News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Dual Login Cookies

Started by crackatown, May 01, 2011, 04:17:21 AM

Previous topic - Next topic

crackatown

I have two different forums running on my site, one for normal members and one for special members. In addition to that I have a completely different members section as well. Basically I am trying to create a login file that logs you into both the forums. The registration file will store the same info to each forums database respectively.

In particular I am having trouble figuring out how SMF names a cookie and how I could set an additional cookie that would log me into the other forum as well (without having to do it again)

The login file will not be part of the forum but in a separate place in my members section.

Any ideas?

Thanks.

EDIT: I Ended up only using one forum and setting membergroup permissions. For login I simply used ssi_login(); For Registration, due to a payment system, I wrote my own function that creates a new user by setting the values: member_name, date_registered, id_group, lngfile, real_name, passwd, email_address, hide_email, additional_groups, and receipt_number (for my purposes I added this field). The password salt is set on login and does not need to be set on registration.

EDIT: Later I added Security Questions/Answers to the fray.

EDIT: When I finish the final registration script I will mark the topic as solved.

crackatown

I suppose I should add that it is SMF 1.1.13

texasman1979

you would have to some how link the three different sites into one logon scheme and update them all together with that script. which is basically what you said. each individual site would also have to update each other. what you are wanting to do is no simple task. it is doable, but its a toughy. :)
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


crackatown

What I am going to do it make a gobal profile page, global login page, and gobal registration page. All the links inside of both instances of SMF will point to these places. I am removing the "quick login" box to make sure that doesn't mess it up.

Does anyone know how SMF names a cookie? I am trying to backward translate it to no avail. It seems like it takes memberName, passwd, ID_member, and what looks like global and local (cookie?) urls and serializes them, but how this happens I am lost. If I can make the login script work, by setting constants for the urls and setting 3 different cookies (1 for me, 1 for main, 1 for premium) it should globally log them in. Then in their global profile section I will be able to update both of the instances of the databases to keep everything uniform.

So if anyone can just tell me how the cookie creation process works, I should be able to figure this out.

Thanks

crackatown

#4
I just realized I have been saying name..... FAIL

I meant: how does it generate the Content? It looks like it does some kind of special thing with memberName, passwd, and ID_member.

It looks like it sets 3 cookies:
SMFCOOKIE532
PHPSESSID - this one shows the home directory path
PHPSESSID - this one shows the forum location path

texasman1979

function loadSession() -- load.php

session_start();  -- load.php

and a number of other functions related to sessions.

SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


crackatown

Thanks I will look into that.

The cookie that generates the serial that stores the user info produces the exact same serial number from both forums with the exception of a small portion towards the end (which I am assuming is the path seeing as that is the only different thing).

Once I figure out how to generate the proper serial number to store as the content, I should be able to set two different cookies on login, one for each url. I just need to figure out what exactly generates it. The code I found for it is:

$cookie_state = (empty($modSettings['localCookies']) ? 0 : 1) | (empty($modSettings['globalCookies']) ? 0 : 2);
$data = serialize(empty($id) ? array(0, '', 0) : array($id, $password, time() + $cookie_length, $cookie_state));
$cookie_url = url_parts(!empty($modSettings['localCookies']), !empty($modSettings['globalCookies']));

// Set the cookie, $_COOKIE, and session variable.
setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], $cookie_url[0], 0);


Can someone help me make sense out of this? I have experience with php, but not enough to really just understand this. Thanks.

texasman1979

what happens is you set the name of the cookies to the same thing?

http://php.net/manual/en/function.setcookie.php
read that till your eyeballs hurt, because it will basically guide you through the understanding of the other parts.

i know global cookies applies to the domain and also its sub domains, and local cookies would be sub domain specific. id, password, and time is easy enough. "array(0, '', 0)" is setting a guest identifier/default value if in error. cookie length is set when you log in, 1 hour or forever etc. the last arg which you probably already know is the https or http boolean. $cookie_url[1] = relative path on the server and $cookie_url[0] = the domain or sub domain. kind of the same, but not. the default of smf is global unless set to local.
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


crackatown

Quotewhat happens is you set the name of the cookies to the same thing?

I tried this and it doesn't change anything. The cookie uses the path as part of it's serialize(); code making the content for each cookie different. I know how to set cookies, what I am trying to find is where those other variables are set so I can set them on my own in my own login script.

Also I thought about the global cookie idea, but seeing as each forum would require a different serial for authentication, I might as well just keep them local.

Right now I am trying to figure out how the $cookie_state variable is saved, or at least where.

This is how the cookies content is serialized:
$data = serialize(empty($id) ? array(0, '', 0) : array($id, $password, time() + $cookie_length, $cookie_state));

texasman1979

$cookie_state = (empty($modSettings['localCookies']) ? 0 : 1) | (empty($modSettings['globalCookies']) ? 0 : 2);

you pasted it in your code example.
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


crackatown

#10
I feel like such a noob asking this, but what does "? 0 : 1" and "? 0 : 2" mean?

EDIT: Okay, that's just the inline form of an if/then. You can disregard this reply. lol.

texasman1979

$cookie_state = (empty($modSettings['localCookies']) ? 0 : 1) | (empty($modSettings['globalCookies']) ? 0 : 2);

$cookie_state[0] = if local cookies is not enabled, false or true (sort of)
$cookie_state[1] = if global cookies is not enable, false or true (sort of)

these settings are defined in the settings table and settings.php, and the 0 or 1 or 2 have a meaningful value when retrieved by smfs session handler. instead of putting an actual path there, smf takes it and handles it itself. more control that way. smf doesnt leave anything for granted, it almost certainly creates its own values, and directs the flow accordingly. by this way, smf makes it very hard to hack.

you can have either both enabled, which isnt that good of an idea, or have either enabled, and that tells smf how to deal with the cookies. what that is doing literally is making a 2 part array, with each side having dummy entries, that smf then understands.

its a BS boolean array. :)
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


crackatown

So for something like this would global cookies be better? That would make them apply to all the folders in my directory right? With the same cookie name, would that then possibly log me into both forums with one cookie?


I had a crazy idea that might work: What if I used a combination of php, javascript, and html to use the smf login scripts. Basically start out with a form on a different page then load the exact process of logging in and insert the values into the inputs, auto-submit them, and let smf set all the cookies for me. Then take those values and do it a second time for the other forum. It might not be the most efficient way, but it could work.

Is there any way to actually do this, it's driving me crazy. lol.

texasman1979

1 main question:

does both your forums have the exact same users?
if so, try remaining the cookies the same, it should work.

something else you might want to try, you might on each forum, call the other forums "ssi.php". just include the opposite ssi.php and it might could possible automatically do what your trying to do without even realizing it.

i know what your trying to do can definitely be done, especially since both are smf forums, but the exact how, im not real sure. lol
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


crackatown

The cookies have the same name, but their paths are different so it doesn't work. Is there a way to make all cookies global? I looked in settings.php and couldn't find the option.

Also I need to have it log me in from a separate login page.

texasman1979

what is your setting under configuration - cookies and sessions?
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


crackatown

That option isn't there. Should it be? this is version 1.1.13

texasman1979

You need to upgrade to 2.0 before you go nuts lol
SMF 2.0.4
SimplePortal 2.3.5

LOGIC is a FOUR letter word! :)


crackatown

Is 1.1.13 a lot different?

Because I am literally about to throw my computer.

crackatown

I installed 2.0 RC5

What should i do next? :)

Advertisement: