Here's a quick hack for your adduser.php script:

Right after this line:

require ("languages/$w3t_language/adduser.php");

Add this line:

require ("languages/$w3t_language/start_page.php");


On about line 322 change this line:

$msg = "{$ubbt_lang['PASS_BODY1']} '$ip' {$ubbt_lang['PASS_BODY2']} "$Username". {$ubbt_lang['PASS_BODY3']} "$pass".";

To this:

$msg = "{$ubbt_lang['PASS_BODY1']} '$ip' {$ubbt_lang['PASS_BODY2']} "$Username". {$ubbt_lang['PASS_BODY3']} "$pass".\n\nClick on the following link to login: {$config['phpurl']}/start_page.php?Loginname=$Username&Loginpass=$pass&option={$ubbt_lang['BUTT_LOGIN']}";

And now they will have a link that will automaticly log them in. []https://www.ubbdev.com/threads/php/images/icons/wink.gif[/]

Nice..............

Though it seems to break down with special characters. Test user ended up looking like

http://www.easthillskungfu.com/phpforum/start_page.php?Loginname=Test

I think the space killed it..???? As TestUser worked like a champ.....

Good implementation but a bad ideea IMHO. Usually, them users have the nasty behaviour of using the same username/password combination everywhere so you can imagine what problems will arise because:
1. The password will be 'stored' in the server logs.
2. If they are going throug a proxy it will be stored there too.
(these are the reasons for not passing session ids through the url either)

If you really need this, you should add a warning to the mail too:
Warning: logging in using this link will expose your username and password to third parties.
If you have a problem with that, do not use that link. Instead, go to the <a href="{$config['phpurl']}/login.php">login</a> page and enter the username and password there.

I guess if it's just a standard user I'm not going to worry about it. Also, since it's a random one created for them there should be no problems with it matching their own password for other things. If I was assigning admins during signup then I spose it would be best not to include the username/pass in the url. A small warning for the new user to change their password once they have logged in would be a good idea though. Just so they know that if they want to be more secure in knowing that their private messages are not read by 3rd parties and that unless changed someone else may be able to make posts in their name also.

A number of the users that sign up at my site on a regular basis don't know where to login (I know it is hard to believe) and/or send me emails saying the password doesn't work. (they place the quotes in with the pass) I do intend to have the initial email explain that it's in their best interest to change their password after login though. (good idea) []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]

hmmm yeah I guess I should have thought about encoding the special characters... lol (hindsight = 20/20)

I'll work on it some more...

This will fix the special characters in the URL []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]


Right after this line:

require ("languages/$w3t_language/adduser.php");

Add this line:

require ("languages/$w3t_language/start_page.php");


On about line 322 change this line:

$msg = "{$ubbt_lang['PASS_BODY1']} '$ip' {$ubbt_lang['PASS_BODY2']} "$Username". {$ubbt_lang['PASS_BODY3']} "$pass".";

To this:

$codedUsername = rawurlencode($Username);
$codedLogin = rawurlencode($ubbt_lang['BUTT_LOGIN']);
$msg = "{$ubbt_lang['PASS_BODY1']} '$ip' {$ubbt_lang['PASS_BODY2']} "$codedUsername". {$ubbt_lang['PASS_BODY3']} "$pass".\n\nClick on the following link to login: {$config['phpurl']}/start_page.php?Loginname=$Username&Loginpass=$pass&option=$codedLogin";

> A number of the users that sign up at my site on a regular basis don't know where to login
This may be one reason for not changing password and using the email link to login every time ;-)
Anyway, if you explain them what is all about with this 'password thing' and provide that link, you've done everything to help them. If they choose to do otherwise -- that becomes their problem :-)

PS. Don't get me wrong -- I don't have any problem with this feature nor am I against it. I just thought it would be worth mentioning the issues I see.

No not at all... the very same security issues did cross my mind but I figured that for the standard user the risk to the site was minimal. []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/] Maybe I'll set up some sort of time limit on the newly issued password and have it automaticly changed and display a count down warning. (You have 6 days left before your password is automaticly changed... click here to set your password now.) type display?

LoL I think that on an average this hack will cut down on about 20-30 emails a month on how and where and why for logging in.

Nope that didn't do it....

Someone from the ip address '64.171.130.206' registered the Username
"test%20user". The password for this Username is "JmX4Cx".

Click on the following link to login:
http://www.easthillskungfu.com/phpforum/start_page.php?Loginname=test
user&Loginpass=JmX4Cx&option=Login

Everything up to loginname=test was hyperlinked, user&Loginpass..... wasn't considered .....

hmmm yeah I guess the start_page script would need to unencode them variables before going any further.. I'll play with it when I get a chance []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]

Take your time... Ok, times up. heh heh

Thanks for your time btw....

You need to slightly modify the code provided by Dave:

$codedUsername = rawurlencode($Username);
$codedPassword = rawurlencode($pass);
$codedLogin = rawurlencode($ubbt_lang['BUTT_LOGIN']);
$msg = "{$ubbt_lang['PASS_BODY1']} '$ip' {$ubbt_lang['PASS_BODY2']} "$Username". {$ubbt_lang['PASS_BODY3']} "$pass".\n\nClick on the following link to login: {$config['phpurl']}/start_page.php?Loginname=$codedUsername&Loginpass=$codedPassword&option=$codedLogin";
---
(the changes involve using the urlencoded strings in the actual url and not in the displayed values)

Also look in start_page.php and find something like:
$Username = $Loginname;
$Password = $Loginpass;

Then add:

if ($GLOBALS['REQUEST_METHOD'] == 'GET') {
$Username = rawurldecode($Username);
$Password = rawurldecode($Password);
$option = rawurldecode($option);
}
after it.
This should do the trick but be aware that it is not verified as I can't test it right now (it looks ok in this tiny edit window but that may not be enough []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]).
Dave, what do you think of this?

Yeah I believe that should do the trick, thanks! []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]

Hi Dave, any chance of having the final / updated / working code reposted please?
Max

Here ya go []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]

Thanks!!!

And in addition to the above changes, you can make the following changes in order for forgotten passwords to get a link as well... this is probably even more useful, because people who forget their passwords are also the people who have trouble figuring out how to log in. Whether you want them on your board or not is another matter []https://www.ubbdev.com/threads/php/images/icons/smile.gif[/]

In start_page.php, replace

$msg = "{$ubbt_lang['PASS_REQ_BOD1']} '$ip' {$ubbt_lang['PASS_REQ_BOD2']} '$Username' {$ubbt_lang['PASS_REQ_BOD3']} $pass";

with

$codedUsername = rawurlencode($Username);
$codedPassword = rawurlencode($pass);
$codedLogin = rawurlencode($ubbt_lang['BUTT_LOGIN']);
$msg = "{$ubbt_lang['PASS_REQ_BOD1']} '$ip' {$ubbt_lang['PASS_REQ_BOD2']} '$Username' {$ubbt_lang['PASS_REQ_BOD3']} $pass . \n\nClick on the following link to login: {$config['phpurl']}/start_page.php?Loginname=$codedUsername&Loginpass=$codedPassword&option=$codedLogin";

Max