Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Jun 2001
Posts: 3,273
That 70's Guy
That 70's Guy
Offline
Joined: Jun 2001
Posts: 3,273
Here's a quick hack for your adduser.php script:

Right after this line:

require ("languages/$w3t_language/adduser.php");

Add this line:

require ("languages/$w3t_language/start_page.php");


On about line 322 change this line:

$msg = "{$ubbt_lang['PASS_BODY1']} '$ip' {$ubbt_lang['PASS_BODY2']} "$Username". {$ubbt_lang['PASS_BODY3']} "$pass".";

To this:

$msg = "{$ubbt_lang['PASS_BODY1']} '$ip' {$ubbt_lang['PASS_BODY2']} "$Username". {$ubbt_lang['PASS_BODY3']} "$pass".\n\nClick on the following link to login: {$config['phpurl']}/start_page.php?Loginname=$Username&Loginpass=$pass&option={$ubbt_lang['BUTT_LOGIN']}";

And now they will have a link that will automaticly log them in. []https://www.ubbdev.com/threads/php/images/icons/wink.gif[/]

Sponsored Links
Joined: Feb 2001
Posts: 104
Journeyman
Journeyman
Offline
Joined: Feb 2001
Posts: 104
Nice..............

Though it seems to break down with special characters. Test user ended up looking like

http://www.easthillskungfu.com/phpforum/start_page.php?Loginname=Test

I think the space killed it..???? As TestUser worked like a champ.....




Last edited by ScottCargill; 02/10/2002 11:29 PM.
Joined: May 1999
Posts: 90
Member
Member
Offline
Joined: May 1999
Posts: 90
Good implementation but a bad ideea IMHO. Usually, them users have the nasty behaviour of using the same username/password combination everywhere so you can imagine what problems will arise because:
1. The password will be 'stored' in the server logs.
2. If they are going throug a proxy it will be stored there too.
(these are the reasons for not passing session ids through the url either)

If you really need this, you should add a warning to the mail too:
Warning: logging in using this link will expose your username and password to third parties.
If you have a problem with that, do not use that link. Instead, go to the <a href="{$config['phpurl']}/login.php">login</a> page and enter the username and password there.

Joined: Jun 2001
Posts: 3,273
That 70's Guy
That 70's Guy
Offline
Joined: Jun 2001
Posts: 3,273
I guess if it's just a standard user I'm not going to worry about it. Also, since it's a random one created for them there should be no problems with it matching their own password for other things. If I was assigning admins during signup then I spose it would be best not to include the username/pass in the url. A small warning for the new user to change their password once they have logged in would be a good idea though. Just so they know that if they want to be more secure in knowing that their private messages are not read by 3rd parties and that unless changed someone else may be able to make posts in their name also.

A number of the users that sign up at my site on a regular basis don't know where to login (I know it is hard to believe) and/or send me emails saying the password doesn't work. (they place the quotes in with the pass) I do intend to have the initial email explain that it's in their best interest to change their password after login though. (good idea) []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]

Last edited by JustDave; 02/11/2002 6:54 AM.
Joined: Jun 2001
Posts: 3,273
That 70's Guy
That 70's Guy
Offline
Joined: Jun 2001
Posts: 3,273
hmmm yeah I guess I should have thought about encoding the special characters... lol (hindsight = 20/20)

I'll work on it some more...

Sponsored Links
Joined: Jun 2001
Posts: 3,273
That 70's Guy
That 70's Guy
Offline
Joined: Jun 2001
Posts: 3,273
This will fix the special characters in the URL []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]


Right after this line:

require ("languages/$w3t_language/adduser.php");

Add this line:

require ("languages/$w3t_language/start_page.php");


On about line 322 change this line:

$msg = "{$ubbt_lang['PASS_BODY1']} '$ip' {$ubbt_lang['PASS_BODY2']} "$Username". {$ubbt_lang['PASS_BODY3']} "$pass".";

To this:

$codedUsername = rawurlencode($Username);
$codedLogin = rawurlencode($ubbt_lang['BUTT_LOGIN']);
$msg = "{$ubbt_lang['PASS_BODY1']} '$ip' {$ubbt_lang['PASS_BODY2']} "$codedUsername". {$ubbt_lang['PASS_BODY3']} "$pass".\n\nClick on the following link to login: {$config['phpurl']}/start_page.php?Loginname=$Username&Loginpass=$pass&option=$codedLogin";

Joined: May 1999
Posts: 90
Member
Member
Offline
Joined: May 1999
Posts: 90
> A number of the users that sign up at my site on a regular basis don't know where to login
This may be one reason for not changing password and using the email link to login every time ;-)
Anyway, if you explain them what is all about with this 'password thing' and provide that link, you've done everything to help them. If they choose to do otherwise -- that becomes their problem :-)

PS. Don't get me wrong -- I don't have any problem with this feature nor am I against it. I just thought it would be worth mentioning the issues I see.

Joined: Jun 2001
Posts: 3,273
That 70's Guy
That 70's Guy
Offline
Joined: Jun 2001
Posts: 3,273
No not at all... the very same security issues did cross my mind but I figured that for the standard user the risk to the site was minimal. []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/] Maybe I'll set up some sort of time limit on the newly issued password and have it automaticly changed and display a count down warning. (You have 6 days left before your password is automaticly changed... click here to set your password now.) type display?

LoL I think that on an average this hack will cut down on about 20-30 emails a month on how and where and why for logging in.

Joined: Feb 2001
Posts: 104
Journeyman
Journeyman
Offline
Joined: Feb 2001
Posts: 104
Nope that didn't do it....

Someone from the ip address '64.171.130.206' registered the Username
"test%20user". The password for this Username is "JmX4Cx".

Click on the following link to login:
http://www.easthillskungfu.com/phpforum/start_page.php?Loginname=test
user&Loginpass=JmX4Cx&option=Login

Everything up to loginname=test was hyperlinked, user&Loginpass..... wasn't considered .....


Joined: Jun 2001
Posts: 3,273
That 70's Guy
That 70's Guy
Offline
Joined: Jun 2001
Posts: 3,273
hmmm yeah I guess the start_page script would need to unencode them variables before going any further.. I'll play with it when I get a chance []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]

Sponsored Links
Joined: Feb 2001
Posts: 104
Journeyman
Journeyman
Offline
Joined: Feb 2001
Posts: 104
Take your time... Ok, times up. heh heh

Thanks for your time btw....


Joined: May 1999
Posts: 90
Member
Member
Offline
Joined: May 1999
Posts: 90
You need to slightly modify the code provided by Dave:

$codedUsername = rawurlencode($Username);
$codedPassword = rawurlencode($pass);
$codedLogin = rawurlencode($ubbt_lang['BUTT_LOGIN']);
$msg = "{$ubbt_lang['PASS_BODY1']} '$ip' {$ubbt_lang['PASS_BODY2']} "$Username". {$ubbt_lang['PASS_BODY3']} "$pass".\n\nClick on the following link to login: {$config['phpurl']}/start_page.php?Loginname=$codedUsername&Loginpass=$codedPassword&option=$codedLogin";
---
(the changes involve using the urlencoded strings in the actual url and not in the displayed values)

Also look in start_page.php and find something like:
$Username = $Loginname;
$Password = $Loginpass;


Then add:

if ($GLOBALS['REQUEST_METHOD'] == 'GET') {
$Username = rawurldecode($Username);
$Password = rawurldecode($Password);
$option = rawurldecode($option);
}

after it.
This should do the trick but be aware that it is not verified as I can't test it right now (it looks ok in this tiny edit window but that may not be enough []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]).
Dave, what do you think of this?

Joined: Jun 2001
Posts: 3,273
That 70's Guy
That 70's Guy
Offline
Joined: Jun 2001
Posts: 3,273
Yeah I believe that should do the trick, thanks! []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]

Joined: May 1999
Posts: 149
Enthusiast
Enthusiast
Offline
Joined: May 1999
Posts: 149
Hi Dave, any chance of having the final / updated / working code reposted please?
Max

Joined: Jun 2001
Posts: 3,273
That 70's Guy
That 70's Guy
Offline
Joined: Jun 2001
Posts: 3,273
Attachments
44411-5.5-loginlink.1.0.2.txt (0 Bytes, 46 downloads)

Joined: May 1999
Posts: 149
Enthusiast
Enthusiast
Offline
Joined: May 1999
Posts: 149
Thanks!!!

And in addition to the above changes, you can make the following changes in order for forgotten passwords to get a link as well... this is probably even more useful, because people who forget their passwords are also the people who have trouble figuring out how to log in. Whether you want them on your board or not is another matter []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]

In start_page.php, replace

$msg = "{$ubbt_lang['PASS_REQ_BOD1']} '$ip' {$ubbt_lang['PASS_REQ_BOD2']} '$Username' {$ubbt_lang['PASS_REQ_BOD3']} $pass";

with

$codedUsername = rawurlencode($Username);
$codedPassword = rawurlencode($pass);
$codedLogin = rawurlencode($ubbt_lang['BUTT_LOGIN']);
$msg = "{$ubbt_lang['PASS_REQ_BOD1']} '$ip' {$ubbt_lang['PASS_REQ_BOD2']} '$Username' {$ubbt_lang['PASS_REQ_BOD3']} $pass . \n\nClick on the following link to login: {$config['phpurl']}/start_page.php?Loginname=$codedUsername&Loginpass=$codedPassword&option=$codedLogin";

Max


Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
isaac
isaac
California
Posts: 1,157
Joined: July 2001
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
WebGuy 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)