Simple Machines Community Forum

Customizing SMF => Modifications and Packages => Topic started by: Arantor on January 08, 2018, 10:47:23 AM

Title: 2.0.14 Login Form Fix
Post by: Arantor on January 08, 2018, 10:47:23 AM
Link to Mod (https://custom.simplemachines.org/mods/index.php?mod=4167)

As a fix to the login form issues that have come in since 2.0.14 where things didn't get added to login forms, here's a patch that fixes it.

Works on PHP 5.3+, and should fix all themes and mods that have login forms. Works with Pretty URLs too.

Licence is 3-clause BSD as per SMF 2.0.x licence.


Version history:

1.0.1 - 4 July 2018
Fixed lazy mod packaging that caused weird things to happen with some other mods. Probably should uninstall 1.0 and install 1.0.1.

1.0 - 19 December 2017
Initial release
Title: Re: 2.0.14 Login Form Fix
Post by: vbgamer45 on January 08, 2018, 11:20:44 AM
Nicely done! And shows what you can when playing with the output. Thanks for checking with prettyurls
Title: Re: 2.0.14 Login Form Fix
Post by: Arantor on January 08, 2018, 11:45:02 AM
I just wish it had occurred to me to do sooner :( playing with the output like this is not a new trick, SimpleDesk did something similar in its first release in standalone mode.

Pretty URLs was the one mod I wasn't sure it would play nice with, so explicitly had to check :) Did also check the quick login in SP, that seemed to work too.
Title: Re: 2.0.14 Login Form Fix
Post by: Snrj on January 30, 2018, 09:03:55 AM
hello arantor
instead of code after
do not the code need to be replace

I tested at php 7
site view as a visitor
there is a white page fault
problem
if (! $ context ['user'] ['is_guest'])
When I do, the problem is getting up
if (isset ($ context ['user'] ['is_guest']))

I said to report the problem
bad english sorry
Google Translate
Title: Re: 2.0.14 Login Form Fix
Post by: phantomm on February 09, 2018, 01:10:48 PM
just a question, after installation there should be twice ob_start('ob_sessrewrite'); ?
Title: Re: 2.0.14 Login Form Fix
Post by: Rock Lee on February 12, 2018, 04:18:19 PM
In version 2.0.15 this fix was not already introduced?


Regards!
Title: Re: 2.0.14 Login Form Fix
Post by: Kindred on February 12, 2018, 04:34:33 PM
no
Title: Re: 2.0.14 Login Form Fix
Post by: Rock Lee on February 12, 2018, 05:00:41 PM
no

So this goes to bookmarks in case you doubt then, thanks for clarifying my doubt.


Regards!
Title: Re: 2.0.14 Login Form Fix
Post by: drewactual on March 07, 2018, 09:32:50 PM
Q: if the login code has been already altered as advised in threads in the help section, will installing and running this mod cause issues if those hard coded alterations remain?

thanks!
Title: Re: 2.0.14 Login Form Fix
Post by: vbgamer45 on March 08, 2018, 12:48:04 AM
It shouldn't as it looks for it.
Title: Re: 2.0.14 Login Form Fix
Post by: Shambles on July 04, 2018, 11:57:49 AM
Just a note here:

The mod duplicates the call to ob_start('ob_sessrewrite') within Subs.php

Code: (Find) [Select]
ob_start('ob_sessrewrite');
Code: (Add After) [Select]
ob_start('ob_sessrewrite');
ob_start(function ($buffer) {
global $context;
if (!$context['user']['is_guest'])
return $buffer;
return preg_replace_callback('~(<form[^<]+action=login2(.+))</form>~iUs' . (!empty($context['utf8']) ? 'u' : ''), function($m) use ($context) {
$repl = '';
if (strpos($m[0], $context['session_var']) === false)
$repl .= '<input type="hidden" name="' . $context['session_var'] . '" value="' . $context['session_id'] . '"/>';

return $m[1] . $repl . '</form>';
}, $buffer);
});



This results in an extended copyright area for some members:

Code: (in Subs/php) [Select]
ob_start('ob_sessrewrite');ob_start('ob_sessrewrite');
ob_start(function ($buffer) {
global $context;
if (!$context['user']['is_guest'])
return $buffer;
return preg_replace_callback('~(<form[^<]+action=login2(.+))</form>~iUs' . (!empty($context['utf8']) ? 'u' : ''), function($m) use ($context) {
$repl = '';
if (strpos($m[0], $context['session_var']) === false)
$repl .= '<input type="hidden" name="' . $context['session_var'] . '" value="' . $context['session_id'] . '"/>';

return $m[1] . $repl . '</form>';
}, $buffer);
});

Title: Re: 2.0.14 Login Form Fix
Post by: Arantor on July 04, 2018, 12:09:55 PM
Bah, I’ll fix that tonight.

