UBB.Developers Forums UBB.classic V6.4 - 6.7 Modifications V6 Mod Ideas Log-in Sequence for Other Areas of a Site

We would you like to create a few areas in our site where it would be required for a user to log-in in order to participate.

Can this done with just the JavaScript cookie, or do we need to do something a bit further in regards to page / ubb integration?

I would also like to see something like this.

This way visitors wouldn't have to create seperate logins for accessing parts of the site. They could simply use the UBB member files.

Look at the source for your forum summary page and you'll see the javascript code that reads the user cookie. You can use that code anywhere on your site to check to see if someone is logged in or not and include links to the log in page. If you want people to be able to log in and return to the non-UBB page that they came from, you'll need to hack ultimatebb.cgi and change:

Otherwise when they log in, it will just take them to the forums and not back to the page they came from. Keep in mind that reading cookies with javascript as a way to keep people out of members only html pages doesn't really work that well. They can just turn off javascript on their browsers and go anywhere on your site if they wanted.

Michael J, this may be a "temporary" solution, but the problem is after the user logs in to the UBB and goes back to the non-UBB home page, the message on the home page will still read "You are not logged in. Login or register" instead of "Hello, BlueWave [ log out ]". This is exactly what we want to get accomplished here .

URL? Make sure you're using the number instead of $vars_config{Cookie_Number}

Your javascript looks fine. The ultimatebb.cgi hack doesn't effect the cookie at all so the problem lies somewhere else. If you put that javascript code on any page of your site it will read the cookie and let you know if you are logged in or not even if you don't do any hacks to UBB whatsoever. As log as you don't logout first, when you go to a non-UBB page on your site the cookie is still there and shows you as logged in which is why you don't need to log in again if you return to the forums.

The only things that I can think of that could be wrong is that your UBB and pages either aren't on the same domain (cookies can only be read by the domain that wrote them) or you have a typo in your cookie number.

One thing I can think about is that you forgot to copy function get Cookie [code][/code]

Thanks for the help MIchael J and LK. I'll try LK's JS and see if that does the trick.

Did it work?

How about the cookie for private messages?

I've done this on my site using PHP. Being a member of the site allows my members to do lots of things like rate pictures, links and write reviews. They can also sign-up to a newswire service. If they're not logged in (no UBB cookie set) most of the pages remind them to login. This is a simple PHP page that asks them for their login details before comparing them to the UBB files to make sure they're accurate. If it works, I create the UBB cookie with PHP so it works on the forums when or if they move to that area of the site.

It works really well and the UBBmemberID is written to the MySQL tables when they rate or write a review and a check is made the next time they come around and says "sorry, you've already rated this picture" etc.

The newswire page just collects UBBmemderIDs and puts them in a MySQL table. When I send out an email it then reads through the MySQL table, extracts the current email address from the UBB Member file and sends the email to them.

It means the UBB member database is used across the site and the UBB blends in with everything else.

That was helpful guys. Thanks.

I have a quick question about DENYING entry to a page outside of the forum if the user isn't logged in the forums. Just like the PROFILE section where it says "YOU ARE NOT LOGGED IN" whenever someone tries to click on the profile link.

Thanks guys

Just add some code to your page to read the cookie. Don't just do this in JavaScript because if someone has JavaScript disabled they will be able access your page. I actually have both PHP code and JavaScript code on the same page to read the cookie. That way, if the user clicks the back button after they have logged out, JavaScript will catch it (the page will be cached on their computer so PHP code won't catch it).

If you put in a meta tag to stop caching on your PHP page, it will work.

Micheal J and Paulus Magnus, Thanks

For a person like me who isn't good at Java at all,

what java code do you suggest to block an access to a NON-FORUM outside page if the user isn't logged in the forums in the first place.

Please give me a sample code.

Thanks. I appreciate it

Now a question from one who can sometimes figure things out, most of the time cannot....

I was able to create a test page using just the Javascript to test for the cookie.

If I want to use this on external pages how do I fit those pages into the Javascript?

If I put the HTML below all the Javascript it shows up whether I am logged in or not.

(Psst... I know I am an idiot when it comes to this stuff but please humor a fool and teach him a new trick.)

Hmmm... I'm not convinced you can use Javascript to do this effectively as the user simply disables Javascript and they see your page anyhow.

The best way you could get around this is by putting your member pages in a subdirectory with an unguessable name and then use a public page with a Javascript redirect if the cookie is set correctly.

However, if you add Javascript to a page that tests for the cookie and then redirects if they're not logged in so as to "hide" the page content the user just disables Javascript and they see the page anyhow.

I'm a fan of PHP as it's server side and I can choose not to send the page contents with a few lines of PHP.

This is largely why I'll advocate using PHP for doing these things but I only see weaknesses with a Javascript solution.

sooooooooooooooooooo

enlighten us on how this is done, please

Something like this, just change the code for your cookie number. Note the '.' in the cookie name is translated to a '_' with PHP.

If the cookie is present, it extracts a couple of values from it and then uses a large if/else construct around the HTML. It means that you can still use your HTML editing software to format all your HTML correctly and have the logged-in and not-logged-in parts on the same page. Just add this into the body of your HTML page and change the extension to PHP.

Great option guys!!

I use PHP and I used it keeps telling me "Sorry, you're not logged in."

am i missing someting?

http://www.latinfreestyle.com/test.php

Did you change $ubber2452191_1937 for your own cookie number?

You also need to make sure you replace the dot with the underscore.

Thanks for the quick reply Paulus,

I changed the dot to the underscore

My own cookie number? , how can I find out what my cookie number is

Never mind I wasn't thinking I got it

Now that it is working how to implement this ?

I saw on Paulus his site (wich is awsome btw) that he made a pop up to log in when the user wants to view a member erea.

Paulus, you are amazing. Great thinking. Thanks so much for the tip.

your site if off the hook. Good work.

I saw the pop-up login window for the pictures area, how did you integrate that with the FORUM login ?

Thanks

On my previous design I blocked access to pages so I used to check for the login, if not logged in use the PHP header function to redirect to "login.php?referred=pictures.php"

The login.php script would then accept the username/password, test them against the UBB member files and if correct, set the UBB cookies and then use the $referred value to redirect the user back to the page they came from. The login.php script still has code in to set the "Ell" cookie but this was used by the Who's Online Hack I had on v6.05. You don't need to set this cookie for v6.3.

With the site redesign I chose not to block pages, just particular features so there is now code in the pages that presents an invitation to login if the cookie isn't present. This popups the login.php page, if all is correct it sets the cookie and reloads the opening page. All the login stages are reported into an access log. It was useful for debugging but it still runs today but it means I can see how many people login outside the forums.

Here's login.zip which contains login.php and common.php that it includes which has got a few site-wide variables and functions defined in it. Login.php is identical to the one on the site, common.php is just a cut down version.

Thanks Paulus!!

I got it running, it checks the member profile and log in, but somhow it don't set the cookie.
Test page

any idea what could be wrong?

Did you change $cookiename for your cookie number, with the dot in it this time?

i.e. $cookiename = "2452191.1937";

haha yes this time I did that, somehow it do not set the cookies hmm

Never mind Paulus, I found it, forgot to change it to my url....it is always those easy things I over see

Thanks for everything, now I am gonna see how I am going to use it

Maurice

Did you change the www.teamnicole.com to your own domain? Does it try to set the cookie? If you change your security settings on IE you can get it to tell you when a Cookie is trying to be placed on your PC.

You can also use things like Cookie Pal to browse your cookies and see what's happening. Does the access log reveal anything interesting? Maybe your absolute path to the UBB member file isn't set correctly, you can check this from within UBB. There are lots of things that can go wrong so you may want to add a few echo("Stage 1"); types of commands into the script to see where it gets to.

Ah I see, got there in the end.

LoL yeah

One more thing do.

I never worked with cookies and all before so this is kinda new.

When the user log in how can I direct them to the private pages ?

When the user go to a member-only page what do I have to put in the page so that they only see the "You have to log in" text/page and not the whole contend

Hope that made any sense...lol

I've sent you the 3 older files I used by email. This may be more appropriate if you want to block complete pages rather than parts of them or extra features on them.

Darn..I see I got an old mail addy in my profile.

Can you send it to molatinfreestyle@zonnet.nl please.

Thanks 4 your time

paulaus, can you send that file to me too. Thanks.

[email protected]

Same here Paulus.
I think I might be able to use it big time, if I can get it to work on my site :-(
[email protected].
Thank you
rabriar

Thank you very much Paulus. Truely appreciate it.

Thanks