phpwcms Support Forum

The phpwcms support forum will help to find answers to your questions. The small but strong community is here since more than 10 years.
https://forum.phpwcms.org/

Frontend loging in phpwcms

https://forum.phpwcms.org/viewtopic.php?t=3506

Page 2 of 4

I become a lazybones

Posted: Mon 11. Oct 2004, 17:09
by pyhavaim
Sorry for not being for you, but it seems that now you got started it. :wink:

Also notice this that sitemap still shows private siteinfo.
Also some meny items doesn't allow those rules witch shouldn't show for unauthorized persons.

for sitemap I added those lines of code.
again modify inc_front\front.func.inc.php
lookup codeline 2108 there should be function named by build_sitemap
replace oldf function with this

Basically I added 2 lines of code, whitch does'nt show private articles.

Code: Select all

if($_SESSION["frontend_user_in"] && $GLOBALS['content']['struct'][$key]["acat_regonly"]) 
			$GLOBALS['content']['struct'][$key]["acat_regonly"] = 0;

		if ($start == $GLOBALS['content']['struct'][$key]['acat_struct'] && 
			!$GLOBALS['content']['struct'][$key]['acat_hidden'] && $key &&
			$GLOBALS['content']['struct'][$key]["acat_regonly"]==0)

Code: Select all

function build_sitemap($start=0, $counter=0) {
	// create sitemap

	$s = '';
	$c = '';
	$counter++;
	

	if($GLOBALS['sitemap']['classcount']) {
		if($GLOBALS['sitemap']['catclass']) $c = ' class="'.$GLOBALS['sitemap']['catclass'].$counter.'"';
	} else {
		if($GLOBALS['sitemap']['catclass']) $c = ' class="'.$GLOBALS['sitemap']['catclass'].'"';
	}
	
	foreach($GLOBALS['content']['struct'] as $key => $value) {
		if($_SESSION["frontend_user_in"] && $GLOBALS['content']['struct'][$key]["acat_regonly"]) 
			$GLOBALS['content']['struct'][$key]["acat_regonly"] = 0;

		if ($start == $GLOBALS['content']['struct'][$key]['acat_struct'] && 
			!$GLOBALS['content']['struct'][$key]['acat_hidden'] && $key &&
			$GLOBALS['content']['struct'][$key]["acat_regonly"]==0)
		{
			$s .= '<li'.$GLOBALS['sitemap']['cat_style'].$c.'>';
						
			if(!$GLOBALS['content']['struct'][$key]["acat_redirect"]) {
				$s .= '<a href="index.php?';
				if($GLOBALS['content']['struct'][$key]['acat_alias']) {
					$s .= $GLOBALS['content']['struct'][$key]['acat_alias'];
				} else {
					$s .= 'id='.$key.',0,0,1,0,0';
				}
			} else {
				$redirect = get_redirect_link($GLOBALS['content']['struct'][$key]["acat_redirect"], ' ', '');
				$s .= '<a href="'.$redirect['link'].'"'.$redirect['target'];
			}
			
			$s .= '">';
			$s .= html_specialchars($GLOBALS['content']['struct'][$key]['acat_name']);
			$s .= '</a>';
			if($GLOBALS['sitemap']["display"]) $s .= build_sitemap_articlelist($key, $counter);
			
			$s .= build_sitemap($key, $counter);
			
			$s .= "</li>\n";
		}
	}


	if($s) $s = "\n<ul".$c.">\n".$s.'</ul>';
	
	return $s;
}
I changed 2 lines of code in it and now it shouldn't show private area in sitemap.

Posted: Mon 11. Oct 2004, 17:20
by cyrano
Hi pyhavaim,

thank you for your reply and the advanced code.

I played a little bit with structure levels and found, that also my menü (NAV_TABLE_COLUMN) will be dis-sorted at the moment.

So I think it works, I had to think about how to organise my structure now.

Is it easy to anhance the login that users setup in backend will only be able to login with their name and pw, but cannot login into the backend?

Perhaps with adding a string or a special labeling of the names?

Good work anyway, happy now for getting deeper in customizing sites.

Posted: Tue 12. Oct 2004, 16:01
by pyhavaim
Hi

Yes NAV_TABLE_COLUMN also does'nt work as it should. Basically what you have to add is this kind of code.

Here is the trick what you have to look for
usually in those cases there is code like this:

Code: Select all

foreach($struct as $key => $value) {
		if($struct[$key]["acat_struct"] == $act_cat_id && $key && !$struct[$key]["acat_hidden"]) $c++;
	}
It basically checks isn't this article category hidden, so we have to add also user logged in cheking.
Now you add line in for clause

Code: Select all

	if($_SESSION["frontend_user_in"] && $struct[$key]["acat_regonly"]) 
			$struct[$key]["acat_regonly"] = 0;
this peace of code cheks is user logged in and if this article category checked as registred users only.
So if user is logged in and article is restricted area, you just tell that this article category is not restricted for this user.

Now you modify this part of code

Code: Select all

if($struct[$key]["acat_struct"] == $act_cat_id && $key && !$struct[$key]["acat_hidden"]) $c++;
now as you can see in this line of code, there is only check that prevents showing hidden articles, now you add also private article check.

Code: Select all

		if($struct[$key]["acat_struct"] == $act_cat_id && $key != $act_cat_id && !$struct[$key]["acat_hidden"]&&[b]$struct[$key]["acat_regonly"]==0[/b]) {
//and so on...
Is it easy to anhance the login that users setup in backend will only be able to login with their name and pw, but cannot login into the backend?
It is simple if you only add one user , it is more complicated if you want to add user managment system, I did'nt need it so I did'nt do it.
Basically what you have do to is add new user, but set user not active.
Then modify authorize.php and remove AND usr_aktiv=1
voila :wink:

Posted: Wed 27. Oct 2004, 14:51
by ssyfrig
Hi

Witch one is the last Code for this hack? There is a lot of code example
in this thread. I hope this is not a stupid question

Thanks, Sven

Put the code in a downloadable zip file

Posted: Fri 29. Oct 2004, 09:57
by rsantifort
Indeed al lot of code is spammed through the forum. Can someone put in a reasonable zip file with the latest code in it. Maybe starting a version number helps all the users in this forum to determine what to use and download.

Thankz & Greetz!

Posted: Fri 29. Oct 2004, 21:05
by kerthi
YES! That would be great!

thx kerthi

Posted: Thu 4. Nov 2004, 10:15
by vello
Hi,
When I log in, session is still open until I close browser.
I think we need option to log out, or defined session duration

Posted: Thu 4. Nov 2004, 10:53
by cyrano
as we could know the frontend login comes with the next release, so i can wait, but when we could know it isn't, than i'll also be looking to get a solution there.

is it or is it not (close to shakespeare) ;-)

Posted: Thu 4. Nov 2004, 11:04
by vello
we need Holy Ghost :wink:
(with respect to pyhavaim)

Posted: Mon 8. Nov 2004, 07:43
by ssyfrig
Hi zusammen

Könnte jemand den Hack als ZIP file zur Verfüung stellen oder hier nochmal den letzten Stand des Hack posten.

Danke & Gruss Sven

Posted: Tue 7. Dec 2004, 16:18
by Paal
Hallo Man, not working... :(

1. modify index.php:
uncomment on line 34

Code: Select all

session_start();
2. make a new php file in phpwcm root directory and name it authorize.php and add following code in

Code: Select all

<?php
if(isset($_POST['form_aktion']) && $_POST['form_aktion'] == 'login') {

   $login_passed = 0;
   $wcs_user = slweg(trim($_POST['form_loginname']));
   $wcs_pass = slweg(trim($_POST['form_password']));
   
   $sql_query =   "SELECT * FROM ".DB_PREPEND."phpwcms_user WHERE usr_login='".
               aporeplace($wcs_user)."' AND (usr_pass=PASSWORD('".
               aporeplace($wcs_pass)."') OR usr_pass='".
               aporeplace(md5($wcs_pass))."') AND usr_aktiv=1;";

   if($result = mysql_query($sql_query)) {
      if($row = mysql_fetch_array($result)) {
         $_SESSION["wcs_user"]         = $wcs_user;
         $_SESSION["wcs_pass"]         = $wcs_pass;
         $_SESSION["wcs_user_name"]       = ($row["usr_name"]) ? $row["usr_name"] : $wcs_user;
         $_SESSION["wcs_user_id"]      = $row["usr_id"];
         $_SESSION["wcs_user_aktiv"]      = $row["usr_aktiv"];
         $_SESSION["wcs_user_rechte"]   = $row["usr_rechte"];
         $_SESSION["wcs_user_email"]      = $row["usr_email"];
         $_SESSION["wcs_user_avatar"]   = $row["usr_avatar"];
         $_SESSION["wcs_user_logtime"]   = time();
         $_SESSION["wcs_user_admin"]      = $row["usr_admin"];
         $_SESSION["wcs_user_thumb"]      = 1;
         if($row["usr_lang"]) {
            $_SESSION["wcs_user_lang"]   = $row["usr_lang"];
         }                  
         $_SESSION["structure"]   = unserialize($row["usr_var_structure"]);
         $_SESSION["klapp"]      = unserialize($row["usr_var_privatefile"]);
         $_SESSION["pklapp"]      = unserialize($row["usr_var_publicfile"]);
         
         $login_passed = 1;   
         $_SESSION["frontend_user_in"]=true;   //changed this one
      }
      mysql_free_result($result);
   }   
}
?>
3. Then I made a custom form and named it frm_Login.php BUT insert require_once ("include/inc_lib/general.inc.php"); code (reference):

Code: Select all

<?php
	require_once ("include/inc_lib/general.inc.php");
?>

<table border="0" cellpadding="0" cellspacing="0">
      <form name="login_formular" method="post" action="<?php echo $_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING'] ?>" autocomplete="off">
        <tr><td width="389" class="title"><?php echo $GLOBALS["template_default"]["login_text"]; ?></td></tr>
      <?php
      if($err) {
         echo '<tr><td><img src="img/leer.gif" width="1" height="10"></td></tr>';
         echo '<tr><td class="error"><strong>'.$GLOBALS["template_default"]["login_error"].'</strong></td></tr>';
      }
     ?>
        <tr><td><img src="img/leer.gif" width="1" height="12"></td></tr>
        <tr><td class="v10"><?php echo $GLOBALS["template_default"]["login_username"] ?>:</td></tr>
        <tr><td><input name="form_loginname" type="text" id="form_loginname" class="f11b" style="width:250px;" size="30" maxlength="30" value="<?php echo html_specialchars($wcs_user); ?>"></td></tr>
        <tr><td><img src="img/leer.gif" width="1" height="3"></td></tr>
        <tr><td class="v10"><?php echo $GLOBALS["template_default"]["login_userpass"] ?>:</td></tr>
        <tr><td><input name="form_password" type="password" id="form_password" class="f11b" style="width:250px;" size="30" maxlength="20"></td></tr>
        <tr><td><img src="img/leer.gif" width="1" height="3"></td></tr>
        <tr><td><img src="img/leer.gif" width="1" height="18"></td></tr>
        <tr><td><input name="Submit" type="submit" class="button10" value="<?php echo $GLOBALS["template_default"]["login_button"] ?>"><input name="form_aktion" type="hidden" id="form_aktion" value="login"></td></tr>
      </form>
    </table>
4. also I added some lines into include\inc_conf\conf.template_default.inc.php

Code: Select all

// login form template
$template_default["login_text"]            = "Please Log in";
$template_default["login_error"]         ="Wrong password";
$template_default["login_username"]         ="Username";
$template_default["login_userpass"]         ="Password";
$template_default["login_button"]         ="Login";
5. I had to change include\inc_front\content_func.inc.php
Find out code like

Code: Select all

$content["all"] = str_replace('{CONTENT}', $content["main"], $content["all"]);
and add there code which is cheking from site structure frontend menu status: is this visible for users logged on only.

Code: Select all

$cat=$content["cat_id"];
if($content["struct"][$cat]["acat_regonly"]==1)
{
//echo "Private area!!!";
   include_once("authorize.php");
   if(!$_SESSION["frontend_user_in"]) {
      
      //show log in form, instead of page content";
      $content["main"]="{PHP:frm_Login.php}";
   }
}
$content["all"] = str_replace('{CONTENT}', $content["main"], $content["all"]);
6. I had to create new site structura level: "hidden" with chechked frontend menu status: "hide" and "visible for users logged on only" and status: checked "visible" and "public". (reference...)

7. and added "ext. content" with file/URL: http://localhost/fl/frm_Login.php, visible.

8. and added plain text content part in "Partner login" page:
[ID 78] User login [/ID]

The ID 78 is the ext. content (frm_Login.php) id.

When I click the login link, comes the login page without words, only form tags, but in the source:

Code: Select all

<form name="login_formular" method="post" action="http://localhost/fl/fl/frm_Login.php?" autocomplete="off">
<form name="login_formular" method="post" action="http://localhost/fl/fl/frm_Login.php?" autocomplete="off">

Why two "fl" directory? The real path is: "http://localhost/fl/frm_Login.php"


Shortly..

O, and, where I can find this MOD (reference):
Image
Image

Tnx, Paul

blank admin page

Posted: Fri 10. Dec 2004, 23:18
by kelley
Hello everyone,

I am tring to the fronend login to work and followed Paal last post step by step. But when the site comes up its blank and so is the admin once I login.

I noticed that its in the conf.template_default.inc.php. When I comment it out the site works again and I can login.

I have placed the code at both the top and bottom of the page but no luck.

conf.template_default.inc.php code

Code: Select all

// login form template 
$template_default["login_text"]            = "Please Log in"; 
$template_default["login_error"]         ="Wrong password"; 
$template_default["login_username"]         ="Username"; 
$template_default["login_userpass"]         ="Password"; 
$template_default["login_button"]         ="Login";
Is there something I am missing to get this mod to work?

Thanks for the help

Posted: Mon 13. Dec 2004, 10:52
by pyhavaim
Hi sorry again, not beeing for you. But it has been very buzy time for me.

As mentioned before, you have to add a user, and if you don't want that he/she get access to admin part, you just have to make this user not active.

Also in site stucture, where you want to make private area, mark checkbox on frontend menu status: visible for users logged on only. Basically that's it.

Also I zipped all changed code in this filehack so be carefull in replacing those files.

PS. I don't know why this forum did'nt send me a message that threre are new posts in this topic, so basically that's why I did'nt reply for postings.

Posted: Mon 13. Dec 2004, 11:12
by vello
hi pyhavaim,
this download link we can't use
All times are UTC+02:00
Page 2 of 4

Powered by phpBB® Forum Software © phpBB Limited