Changes in Joomla! 1.0.8

Praedator · February 17, 2006, 02:07:48 PM

Due to some security changes, the Orstio 3.20 will get probs with Joomla! 1.0.8, here a fix for this:

[- EDIT by Kindred -]
This fix will not work, since the Joomla Devs changed the design just before release from what Predator used

components/com_smf/smf.php starting at line 443 ( function integrate_login):

Code Select


$lifetime = time() + (60 * $cookielength);
setcookie( mosMainFrame::rememberCookieName_User(), mosMainFrame::rememberCookieValue_User( $username ), $lifetime, '/' );
setcookie( mosMainFrame::rememberCookieName_Pass(), mosMainFrame::rememberCookieValue_Pass( $passwd ), $lifetime, '/' );
		
//setcookie('usercookie[username]', $username, $lifetime, '/');
//setcookie('usercookie[password]', $passwd, $lifetime, '/');
//setcookie('sessioncookie', '', -3600, '/');
	
//Let's make sure this works in both Mambo and Joomla
$sessionCookieName 	= mosMainFrame::sessionCookieName();
//$sessionCookieName = md5('site' . $mosConfig_live_site);
setcookie($sessionCookieName, '', -3600, '/');

and function integrate_logout at the top of the function replace:

Code Select


setcookie('usercookie[username]', $username, time() - 3600, '/');
setcookie('usercookie[password]', '', time() - 3600, '/');
setcookie('sessioncookie' , '' , time() - 3600 , '/');

//Let's make sure this works in both Mambo and Joomla
$sessionCookieName = md5('site' . $mosConfig_live_site);
setcookie($sessionCookieName, '', time() - 3600, '/');

with

Code Select


setcookie( mosMainFrame::rememberCookieName_User(), '', time() - 3600, '/' );
setcookie( mosMainFrame::rememberCookieName_Pass(), '', time() - 3600, '/' );
	
$sessionCookieName 	= mosMainFrame::sessionCookieName();
setcookie($sessionCookieName, '', time() -3600, '/');

brother7 · February 17, 2006, 02:20:39 PM

Thank you for the heads up. I have a website makeover planned and am eagerly awaiting 3 new releases (Joomla 1.0.8, SMF 1.1 stable, new Orstio bridge)

Hopefully, I won't have to wait long. (fingers crossed)

HoTmetal · February 17, 2006, 09:43:37 PM

Quote from: brother7 on February 17, 2006, 02:20:39 PM
Thank you for the heads up. I have a website makeover planned and am eagerly awaiting 3 new releases (Joomla 1.0.8, SMF 1.1 stable, new Orstio bridge)

Hopefully, I won't have to wait long. (fingers crossed)

seems I'm not the only one waiting to update his/her site for the new SMF/Joomla... Keep loggin' in & hopeing

afonic · February 18, 2006, 01:25:06 PM

Thanks a lot for letting us know even before 1.0.8 is out, this is great!

Orstio · February 18, 2006, 01:32:06 PM

Thanks for this Predator.

Correct me if I am wrong, but it looks like this change will make the login and logout work with Joomla 1.0.8, but break the login and logout for previous versions of Joomla and Mambo?

Praedator · February 18, 2006, 02:48:22 PM

Yes you are right, due to some security fixes the change is only for Joomla! 1.0.8 and following Versions, but will not work with previous Version.

To make it availbale for all version you maybe have to set this i.e. in an if clause to check if function rememberCookieName_User() exist if than new way if not old way. Hope you understand what i mean

Orstio · February 18, 2006, 02:50:27 PM

Yes, I understand.

Thanks again for the code fix, and the quick reply.

Praedator · February 18, 2006, 02:54:56 PM

No prob, i use your bridge on my sites ( www.open-sef.org and www.joomladeveloping.org ) so it is also nessaccary for me

After my holiday we could talk about SEF for the Bridge, got an sef_ext.php for OpenSEF ready, but have some probs with the bridge.

Orstio · February 18, 2006, 02:58:37 PM

Cool. Just let me know what the problems are. I'm sure we'll be able to work something out. OpenSEF is a pretty popular SEF solution.

afonic · February 18, 2006, 05:06:10 PM

Quote from: PredatorJoomla on February 18, 2006, 02:48:22 PM
Yes you are right, due to some security fixes the change is only for Joomla! 1.0.8 and following Versions, but will not work with previous Version.

To make it availbale for all version you maybe have to set this i.e. in an if clause to check if function rememberCookieName_User() exist if than new way if not old way. Hope you understand what i mean

I guess this way would be better. The way the bridge is now (one stable version that needs SMF 1.1RC2 but works with any Mambo/Joomla version) is the best as it doesn't confuse users.

I guess, sometime in the future Joomla and Mambo version will have to seperate, but imho right now keeping everything under the same file is very nice!

chadness · February 18, 2006, 11:18:07 PM

Quote from: PredatorJoomla on February 18, 2006, 02:54:56 PM
After my holiday we could talk about SEF for the Bridge, got an sef_ext.php for OpenSEF ready, but have some probs with the bridge.

Good deal! I know a lot of people are looking forward to that. I know I'd use it on one site I use your core hack on.

neilhedley · February 26, 2006, 08:25:07 AM

Now that 1.0.8 is actually OUT...

Is the code change listed in the first post of this thread the ONLY thing we need to change to have Orstio 3.20 work correctly?

And do the changes in 1.0.8 make Joomla / SMF a la Orstio Bridge / Virtuemart any less likely to implode, or are we not that far yet? (Removing the bridge broke my entire login, so I'm reinstalling everything from scratch, I'm starting to think that maybe the order things get installed in might have an impact...)

Kindred · February 26, 2006, 08:26:25 AM

on the joomla boards, I read (from one of the other joomla developers) that the fix noted by Predator is not correct.... I have no further information at this point.

pcigre · February 26, 2006, 08:58:15 AM

Anyone to confirm or declane this?

zigzag · February 26, 2006, 09:17:21 AM

Hi,

I'm using the 3.19a bridge & SMF 1.06 - What changes (if any) will I need to make to upgrade to Joomla 1.08

Joomla Forums org thread:
http://forum.joomla.org/index.php/topic,38995.msg220467.html#msg220467

Kindred · February 26, 2006, 11:50:40 AM

yuo will have to make some... not exactly known at this time.

Takster · February 26, 2006, 08:05:57 PM

Quote from: Kindred on February 26, 2006, 08:26:25 AM
on the joomla boards, I read (from one of the other joomla developers) that the fix noted by Predator is not correct.... I have no further information at this point.

Indeed.

QuotePlease note that Marko's post is no longer correct, due to further consolidation work conducted on 1.0.8
We now only use one cookie for the `Remember Me` functionality, rather than the old system of using two cookies.

jeff41 · February 26, 2006, 11:03:06 PM

that fix did not work for me either...

jeff

Kindred · February 27, 2006, 07:33:50 AM

Jeff.... didn't you read? That "fix" will *NOT* work. After Predator wrote that, the joomla devs made further changes which made his hack useless...

we have not published a hack that will work, yet...

jeff41 · February 27, 2006, 10:19:06 AM

Quote from: Kindred on February 27, 2006, 07:33:50 AM
Jeff.... didn't you read? That "fix" will *NOT* work. After Predator wrote that, the joomla devs made further changes which made his hack useless...

we have not published a hack that will work, yet...

No i'm sorry, I didn't see it. Maybe you should take the "FIX" down so people won't try it, or at least put on the first post of this topic that it doesn't work.

Geez ease up...

News:

Changes in Joomla! 1.0.8

Orstio

Orstio

Orstio