News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Login problems

Started by westonm, April 23, 2011, 08:34:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

westonm

April 23, 2011, 08:34:25 PM
The login process is just kicking my %$#%$ but I am determined to get it working - hoping someone can help me out. 
I have a main site that will have SMF intergrated and a single sign on where a user will sign on from any page in the main site, or forum, and that validated sign in will be recognized by the rest of the site, including SMF forum.  When a user signs in , I want them to be returned to the page they were on when they requested the signin. 
Here are snippets of code from the main site index.php and main site login.php.

Main Site index.php
<?php require_once('forum/SSI.php') ; ?>
.
.
.
loadUserSettings();
$sysUsername = $context['user']['name'];
.
.
.
html stuff
.
.
.
<?php if (isset($sysUsername) && ($sysUsername <> 'Guest')) { ?>
    html stuff
    <?php echo 'Welcome, ' .$sysUsername. '. You are logged in'; ?>
<?php } else { ?>
    <p ...><a href="login.php">...</p>
<?php :} ?>


login.php
<?php require_once('forum/SSI.php');
$_SESSION['login_url'] = $_SERVER['HTTP_REFERER']
$_SESSION['logout_url'] = $_SERVER['PHP_SELF'];
?>
.
.
.
<?php if ($context['user']['is_guest'])
   { ssi_login($_SESSION[login_url']); }
else
   { ssi_logout();;
} ?>

I could not get it to return to the page that called the login until I made the minor modification to SSI.php ( I know I shouldn't but I couldn't get it to work any other way)
I changed the form action as follows:

   <form action = " ', $scripturl, ' ...
To
   <form action = " ' , $redirect_to, ' ...

$ redirect_to is already created and set in ssi_login so I just changed where it is redirected to in the form action. 

So that part now works - a long winded way of getting to my current problem.

When I return to the correct page, it still thinks I am guest.  I was thinking maybe it wasn't writting the cookie anymore, I can't find it like I was before, so maybe that is the problem.  If I login through SMF forum, it recognizes me as the user I logged in as.  Still can't find a cookie but it must be somewhere because the rest of the site will recognize me as the loged in user. 
I have the following setting on cookies:

Enable local storage of cookies = No
Use subdomain independent cookies = Yes

I am on version 2.0.0rc3 - but did have this working in version 1 a few weeks ago. 

ascaland

#1
April 24, 2011, 12:20:31 AM
I dont know what the exact problem is but I thought I would just throw my 2 cents in about how your going about the login/logout.

So for your main login.php page, I think what you can do is change the two session variables to full paths rather than just using the ending of the URL (/index.php) and for the latter a variable that doesnt always have a value to perhaps giving it something to work with. So I thought I would show you my login.php script and maybe you can take a look at how I have done it,
Code Select
<?php

require('forum/SSI.php');
$_SESSION['login_url'] = empty($_SERVER['HTTP_REFERER']) ? $_SERVER['REQUEST_URL'] : $_SERVER['HTTP_REFERER'];
$_SESSION['logout_url'] = $_SERVER['REQUEST_URL'];

echo 'PHP SELF: ' $_SERVER['PHP_SELF'];
echo 'HTTP REFERER: ' $_SERVER['HTTP_REFERER'];

if ($context['user']['is_guest'])
 ssi_login();
else
 ssi_logout();

?>

For the login url session, if the $_SERVER['HTTP_REFERER'] was empty (which can happen) then it will instead use the current page as the login URL. In your previous code, if there was no HTTP referer then you would be setting the login URL to an empty string. Also, php.net states it isnt always safe to trust this - so I thought I would play it safe and instead use the request URL. And the logout URL, basically just back to the same page. This way, you dont need to edit SSI.php and makes it easier (hopefully?).

So yea, im done blabbering.  :-X

westonm

#2
April 24, 2011, 10:08:40 AM
Anthony-
Thanks for your help.  I understand what you did and it works to fix the original problem without modifying SSI.php, and I am more comfortable with that.
Now to what I don't understand - The other problem is also fixed.  I see the cookie now, and it know who I am after I log in. 
Obviously my minor change did something on down the line that I couldn't see.  There is a reason not to change SMF's code, but I really thought this one was insigficant enough that I could get away with it. 
I really, really appreciate your help, now maybe I can get on to bringin the site up.   You can blabber on anytime.   

ascaland

#3
April 24, 2011, 11:14:40 AM
Quote from: westonm on April 24, 2011, 10:08:40 AM
Obviously my minor change did something on down the line that I couldn't see.  There is a reason not to change SMF's code, but I really thought this one was insigficant enough that I could get away with it.

Could be because $redirect_to was empty and when you placed it in the form it would simply just direct the script to ?action=login2 rather than a full path to the forum's login. All $redirect_to does is give $_SESSION['login_url'] a value, so if it was empty and you were still using your old script with the possibly empty HTTP referer as a value, they would both be empty.

Glad I could help though. :)
Print
Go Up Pages1
User actions
Advertisement: