• Welcome to Simple Machines Community Forum. Please login or sign up.

2.0.14 Login Form Fix

Started by Arantor, January 08, 2018, 10:47:23 AM

Previous topic - Next topic

Arantor

Link to Mod

As a fix to the login form issues that have come in since 2.0.14 where things didn't get added to login forms, here's a patch that fixes it.

Works on PHP 5.3+, and should fix all themes and mods that have login forms. Works with Pretty URLs too.

Licence is 3-clause BSD as per SMF 2.0.x licence.


Version history:

1.0.1 - 4 July 2018
Fixed lazy mod packaging that caused weird things to happen with some other mods. Probably should uninstall 1.0 and install 1.0.1.

1.0 - 19 December 2017
Initial release
No good deed goes unpunished
All helpful urges should be circumvented

vbgamer45

Nicely done! And shows what you can when playing with the output. Thanks for checking with prettyurls
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Arantor

I just wish it had occurred to me to do sooner :( playing with the output like this is not a new trick, SimpleDesk did something similar in its first release in standalone mode.

Pretty URLs was the one mod I wasn't sure it would play nice with, so explicitly had to check :) Did also check the quick login in SP, that seemed to work too.
No good deed goes unpunished
All helpful urges should be circumvented

Snrj

hello arantor
instead of code after
do not the code need to be replace

I tested at php 7
site view as a visitor
there is a white page fault
problem
if (! $ context ['user'] ['is_guest'])
When I do, the problem is getting up
if (isset ($ context ['user'] ['is_guest']))

I said to report the problem
bad english sorry
Google Translate

Adrek

just a question, after installation there should be twice ob_start('ob_sessrewrite'); ?
Polskie wsparcie SMF na simplemachines.org

the simplest solution is most likely the right one

-Rock Lee-

In version 2.0.15 this fix was not already introduced?


Regards!
¡Regresando como cual Fenix! ~ Bomber Code © 2020
Ayudas - Aportes - Tutoriales - Y mucho mas!!!

Kindred

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

-Rock Lee-

Quote from: Kindred on February 12, 2018, 04:34:33 PM
no

So this goes to bookmarks in case you doubt then, thanks for clarifying my doubt.


Regards!
¡Regresando como cual Fenix! ~ Bomber Code © 2020
Ayudas - Aportes - Tutoriales - Y mucho mas!!!

drewactual

Q: if the login code has been already altered as advised in threads in the help section, will installing and running this mod cause issues if those hard coded alterations remain?

thanks!

vbgamer45

It shouldn't as it looks for it.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Shambles

Just a note here:

The mod duplicates the call to ob_start('ob_sessrewrite') within Subs.php

Code (Find) Select
ob_start('ob_sessrewrite');

Code (Add After) Select
ob_start('ob_sessrewrite');
ob_start(function ($buffer) {
global $context;
if (!$context['user']['is_guest'])
return $buffer;
return preg_replace_callback('~(<form[^<]+action=login2(.+))</form>~iUs' . (!empty($context['utf8']) ? 'u' : ''), function($m) use ($context) {
$repl = '';
if (strpos($m[0], $context['session_var']) === false)
$repl .= '<input type="hidden" name="' . $context['session_var'] . '" value="' . $context['session_id'] . '"/>';

return $m[1] . $repl . '</form>';
}, $buffer);
});




This results in an extended copyright area for some members:

Code (in Subs/php) Select
ob_start('ob_sessrewrite');ob_start('ob_sessrewrite');
ob_start(function ($buffer) {
global $context;
if (!$context['user']['is_guest'])
return $buffer;
return preg_replace_callback('~(<form[^<]+action=login2(.+))</form>~iUs' . (!empty($context['utf8']) ? 'u' : ''), function($m) use ($context) {
$repl = '';
if (strpos($m[0], $context['session_var']) === false)
$repl .= '<input type="hidden" name="' . $context['session_var'] . '" value="' . $context['session_id'] . '"/>';

return $m[1] . $repl . '</form>';
}, $buffer);
});


Arantor

Bah, I'll fix that tonight.

It only duplicates where things modify the session rewriter buffer, which most mods don't really have a reason to do...
No good deed goes unpunished
All helpful urges should be circumvented

Shambles


Arantor

And fixed in 1.0.1. If you were using 1.0, you probably should uninstall 1.0 and install 1.0.1.
No good deed goes unpunished
All helpful urges should be circumvented

Chalky

Sorry for being dumb but I missed this whole thing and some time spent searching the forums hasn't clarified it for me.  Do I need this fix?  I'm not aware that we've had any issues with session timeouts on login but now I'm worried that if members couldn't login they wouldn't have been able to tell me about it  :-\  I'm running 2.0.15 on a forum that's been incrementally updated since 2.0.2, and I'm currently using an old Crip theme.  Should I install the fix anyway just to be sure?

vbgamer45

Your theme looks updated. Some themes did not have the updated session check in the top login form in the left corner which could cause logins to fail
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

GigaWatt

Simplest way to check, register a test account, see if you can login ;).

And if you're using a theme that was released before 2.0.14, you probably don't have the fix implemented. The only theme that can be patched for sure is Curve. It tries to find the adequate code in any other theme, but if it doesn't, it can't patch it. And you have to apply it on every theme you're using if you're using more than one theme. If one theme fails the test (the mod/fix can't find the code it's looking for), that theme basically doesn't have the fix implemented and you shouldn't be able to log in from that theme.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Chalky

Quote from: vbgamer45 on July 05, 2018, 04:56:03 PM
Your theme looks updated. Some themes did not have the updated session check in the top login form in the left corner which could cause logins to fail

Thank you!

Quote from: GigaWatt on July 05, 2018, 04:57:31 PM
Simplest way to check, register a test account, see if you can login ;).

And if you're using a theme that was released before 2.0.14, you probably don't have the fix implemented. The only theme that can be patched for sure is Curve. It tries to find the adequate code in any other theme, but if it doesn't, it can't patch it. And you have to apply it on every theme you're using if you're using more than one theme. If one theme fails the test (the mod/fix can't find the code it's looking for), that theme basically doesn't have the fix implemented and you shouldn't be able to log in from that theme.

Ok, so it's a persistent error rather than intermittent?  I can log in with my test account just fine, and certainly some of my members have been successfully logging in and out.  So I'm ok then?  Thank you!

Arantor

Yup, you're OK.

A lot of themes stopped working correctly after 2.0.14 increased security, especially if they had a quick login area in the top of the theme. The portals have the same problem, too, and for the same reason - they have a login form that doesn't have the additional information in it.

If all the login boxes work for you, you're good and don't need this - and if you manually fix things, again you wouldn't need this, this just automates away having to fix a bunch of themes, or having to actually edit a theme itself in almost every case.
No good deed goes unpunished
All helpful urges should be circumvented

Chalky

Brilliant, thank you so much for putting my mind at rest!  And for providing the solution in the event I'd needed it  :D

Advertisement: