boardom :: View topic - Logout cookie error causing login problem

boardom
b2 message board

FAQ

Memberlist

Usergroups

Profile

Logout cookie error causing login problem

boardom Forum Index -> Bugs

View previous topic :: View next topic

Author

Message

Cyberian75

Joined: 26 Sep 2002
Posts: 1283
Location: Oregon

Posted: Tue Dec 09, 2003 4:45 am Post subject: Logout cookie error causing login problem

The username and password cookies should be deleted from your system when you click on "logout" so that it doesn't generate "wrong username/password" error when you try to relogin with a different username/password. However, this isn't happening.

In b2login.php file under "logout" (action) section...

Locate:

Code:

setcookie("cafeloguser", $user_login, time()+30000000);
setcookie("cafelogpass", $user_pass, time()+30000000);

Replace it with:

Code:

setcookie("cafeloguser", "", time()-31536000);
setcookie("cafelogpass", "", time()-31536000);

_________________
Michael P.

Cyberian75

Joined: 26 Sep 2002
Posts: 1283
Location: Oregon

Posted: Mon Jan 26, 2004 1:57 am Post subject:

Also, add in your domain and b2 directory into every instance of the setcookie function in b2login.php file -- especially if you have multiple b2 installed on the same domain -- to differentiate each blog in their own directories. Example: setcookie("cafeloguser", $user_login, time()+31536000, "yourdomain.com/b2mike"); _________________ Michael P.

MemberNo.817

Joined: 08 Feb 2004
Posts: 3
Location: bayarea

Posted: Sun Feb 08, 2004 1:23 pm Post subject:

that doesn't work for me. i tried doing it for both, then only for one and the closest i can get is one b2 account will logon but the other one wont.

Cyberian75

Joined: 26 Sep 2002
Posts: 1283
Location: Oregon

Posted: Sun Feb 08, 2004 7:24 pm Post subject:

Did you change every instance of it in b2login.php? Altogether, there are about 5 instances of setcookie functiion in that file. _________________ Michael P.

MemberNo.817

Joined: 08 Feb 2004
Posts: 3
Location: bayarea

Posted: Sun Feb 08, 2004 10:35 pm Post subject:

yah i tried it. do i do it for both accounts for it to work. i tired that too. hmm... here's my codes.

Code:

<?php

require('./b2config.php');
require_once($b2inc.'/b2template.functions.php');
require_once($b2inc.'/b2functions.php');
require_once($b2inc.'/b2vars.php');

if (!function_exists('add_magic_quotes')) {
function add_magic_quotes($array) {
foreach ($array as $k => $v) {
if (is_array($v)) {
$array[$k] = add_magic_quotes($v);
} else {
$array[$k] = addslashes($v);
}
}
return $array;
}
}

if (!get_magic_quotes_gpc()) {
$HTTP_GET_VARS = add_magic_quotes($HTTP_GET_VARS);
$HTTP_POST_VARS = add_magic_quotes($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
}

$b2varstoreset = array('action','mode','error','text','popupurl','popuptitle');

for ($i = 0; $i < count($b2varstoreset); $i = $i + 1) {
$b2var = $b2varstoreset[$i];
if (!isset($$b2var)) {
if (empty($HTTP_POST_VARS["$b2var"])) {
if (empty($HTTP_GET_VARS["$b2var"])) {
$$b2var = '';
} else {
$$b2var = $HTTP_GET_VARS["$b2var"];
}
} else {
$$b2var = $HTTP_POST_VARS["$b2var"];
}
}
}

/* connecting the db */
$connexion = @mysql_connect($server,$loginsql,$passsql) or die("Can't connect to the database<br>".mysql_error());
mysql_select_db("$base");

switch($action) {

case "logout":

setcookie("cafeloguser", "eightoneseven.com/expel/b2");
setcookie("cafelogpass", "eightoneseven.com/expel/b2");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate"); // for HTTP/1.1
header("Pragma: no-cache");
if ($is_IIS) {
header("Refresh: 0;url=b2login.php");
} else {
header("Location: b2login.php");
}
exit();

break;

case "login":

if(!empty($HTTP_POST_VARS)) {
$log = $HTTP_POST_VARS["log"];
$pwd = $HTTP_POST_VARS["pwd"];
$redirect_to = $HTTP_POST_VARS["redirect_to"];
}

function login() {
global $server,$loginsql,$passsql,$base,$log,$pwd,$error,$user_ID;
global $tableusers, $pass_is_md5;
$user_login=$log;
$password=$pwd;
if (!$user_login) {
$error="<b>ERROR</b>: the login field is empty";
return false;
}

if (!$password) {
$error="<b>ERROR</b>: the password field is empty";
return false;
}

if (substr($password,0,4)=="md5:") {
$pass_is_md5 = 1;
$password = substr($password,4,strlen($password));
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND MD5(user_pass) = '$password' ";
} else {
$pass_is_md5 = 0;
$query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password' ";
}
$result = mysql_query($query) or die("Incorrect Login/Password request: ".mysql_error());

$lines = mysql_num_rows($result);
if ($lines<1) {
$error="<b>ERROR</b>: wrong login or password";
$pwd="";
return false;
} else {
$res=mysql_fetch_row($result);
$user_ID=$res[0];
if (($pass_is_md5==0 && $res[1]==$user_login && $res[2]==$password) || ($pass_is_md5==1 && $res[1]==$user_login && md5($res[2])==$password)) {
return true;
} else {
$error="<b>ERROR</b>: wrong login or password";
$pwd="";
return false;
}
}
}

if (!login()) {
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
if ($is_IIS) {
header("Refresh: 0;url=b2login.php");
} else {
header("Location: b2login.php");
}
exit();
} else {
$user_login=$log;
$user_pass=$pwd;
setcookie("cafeloguser",$user_login,time()+31536000, "eightoneseven.com/expel/b2");
if ($pass_is_md5) {
setcookie("cafelogpass",$user_pass,time()+31536000, "eightoneseven.com/expel/b2");
} else {
setcookie("cafelogpass",md5($user_pass),time()+31536000, "eightoneseven.com/expel/b2");
}
if (empty($HTTP_COOKIE_VARS["cafelogblogid"])) {
setcookie("cafelogblogid","1",time()+31536000);
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");

switch($mode) {
case "bookmarklet":
$location="b2bookmarklet.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
case "sidebar":
$location="sidebar.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
case "profile":
$location="profile.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
break;
default:
$location="$redirect_to";
break;
}

if ($is_IIS) {
header("Refresh: 0;url=$location");
} else {
header("Location: $location");
}
}

break;

case "lostpassword":

?><html>
<head>
<title>b2 > Lost password ?</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<style type="text/css">

</style>
</head>
<body bgcolor="#ffffff" text="#000000" link="#cccccc" vlink="#cccccc" alink="#ff0000">

<table width="100%" height="100%">
<td align="center" valign="middle">

<table width="200" height="200" style="border: 1px solid #cccccc;" cellpadding="0" cellspacing="0">

<tr height="50">
<td height="50" width="50">
<a href="http://cafelog.com" target="_blank"><img src="b2-img/b2minilogo.png" border="0" alt="visit b2's homepage" /></a>
</td>
<td align="right" valign="top"> </td>
</tr>

<tr height="150"><td align="right" valign="bottom" height="150" colspan="2">

<p align="center" style="color: #b0b0b0">Type your login here and click OK. You will receive an email with your password.</p>
<?php
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
?>

<form name="" action="b2login.php" method="post">
<input type="hidden" name="action" value="retrievepassword" />
<table width="100" style="background-color: #ffffff">
<tr><td align="right">login</td>
<td><input type="text" name="user_login" value="" size="8" />   </td></tr>
<tr><td> </td>
<td><input type="submit" name="Submit2" value="OK" class="search">   </td></tr>
</table>

</form>

</td>
</tr>
</table>
</td>
</tr>
</table>

</body>
</html>
<?php

break;

case "retrievepassword":

$user_login = $HTTP_POST_VARS["user_login"];
$user_data = get_userdatabylogin($user_login);
$user_email = $user_data["user_email"];
$user_pass = $user_data["user_pass"];

$message = "Login: $user_login\r\n";
$message .= "Password: $user_pass\r\n";

$m = mail($user_email, "your weblog's login/password", $message);

if ($m == false) {
echo "<p>The email could not be sent.<br />\n";
echo "Possible reason: your host may have disabled the mail() function...</p>";
die();
} else {
echo "<p>The email was sent successfully to $user_login's email address.<br />\n";
echo "<a href=\"b2login.php\">Click here to login !</a></p>";
die();
}

break;

default:

if((!empty($HTTP_COOKIE_VARS["cafeloguser"])) && (!empty($HTTP_COOKIE_VARS["cafelogpass"]))) {
$user_login = $HTTP_COOKIE_VARS["cafeloguser"];
$user_pass_md5 = $HTTP_COOKIE_VARS["cafelogpass"];
}

function checklogin() {
global $server,$loginsql,$passsql,$base;
global $user_login,$user_pass_md5,$user_ID;

$userdata = get_userdatabylogin($user_login);

if ($user_pass_md5 != md5($userdata["user_pass"])) {
return false;
} else {
return true;
}
}

if ( !(checklogin()) ) {
if (!empty($HTTP_COOKIE_VARS["cafeloguser"])) {
$error="Error: wrong login/password"; //, or your session has expired.";
}
} else {
header("Expires: Wed, 5 Jun 1979 23:41:00 GMT"); /* private joke: this is my birthdate - though officially it's on the 6th, since I'm GMT+1 :) */
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); /* different all the time */
header("Cache-Control: no-cache, must-revalidate"); /* to cope with HTTP/1.1 */
header("Pragma: no-cache");
header("Location: b2edit.php");
exit();
}
?><html>
<head>
<title>b2 > Login form</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<style type="text/css">

</style>
</head>
<body bgcolor="#ffffff" text="#000000" link="#cccccc" vlink="#cccccc" alink="#ff0000">

<table width="100%" height="100%">
<td align="center" valign="middle">

<table width="200" height="200" style="border: 1px solid #cccccc;" cellpadding="0" cellspacing="0">

<tr height="50">
<td height="50" width="50">
<a href="http://cafelog.com" target="_blank"><img src="b2-img/b2minilogo.png" border="0" alt="visit b2's homepage" /></a>
</td>
<td align="right" valign="top">
<a href="b2register.php" class="b2menutop">register ?</a><br />
<a href="b2login.php?action=lostpassword" class="b2menutop">lost your password ?</a>
</td>
</tr>

<tr height="150"><td align="right" valign="bottom" height="150" colspan="2">

<?php
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
?>

<form name="" action="b2login.php" method="post">
<?php if ($mode=="bookmarklet") { ?>
<input type="hidden" name="mode" value="<?php echo $mode ?>" />
<input type="hidden" name="text" value="<?php echo $text ?>" />
<input type="hidden" name="popupurl" value="<?php echo $popupurl ?>" />
<input type="hidden" name="popuptitle" value="<?php echo $popuptitle ?>" />
<?php } ?>
<input type="hidden" name="redirect_to" value="b2edit.php" />
<input type="hidden" name="action" value="login" />
<table width="100" style="background-color: #ffffff">
<tr><td align="right">login</td>
<td><input type="text" name="log" value="" size="8" />   </td></tr>
<tr><td align="right">password</td>
<td><input type="password" name="pwd" value="" size="8" />   </td></tr>
<tr><td> </td>
<td><input type="submit" name="Submit2" value="OK" class="search">   </td></tr>
</table>

</form>

</td>
</tr>
</table>
</td>
</tr>
</table>

</body>
</html>
<?php

break;
}

?>

i tried everything from changing

setcookie("cafeloguser",$user_login,time()+31536000, "eightoneseven.com/expel/b2");

to

setcookie("cafeloguser", "" ,time()-31536000, "eightoneseven.com/expel/b2");

even deleting it. haha. what do you thinks wrong?

MemberNo.817

Joined: 08 Feb 2004
Posts: 3
Location: bayarea

Posted: Sun Feb 08, 2004 10:36 pm Post subject:

yah i tried it. do i do it for both accounts for it to work. i tired that too. hmm... here's my codes.

Code:

Cyberian75

Joined: 26 Sep 2002
Posts: 1283
Location: Oregon

Posted: Mon Feb 09, 2004 12:18 am Post subject:

Your "logout" setcookie functions are wrong. Refer to my first. After that, delete your cookies and then try. _________________ Michael P.

RamsayX

Joined: 13 Jul 2004
Posts: 10
Location: IaMCaNaDiAn

Posted: Thu Aug 05, 2004 5:09 am Post subject:

Could I possibly get some help with this topic? My code seems to be a little different from posted examples ... but I have the same problem. Please help, thanks!

Code:

<?php

require('./b2config.php');
require_once($b2inc.'/b2template.functions.php');
require_once($b2inc.'/b2functions.php');
require_once($b2inc.'/b2vars.php');

if (!function_exists('add_magic_quotes')) {
function add_magic_quotes($array) {
   foreach ($array as $k => $v) {
      if (is_array($v)) {
         $array[$k] = add_magic_quotes($v);
      } else {
         $array[$k] = addslashes($v);
      }
   }
   return $array;
}
}

if (!get_magic_quotes_gpc()) {
$HTTP_GET_VARS = add_magic_quotes($HTTP_GET_VARS);
$HTTP_POST_VARS = add_magic_quotes($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
}

$b2varstoreset = array('action','mode','error','text','popupurl','popuptitle');

for ($i = 0; $i < count($b2varstoreset); $i = $i + 1) {
$b2var = $b2varstoreset[$i];
if (!isset($$b2var)) {
   if (empty($HTTP_POST_VARS["$b2var"])) {
      if (empty($HTTP_GET_VARS["$b2var"])) {
         $$b2var = '';
      } else {
         $$b2var = $HTTP_GET_VARS["$b2var"];
      }
   } else {
      $$b2var = $HTTP_POST_VARS["$b2var"];
   }
}
}

/* connecting the db */
$connexion = @mysql_connect($server,$loginsql,$passsql) or die("Can't connect to the database<br>".mysql_error());
mysql_select_db("$base");

switch($action) {

case "logout":

setcookie("cafeloguser");
setcookie("cafelogpass");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate"); // for HTTP/1.1
header("Pragma: no-cache");
if ($is_IIS) {
   header("Refresh: 0;url=b2login.php");
} else {
   header("Location: b2login.php");
}
exit();

break;

case "login":

if(!empty($HTTP_POST_VARS)) {
   $log = $HTTP_POST_VARS["log"];
   $pwd = $HTTP_POST_VARS["pwd"];
   $redirect_to = $HTTP_POST_VARS["redirect_to"];
}

function login() {
   global $server,$loginsql,$passsql,$base,$log,$pwd,$error,$user_ID;
   global $tableusers, $pass_is_md5;
   $user_login=$log;
   $password=$pwd;
   if (!$user_login) {
      $error="<b>ERROR</b>: the login field is empty";
      return false;
   }

   if (!$password) {
      $error="<b>ERROR</b>: the password field is empty";
      return false;
   }

   if (substr($password,0,4)=="md5:") {
      $pass_is_md5 = 1;
      $password = substr($password,4,strlen($password));
      $query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND MD5(user_pass) = '$password' ";
   } else {
      $pass_is_md5 = 0;
      $query = " SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND user_pass = '$password' ";
   }
   $result = mysql_query($query) or die("Incorrect Login/Password request: ".mysql_error());

   $lines = mysql_num_rows($result);
   if ($lines<1) {
      $error="<b>ERROR</b>: wrong login or password";
      $pwd="";
      return false;
   } else {
   $res=mysql_fetch_row($result);
   $user_ID=$res[0];
      if (($pass_is_md5==0 && $res[1]==$user_login && $res[2]==$password) || ($pass_is_md5==1 && $res[1]==$user_login && md5($res[2])==$password)) {
         return true;
      } else {
         $error="<b>ERROR</b>: wrong login or password";
         $pwd="";
      return false;
      }
   }
}

if (!login()) {
   header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
   header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
   header("Cache-Control: no-cache, must-revalidate");
   header("Pragma: no-cache");
   if ($is_IIS) {
      header("Refresh: 0;url=b2login.php");
   } else {
      header("Location: b2login.php");
   }
   exit();
} else {
   $user_login=$log;
   $user_pass=$pwd;
   setcookie("cafeloguser",$user_login,time()+31536000);
   if ($pass_is_md5) {
      setcookie("cafelogpass",$user_pass,time()+31536000);
   } else {
      setcookie("cafelogpass",md5($user_pass),time()+31536000);
   }
   if (empty($HTTP_COOKIE_VARS["cafelogblogid"])) {
      setcookie("cafelogblogid","1",time()+31536000);
   }
   header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
   header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
   header("Cache-Control: no-cache, must-revalidate");
   header("Pragma: no-cache");

   switch($mode) {
      case "bookmarklet":
         $location="b2bookmarklet.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
         break;
      case "sidebar":
         $location="sidebar.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
         break;
      case "profile":
         $location="profile.php?text=$text&popupurl=$popupurl&popuptitle=$popuptitle";
         break;
      default:
         $location="$redirect_to";
         break;
   }

   if ($is_IIS) {
      header("Refresh: 0;url=$location");
   } else {
      header("Location: $location");
   }
}

break;

case "lostpassword":

?><html>
<head>
<title>b2 > Lost password ?</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<style type="text/css">

</style>
</head>
<body bgcolor="#ffffff" text="#000000" link="#cccccc" vlink="#cccccc" alink="#ff0000">

<table width="100%" height="100%">
<td align="center" valign="middle">

<table width="200" height="200" style="border: 1px solid #cccccc;" cellpadding="0" cellspacing="0">

<tr height="50">
<td height="50" width="50">
<a href="http://cafelog.com" target="_blank"><img src="b2-img/b2minilogo.png" border="0" alt="visit b2's homepage" /></a>
</td>
<td align="right" valign="top"> </td>
</tr>

<tr height="150"><td align="right" valign="bottom" height="150" colspan="2">

<p align="center" style="color: #b0b0b0">Type your login here and click OK. You will receive an email with your password.</p>
<?php
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
?>

<form name="" action="b2login.php" method="post">
<input type="hidden" name="action" value="retrievepassword" />
<table width="100" style="background-color: #ffffff">
<tr><td align="right">login</td>
<td><input type="text" name="user_login" value="" size="8" />   </td></tr>
<tr><td> </td>
<td><input type="submit" name="Submit2" value="OK" class="search">   </td></tr>
</table>

</form>

</td>
</tr>
</table>
</td>
</tr>
</table>

</body>
</html>
<?php

break;

case "retrievepassword":

$user_login = $HTTP_POST_VARS["user_login"];
$user_data = get_userdatabylogin($user_login);
$user_email = $user_data["user_email"];
$user_pass = $user_data["user_pass"];

$message = "Login: $user_login\r\n";
$message .= "Password: $user_pass\r\n";

$m = mail($user_email, "your weblog's login/password", $message);

if ($m == false) {
   echo "<p>The email could not be sent.<br />\n";
   echo "Possible reason: your host may have disabled the mail() function...</p>";
   die();
} else {
   echo "<p>The email was sent successfully to $user_login's email address.<br />\n";
   echo "<a href=\"b2login.php\">Click here to login !</a></p>";
   die();
}

break;

default:

if((!empty($HTTP_COOKIE_VARS["cafeloguser"])) && (!empty($HTTP_COOKIE_VARS["cafelogpass"]))) {
   $user_login = $HTTP_COOKIE_VARS["cafeloguser"];
   $user_pass_md5 = $HTTP_COOKIE_VARS["cafelogpass"];
}

function checklogin() {
   global $server,$loginsql,$passsql,$base;
   global $user_login,$user_pass_md5,$user_ID;

   $userdata = get_userdatabylogin($user_login);

   if ($user_pass_md5 != md5($userdata["user_pass"])) {
      return false;
   } else {
      return true;
   }
}

if ( !(checklogin()) ) {
   if (!empty($HTTP_COOKIE_VARS["cafeloguser"])) {
      $error="Error: wrong login/password"; //, or your session has expired.";
   }
} else {
   header("Expires: Wed, 5 Jun 1979 23:41:00 GMT"); /* private joke: this is my birthdate - though officially it's on the 6th, since I'm GMT+1 :) */
   header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); /* different all the time */
   header("Cache-Control: no-cache, must-revalidate"); /* to cope with HTTP/1.1 */
   header("Pragma: no-cache");
   header("Location: b2edit.php");
   exit();
}
?><html>
<head>
<title>b2 > Login form</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<style type="text/css">

</style>
</head>
<body bgcolor="#ffffff" text="#000000" link="#cccccc" vlink="#cccccc" alink="#ff0000">

<table width="100%" height="100%">
<td align="center" valign="middle">

<table width="200" height="200" style="border: 1px solid #cccccc;" cellpadding="0" cellspacing="0">

<tr height="50">
<td height="50" width="50">
<a href="http://cafelog.com" target="_blank"><img src="b2-img/b2minilogo.png" border="0" alt="visit b2's homepage" /></a>
</td>
<td align="right" valign="top">
<a href="b2register.php" class="b2menutop">register ?</a><br />
<a href="b2login.php?action=lostpassword" class="b2menutop">lost your password ?</a>
</td>
</tr>

<tr height="150"><td align="right" valign="bottom" height="150" colspan="2">

<?php
if ($error) echo "<div align=\"right\" style=\"padding:4px;\"><font color=\"#FF0000\">$error</font><br /> </div>";
?>

<form name="" action="b2login.php" method="post">
<?php if ($mode=="bookmarklet") { ?>
<input type="hidden" name="mode" value="<?php echo $mode ?>" />
<input type="hidden" name="text" value="<?php echo $text ?>" />
<input type="hidden" name="popupurl" value="<?php echo $popupurl ?>" />
<input type="hidden" name="popuptitle" value="<?php echo $popuptitle ?>" />
<?php } ?>
<input type="hidden" name="redirect_to" value="b2edit.php" />
<input type="hidden" name="action" value="login" />
<table width="100" style="background-color: #ffffff">
<tr><td align="right">login</td>
<td><input type="text" name="log" value="" size="8" />   </td></tr>
<tr><td align="right">password</td>
<td><input type="password" name="pwd" value="" size="8" />   </td></tr>
<tr><td> </td>
<td><input type="submit" name="Submit2" value="OK" class="search">   </td></tr>
</table>

</form>

</td>
</tr>
</table>
</td>
</tr>
</table>

</body>
</html>
<?php

break;
}

?>

_________________
Garrett Ramsay
RamsayStudios.ca

RamsayX

Joined: 13 Jul 2004
Posts: 10
Location: IaMCaNaDiAn

Posted: Fri Aug 06, 2004 3:45 am Post subject:

Anyone please?? _________________ Garrett Ramsay RamsayStudios.ca

Sigg3

Joined: 03 Jul 2003
Posts: 894
Location: Oslo, Norway

Posted: Tue Jan 18, 2005 9:30 am Post subject:

Could it be possible leaving out that cookie check or would it only make it a real drag having to log in when editing? _________________ Sigg3.net - You know you're worth it! \| b2 Cafelog Resource Center

