Simple Machines Community Forum

Customizing SMF => Bridges and Integrations => Topic started by: Axodious on January 04, 2009, 03:54:47 PM

Title: SSI Login.
Post by: Axodious on January 04, 2009, 03:54:47 PM
I'm using the SMF login DB to maintain accounts on my index page. Here is the code I'm having issues with:


<?php
$url 
'http://' $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
if (
$context['user']['is_guest'] == 1) {
echo(
'                          <form action="'$scripturl .'?action=login2" method="post" accept-charset="UTF-8">
                                <div id="loginbox">
                                        <div id="loginbutton">
                                                <input type="submit" alt="Login" value="">
                                        </div>
                                        <img id="loginuser" src="' 
$settings['images_url'] . '/login-user.jpg" alt="User">
                                        <INPUT id="editboxuser" TYPE="text" NAME="user">
                                        <img id="loginpass" src="' 
$settings['images_url'] . '/login-pass.jpg" alt="Pass">
                                        <INPUT id="editboxpass" TYPE="password" NAME="passwrd">
                                        <input type="hidden" name="cookielength" value="-1">
                                </div>
                                </form>' 
"\n");
}
else {
echo(
'                          <div id="loginbox">
                                        <div id="logoutbutton">' 
"\n");
$_SESSION['logout_url'] = $url;
echo
'<a href="'$scripturl'?action=logout;sesc='$context['session_id'], '"><span>'$txt[108], '</span></a>';
echo(
'                                  </div>
                                        <div id="welcometext">' 
"\n");
echo 
$txt['hello_member'], ' <b>'$context['user']['name'], '</b>'allowedTo('pm_read') ? ', ' $txt[152] . ' <a href="' $scripturl '?action=pm">' $context['user']['messages'] . ' ' . ($context['user']['messages'] == '1' $txt[471] : $txt[153]) . '</a>' $txt['newmessages4'] . ' ' $context['user']['unread_messages'] . ' ' . ($context['user']['unread_messages'] == '1' $txt['newmessages0'] : $txt['newmessages1']) : '''.';
echo(
'                                  </div>
                                </div>' 
"\n");
}
?>



I haven't been able to quite nail down a reproduction of the bug, but what happens is a user will log in and (so far randomly) at some point when they go back to the index page $context['user']['is_guest'] returns 1 even though they are logged into the forum. I am using the EXACT same line in a theme on the forum and it never has the issue.
Title: Re: SSI Login.
Post by: SlowPaddle on January 13, 2009, 04:48:18 PM
SMF uses cookies to store login information on the client computer. Cookies can be stored globally (myserver.com) or locally (myserver.com/path/to/forum).

Check this option if you're experiencing problems with users getting logged out automatically. Globally stored cookies are less secure when used on a shared webserver (like Tripod).

Local cookies don't work outside the forum folder so, if your forum is stored at www.myserver.com/forum, pages like www.myserver.com/index.php cannot access the account information. Especially when using SSI.php, global cookies are recommended.

You can change this setting under Server Settings > Feature Configuration.

Hope this helps.
Title: Re: SSI Login.
Post by: Orstio on January 14, 2009, 07:13:00 AM
QuoteSMF uses cookies to store login information on the client computer. Cookies can be stored globally (myserver.com) or locally (myserver.com/path/to/forum).

Check this option if you're experiencing problems with users getting logged out automatically. Globally stored cookies are less secure when used on a shared webserver (like Tripod).

Local cookies don't work outside the forum folder so, if your forum is stored at www.myserver.com/forum, pages like www.myserver.com/index.php cannot access the account information. Especially when using SSI.php, global cookies are recommended.

You can change this setting under Server Settings > Feature Configuration.

Hope this helps.

Your information isn't quite rght.

SMF has two main settings to control the storage of cookies.

Local storage of cookies in SMF stores the cookies on the server, rather than on the user's computer.

Subdomain independent cookies will do what you are talking about when you refer to "global" cookies.