->field['user_id']} FROM {$this->usertable} WHERE {$this->field['usertbl_group_id']} NOT IN (".implode(', ', $this->admingroups).") AND {$this->field['regdate']} < ".(time() - 60*60*24*31).")";
                    cpg_db_query($sql, $this->link_id);


JohannM

Hi Andre

I have a group name VIP ... how can I implement this code for 30 days (once the person baught VIP for 30 days, and I change his group to VIP) and then after 30 days this person group change back to registered ?

Will this be complecated ?

Thanx in Advance