Sigg3

Joined: 03 Jul 2003
Posts: 894
Location: Oslo, Norway

Posted: Wed Jan 19, 2005 9:33 am Post subject:

I've logged in/out of blog 1. Then logged in in blog 2, @ /gcp/. Two cookies related to sigg3.net came up:

My cookie1 ([email protected][2]) shows:

Code:

cafelogblogid
1
www.sigg3.net/
0
[color=cyan]bunchanumbers[/color]
*

my cookie2 ([email protected][3]) shows:

Code:

cafelogblogid
1
www.sigg3.net/
0
[color=cyan]bunchanumbers[/color]
*

The numbers are equal, but if that's pwd then that's ok.

They can both be from blog 1, or one from each blog which indicates that the "www.sigg3.net/gcp" or "sigg3.net/gcp" at the end of each set_cookie string does not work.
Or I'm still logged in, as I can't log out...

Either way, isn't it a problem that in either cases both "cookie ID's" is set to cafelogblogid? And would that require editing a houndred files to change (re blog 2)?

I dunno, just brainstorming here...
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center

Sigg3

Joined: 03 Jul 2003
Posts: 894
Location: Oslo, Norway

Posted: Tue Jan 25, 2005 10:49 am Post subject:

Just wanted to repeat that question, since I might have put my words in a bad way..

I was wondering wether alot of files use the cafeblogid cookie "name"/variable, since I 'm thinking a cookie with different names would perhaps render out the problem.

But if there's a houndred files to change... :p

I noticed that the URL-variable in b2login doesn't work, since all cookies are marked with www.sigg3.net/, this could also be a part of the problem.

EDIT:

I wanted to read up on this, since I was at a real loss:) so I went on to php.net and found this example:

Code:

<?php
$value = 'something from somewhere';

setcookie("TestCookie", $value);
setcookie("TestCookie", $value, time()+3600); /* expire in 1 hour */
setcookie("TestCookie", $value, time()+3600, "/~rasmus/", ".example.com", 1);
?>

As you can see the /b2 2nd install folder/ (here /~rasmus/) is in a variable _in front of_ the domain.. I'll have a go at it and see what happens..

EDIT 2: No change
I read that _all_ setcookie's forth values should be / or /designated folder/ in any cases, but that doesn't make sense when "the default blog" is concerned.

I'm thinking about changing setcookie out with setrawcookie, to see wether this can make it easier for the browser to pick up the right one. The only difference is that rawcookies doesn't have the url encoded automatically. You think this is a security risk in any way?

EDIT 3: No cookie received?

Reading up on cookies I found several bugs on the expiring of cookies in IE (a flaw I suspect Firefox of having too, but I dunno anymore), when I came over a tip from some other board user:

Quote:

I would suggest to set the option that IE should ask always before accepting a cookie, then you can click on details and see what you get send.

Which I did in Firefox. Guess what? The b2login (2nd blog @ /gcp/) never sent a cookie! I was thrown out of boardom forum, and had to allow this site to send me cookies before I could log back on again which should mean the set up was working. BUT b2 never sent any.. Still, it refreshes to b2edit.php in the adress field..

EDIT 4: Disregard last
Now I got a cookie, settings in /gcp/b2login.php like:

Code:

case "logout":

setcookie("cafeloguser","",time()-31536000,"/gcp/");
setcookie("cafelogpass","",time()-31536000,"/gcp/");

and for case "login":

   setcookie("cafeloguser", "",time()+31536000,"/gcp/");
   if ($pass_is_md5) {
      setcookie("cafelogpass",$user_pass,time()+31536000,"/gcp/");
   } else {
      setcookie("cafelogpass",md5($user_pass),time()+31536000,"/gcp/");

I thought it didn't make sense that the login cookie should have a negative time-set.

Now. I haven't edited the _original_ b2login.php in /, which probably doesn't delete the cookies on logout. I'll try doing that.
Btw, anyone knows where Firefox stores cookies?[/code]
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center

Display posts from previous:

	boardom Forum Index -> Bugs	All times are GMT + 1 Hour
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum