Frontend loging in phpwcms

pyhavaim · Post by **pyhavaim** » Mon 11. Oct 2004, 17:09

Sorry for not being for you, but it seems that now you got started it.

Also notice this that sitemap still shows private siteinfo.
Also some meny items doesn't allow those rules witch shouldn't show for unauthorized persons.

for sitemap I added those lines of code.
again modify inc_front\front.func.inc.php
lookup codeline 2108 there should be function named by build_sitemap
replace oldf function with this

Basically I added 2 lines of code, whitch does'nt show private articles.

Code: Select all

if($_SESSION["frontend_user_in"] && $GLOBALS['content']['struct'][$key]["acat_regonly"]) 
			$GLOBALS['content']['struct'][$key]["acat_regonly"] = 0;

		if ($start == $GLOBALS['content']['struct'][$key]['acat_struct'] && 
			!$GLOBALS['content']['struct'][$key]['acat_hidden'] && $key &&
			$GLOBALS['content']['struct'][$key]["acat_regonly"]==0)

Code: Select all

function build_sitemap($start=0, $counter=0) {
	// create sitemap

	$s = '';
	$c = '';
	$counter++;
	

	if($GLOBALS['sitemap']['classcount']) {
		if($GLOBALS['sitemap']['catclass']) $c = ' class="'.$GLOBALS['sitemap']['catclass'].$counter.'"';
	} else {
		if($GLOBALS['sitemap']['catclass']) $c = ' class="'.$GLOBALS['sitemap']['catclass'].'"';
	}
	
	foreach($GLOBALS['content']['struct'] as $key => $value) {
		if($_SESSION["frontend_user_in"] && $GLOBALS['content']['struct'][$key]["acat_regonly"]) 
			$GLOBALS['content']['struct'][$key]["acat_regonly"] = 0;

		if ($start == $GLOBALS['content']['struct'][$key]['acat_struct'] && 
			!$GLOBALS['content']['struct'][$key]['acat_hidden'] && $key &&
			$GLOBALS['content']['struct'][$key]["acat_regonly"]==0)
		{
			$s .= '<li'.$GLOBALS['sitemap']['cat_style'].$c.'>';
						
			if(!$GLOBALS['content']['struct'][$key]["acat_redirect"]) {
				$s .= '<a href="index.php?';
				if($GLOBALS['content']['struct'][$key]['acat_alias']) {
					$s .= $GLOBALS['content']['struct'][$key]['acat_alias'];
				} else {
					$s .= 'id='.$key.',0,0,1,0,0';
				}
			} else {
				$redirect = get_redirect_link($GLOBALS['content']['struct'][$key]["acat_redirect"], ' ', '');
				$s .= '<a href="'.$redirect['link'].'"'.$redirect['target'];
			}
			
			$s .= '">';
			$s .= html_specialchars($GLOBALS['content']['struct'][$key]['acat_name']);
			$s .= '</a>';
			if($GLOBALS['sitemap']["display"]) $s .= build_sitemap_articlelist($key, $counter);
			
			$s .= build_sitemap($key, $counter);
			
			$s .= "</li>\n";
		}
	}


	if($s) $s = "\n<ul".$c.">\n".$s.'</ul>';
	
	return $s;
}

I changed 2 lines of code in it and now it shouldn't show private area in sitemap.

cyrano · Post by **cyrano** » Mon 11. Oct 2004, 17:20

Hi pyhavaim,

thank you for your reply and the advanced code.

I played a little bit with structure levels and found, that also my menü (NAV_TABLE_COLUMN) will be dis-sorted at the moment.

So I think it works, I had to think about how to organise my structure now.

Is it easy to anhance the login that users setup in backend will only be able to login with their name and pw, but cannot login into the backend?

Perhaps with adding a string or a special labeling of the names?

Good work anyway, happy now for getting deeper in customizing sites.

pyhavaim · Post by **pyhavaim** » Tue 12. Oct 2004, 16:01

Hi

Yes NAV_TABLE_COLUMN also does'nt work as it should. Basically what you have to add is this kind of code.

Here is the trick what you have to look for
usually in those cases there is code like this:

Code: Select all

foreach($struct as $key => $value) {
		if($struct[$key]["acat_struct"] == $act_cat_id && $key && !$struct[$key]["acat_hidden"]) $c++;
	}

It basically checks isn't this article category hidden, so we have to add also user logged in cheking.
Now you add line in for clause

Code: Select all

	if($_SESSION["frontend_user_in"] && $struct[$key]["acat_regonly"]) 
			$struct[$key]["acat_regonly"] = 0;

this peace of code cheks is user logged in and if this article category checked as registred users only.
So if user is logged in and article is restricted area, you just tell that this article category is not restricted for this user.

Now you modify this part of code

Code: Select all

if($struct[$key]["acat_struct"] == $act_cat_id && $key && !$struct[$key]["acat_hidden"]) $c++;

now as you can see in this line of code, there is only check that prevents showing hidden articles, now you add also private article check.

Code: Select all

		if($struct[$key]["acat_struct"] == $act_cat_id && $key != $act_cat_id && !$struct[$key]["acat_hidden"]&&[b]$struct[$key]["acat_regonly"]==0[/b]) {
//and so on...

Is it easy to anhance the login that users setup in backend will only be able to login with their name and pw, but cannot login into the backend?

It is simple if you only add one user , it is more complicated if you want to add user managment system, I did'nt need it so I did'nt do it.
Basically what you have do to is add new user, but set user not active.
Then modify authorize.php and remove AND usr_aktiv=1
voila

ssyfrig · Post by **ssyfrig** » Wed 27. Oct 2004, 14:51

Hi

Witch one is the last Code for this hack? There is a lot of code example
in this thread. I hope this is not a stupid question

Thanks, Sven

rsantifort · Post by **rsantifort** » Fri 29. Oct 2004, 09:57

Indeed al lot of code is spammed through the forum. Can someone put in a reasonable zip file with the latest code in it. Maybe starting a version number helps all the users in this forum to determine what to use and download.

Thankz & Greetz!

kerthi · Post by **kerthi** » Fri 29. Oct 2004, 21:05

YES! That would be great!

thx kerthi

vello · Post by **vello** » Thu 4. Nov 2004, 10:15

Hi,
When I log in, session is still open until I close browser.
I think we need option to log out, or defined session duration

cyrano · Post by **cyrano** » Thu 4. Nov 2004, 10:53

as we could know the frontend login comes with the next release, so i can wait, but when we could know it isn't, than i'll also be looking to get a solution there.

is it or is it not (close to shakespeare)

vello · Post by **vello** » Thu 4. Nov 2004, 11:04

we need Holy Ghost

(with respect to pyhavaim)

ssyfrig · Post by **ssyfrig** » Mon 8. Nov 2004, 07:43

Hi zusammen

Könnte jemand den Hack als ZIP file zur Verfüung stellen oder hier nochmal den letzten Stand des Hack posten.

Danke & Gruss Sven

Paal · Post by **Paal** » Tue 7. Dec 2004, 16:18

Hallo Man, not working...

1. modify index.php:
uncomment on line 34

Code: Select all

session_start();

2. make a new php file in phpwcm root directory and name it authorize.php and add following code in

Code: Select all

<?php
if(isset($_POST['form_aktion']) && $_POST['form_aktion'] == 'login') {

   $login_passed = 0;
   $wcs_user = slweg(trim($_POST['form_loginname']));
   $wcs_pass = slweg(trim($_POST['form_password']));
   
   $sql_query =   "SELECT * FROM ".DB_PREPEND."phpwcms_user WHERE usr_login='".
               aporeplace($wcs_user)."' AND (usr_pass=PASSWORD('".
               aporeplace($wcs_pass)."') OR usr_pass='".
               aporeplace(md5($wcs_pass))."') AND usr_aktiv=1;";

   if($result = mysql_query($sql_query)) {
      if($row = mysql_fetch_array($result)) {
         $_SESSION["wcs_user"]         = $wcs_user;
         $_SESSION["wcs_pass"]         = $wcs_pass;
         $_SESSION["wcs_user_name"]       = ($row["usr_name"]) ? $row["usr_name"] : $wcs_user;
         $_SESSION["wcs_user_id"]      = $row["usr_id"];
         $_SESSION["wcs_user_aktiv"]      = $row["usr_aktiv"];
         $_SESSION["wcs_user_rechte"]   = $row["usr_rechte"];
         $_SESSION["wcs_user_email"]      = $row["usr_email"];
         $_SESSION["wcs_user_avatar"]   = $row["usr_avatar"];
         $_SESSION["wcs_user_logtime"]   = time();
         $_SESSION["wcs_user_admin"]      = $row["usr_admin"];
         $_SESSION["wcs_user_thumb"]      = 1;
         if($row["usr_lang"]) {
            $_SESSION["wcs_user_lang"]   = $row["usr_lang"];
         }                  
         $_SESSION["structure"]   = unserialize($row["usr_var_structure"]);
         $_SESSION["klapp"]      = unserialize($row["usr_var_privatefile"]);
         $_SESSION["pklapp"]      = unserialize($row["usr_var_publicfile"]);
         
         $login_passed = 1;   
         $_SESSION["frontend_user_in"]=true;   //changed this one
      }
      mysql_free_result($result);
   }   
}
?>

3. Then I made a custom form and named it frm_Login.php BUT insert require_once ("include/inc_lib/general.inc.php"); code (reference):

Code: Select all

<?php
	require_once ("include/inc_lib/general.inc.php");
?>

<table border="0" cellpadding="0" cellspacing="0">
      <form name="login_formular" method="post" action="<?php echo $_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING'] ?>" autocomplete="off">
        <tr><td width="389" class="title"><?php echo $GLOBALS["template_default"]["login_text"]; ?></td></tr>
      <?php
      if($err) {
         echo '<tr><td><img src="img/leer.gif" width="1" height="10"></td></tr>';
         echo '<tr><td class="error"><strong>'.$GLOBALS["template_default"]["login_error"].'</strong></td></tr>';
      }
     ?>
        <tr><td><img src="img/leer.gif" width="1" height="12"></td></tr>
        <tr><td class="v10"><?php echo $GLOBALS["template_default"]["login_username"] ?>:</td></tr>
        <tr><td><input name="form_loginname" type="text" id="form_loginname" class="f11b" style="width:250px;" size="30" maxlength="30" value="<?php echo html_specialchars($wcs_user); ?>"></td></tr>
        <tr><td><img src="img/leer.gif" width="1" height="3"></td></tr>
        <tr><td class="v10"><?php echo $GLOBALS["template_default"]["login_userpass"] ?>:</td></tr>
        <tr><td><input name="form_password" type="password" id="form_password" class="f11b" style="width:250px;" size="30" maxlength="20"></td></tr>
        <tr><td><img src="img/leer.gif" width="1" height="3"></td></tr>
        <tr><td><img src="img/leer.gif" width="1" height="18"></td></tr>
        <tr><td><input name="Submit" type="submit" class="button10" value="<?php echo $GLOBALS["template_default"]["login_button"] ?>"><input name="form_aktion" type="hidden" id="form_aktion" value="login"></td></tr>
      </form>
    </table>

4. also I added some lines into include\inc_conf\conf.template_default.inc.php

Code: Select all

// login form template
$template_default["login_text"]            = "Please Log in";
$template_default["login_error"]         ="Wrong password";
$template_default["login_username"]         ="Username";
$template_default["login_userpass"]         ="Password";
$template_default["login_button"]         ="Login";

5. I had to change include\inc_front\content_func.inc.php
Find out code like

Code: Select all

$content["all"] = str_replace('{CONTENT}', $content["main"], $content["all"]);

and add there code which is cheking from site structure frontend menu status: is this visible for users logged on only.

Code: Select all

$cat=$content["cat_id"];
if($content["struct"][$cat]["acat_regonly"]==1)
{
//echo "Private area!!!";
   include_once("authorize.php");
   if(!$_SESSION["frontend_user_in"]) {
      
      //show log in form, instead of page content";
      $content["main"]="{PHP:frm_Login.php}";
   }
}
$content["all"] = str_replace('{CONTENT}', $content["main"], $content["all"]);

6. I had to create new site structura level: "hidden" with chechked frontend menu status: "hide" and "visible for users logged on only" and status: checked "visible" and "public". (reference...)

7. and added "ext. content" with file/URL: http://localhost/fl/frm_Login.php, visible.

8. and added plain text content part in "Partner login" page:
[ID 78] User login [/ID]

The ID 78 is the ext. content (frm_Login.php) id.

When I click the login link, comes the login page without words, only form tags, but in the source:

Code: Select all

<form name="login_formular" method="post" action="http://localhost/fl/fl/frm_Login.php?" autocomplete="off">

<form name="login_formular" method="post" action="http://localhost/fl/fl/frm_Login.php?" autocomplete="off">

Why two "fl" directory? The real path is: "http://localhost/fl/frm_Login.php"

Shortly..

O, and, where I can find this MOD (reference):

Tnx, Paul

kelley · Post by **kelley** » Fri 10. Dec 2004, 23:18

Hello everyone,

I am tring to the fronend login to work and followed Paal last post step by step. But when the site comes up its blank and so is the admin once I login.

I noticed that its in the conf.template_default.inc.php. When I comment it out the site works again and I can login.

I have placed the code at both the top and bottom of the page but no luck.

conf.template_default.inc.php code

Code: Select all

// login form template 
$template_default["login_text"]            = "Please Log in"; 
$template_default["login_error"]         ="Wrong password"; 
$template_default["login_username"]         ="Username"; 
$template_default["login_userpass"]         ="Password"; 
$template_default["login_button"]         ="Login";

Is there something I am missing to get this mod to work?

Thanks for the help

pyhavaim · Post by **pyhavaim** » Mon 13. Dec 2004, 10:52

Hi sorry again, not beeing for you. But it has been very buzy time for me.

As mentioned before, you have to add a user, and if you don't want that he/she get access to admin part, you just have to make this user not active.

Also in site stucture, where you want to make private area, mark checkbox on frontend menu status: visible for users logged on only. Basically that's it.

Also I zipped all changed code in this filehack so be carefull in replacing those files.

PS. I don't know why this forum did'nt send me a message that threre are new posts in this topic, so basically that's why I did'nt reply for postings.

vello · Post by **vello** » Mon 13. Dec 2004, 11:12

hi pyhavaim,
this download link we can't use

Frontend loging in phpwcms

I become a lazybones

Put the code in a downloadable zip file

blank admin page