It only duplicates where things modify the session rewriter buffer, which most mods don’t really have a reason to do...
Title: Re: 2.0.14 Login Form Fix
Post by: Shambles on July 04, 2018, 12:41:01 PM
Top banana.
Title: Re: 2.0.14 Login Form Fix
Post by: Arantor on July 04, 2018, 01:45:10 PM
And fixed in 1.0.1. If you were using 1.0, you probably should uninstall 1.0 and install 1.0.1.
Title: Re: 2.0.14 Login Form Fix
Post by: Chalky on July 05, 2018, 04:52:06 PM
Sorry for being dumb but I missed this whole thing and some time spent searching the forums hasn't clarified it for me.  Do I need this fix?  I'm not aware that we've had any issues with session timeouts on login but now I'm worried that if members couldn't login they wouldn't have been able to tell me about it  :-\  I'm running 2.0.15 on a forum that's been incrementally updated since 2.0.2, and I'm currently using an old Crip theme.  Should I install the fix anyway just to be sure?
Title: Re: 2.0.14 Login Form Fix
Post by: vbgamer45 on July 05, 2018, 04:56:03 PM
Your theme looks updated. Some themes did not have the updated session check in the top login form in the left corner which could cause logins to fail
Title: Re: 2.0.14 Login Form Fix
Post by: GigaWatt on July 05, 2018, 04:57:31 PM
Simplest way to check, register a test account, see if you can login ;).

And if you're using a theme that was released before 2.0.14, you probably don't have the fix implemented. The only theme that can be patched for sure is Curve. It tries to find the adequate code in any other theme, but if it doesn't, it can't patch it. And you have to apply it on every theme you're using if you're using more than one theme. If one theme fails the test (the mod/fix can't find the code it's looking for), that theme basically doesn't have the fix implemented and you shouldn't be able to log in from that theme.
Title: Re: 2.0.14 Login Form Fix
Post by: Chalky on July 05, 2018, 05:04:08 PM
Your theme looks updated. Some themes did not have the updated session check in the top login form in the left corner which could cause logins to fail

Thank you!

Simplest way to check, register a test account, see if you can login ;).

And if you're using a theme that was released before 2.0.14, you probably don't have the fix implemented. The only theme that can be patched for sure is Curve. It tries to find the adequate code in any other theme, but if it doesn't, it can't patch it. And you have to apply it on every theme you're using if you're using more than one theme. If one theme fails the test (the mod/fix can't find the code it's looking for), that theme basically doesn't have the fix implemented and you shouldn't be able to log in from that theme.

Ok, so it's a persistent error rather than intermittent?  I can log in with my test account just fine, and certainly some of my members have been successfully logging in and out.  So I'm ok then?  Thank you!
Title: Re: 2.0.14 Login Form Fix
Post by: Arantor on July 05, 2018, 05:08:52 PM
Yup, you're OK.

A lot of themes stopped working correctly after 2.0.14 increased security, especially if they had a quick login area in the top of the theme. The portals have the same problem, too, and for the same reason - they have a login form that doesn't have the additional information in it.

If all the login boxes work for you, you're good and don't need this - and if you manually fix things, again you wouldn't need this, this just automates away having to fix a bunch of themes, or having to actually edit a theme itself in almost every case.
Title: Re: 2.0.14 Login Form Fix
Post by: Chalky on July 05, 2018, 05:10:54 PM
Brilliant, thank you so much for putting my mind at rest!  And for providing the solution in the event I'd needed it  :D
Title: Re: 2.0.14 Login Form Fix
Post by: Arantor on July 05, 2018, 05:22:20 PM
Glad to help :)