Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Correctly updating Last Visit  (Read 3546 times)

0 Members and 1 Guest are viewing this topic.

radianation

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 79
    • Radianation
Correctly updating Last Visit
« on: December 30, 2005, 09:25:29 am »

I'm working on a modification for properly updating the "Last Visit" information for a user in the database even if they have the Remember Me option ticked when they initially login. I had this modification working for 1.3.2 awhile back, but when I upgraded I didn't have a backup and overwrote my files.

The basic idea was that in the init.inc.php there was a call to a function that read the cookie information and then checked that information against the database. I modified this routine to include some code from the standard login procedure that essentially updated the database with the current date for the last visit. At the time there was also no IP information stored in the database and I manually added this as well since it was being collected for other purposes (i.e. comments, E-Cards, etc.)

So, my question now is, how can this be achieved with 1.4.2?

On lines 261 - 265 of init.inc.php I see the following function and authentication check:

Code: [Select]
// Parse cookie stored user profile
user_get_profile();

// Authenticate
$cpg_udb->authenticate();

I am honestly not sure what is happening with $cpg_ud->authenticate();
I see in the functions.php that $cpg_uid is being populated by the userid, but I don't see a function called authenticate in any of the files?


My next search lead me to login.php, and I noticed on lines 36 to 52 I see a routine that looks familiar to me.

Code: [Select]
if (isset($_POST['submitted'])) {
    if ( $USER_DATA = $cpg_udb->login( addslashes($_POST['username']), addslashes($_POST['password']), isset($_POST['remember_me']) ) ) {
        $referer=preg_replace("'&'","&",$referer);
        pageheader($lang_login_php['login'], "<META http-equiv=\"refresh\" content=\"3;url=$referer\">");
        msg_box($lang_login_php['login'], sprintf($lang_login_php['welcome'], $USER_DATA['user_name']), $lang_continue, $referer);
        pagefooter();
        exit;
    } else {
        log_write("Failed login attempt with Username: {$_POST['username']} from IP {$_SERVER['REMOTE_ADDR']} on " . localised_date(-1,$log_date_fmt),CPG_SECURITY_LOG);

        $login_failed = <<<EOT
                  <tr>
                          <td colspan="2" align="center" class="tableh2">
                        <font size="1" color="red"><b>{$lang_login_php['err_login']}<b></font>
                        </td>
                  </tr>
EOT;

It seems like in the first half of this routine would be a logical spot to include some code to populate the database with the last visit, but that looks like it would only work if the information was submitted, and it's my guess that if it's reading from the cookie there is no "submit" process occuring.

Any help is greatly appreciated. I'll keep looking it over in the meantime. Perhaps I can find a backup of my old file somewhere...  ???
« Last Edit: December 31, 2005, 04:36:05 pm by Nibbler »
Logged

Nibbler

  • Guest
Re: Correctly updating Last Visit
« Reply #1 on: December 30, 2005, 10:12:37 am »

The information is already in the sessions table, best idea would be to read it from there instead.
Logged

radianation

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 79
    • Radianation
Re: Correctly updating Last Visit
« Reply #2 on: December 30, 2005, 10:24:35 am »

Can you show me where it's being written to the sessions table (which file?)
Logged

Nibbler

  • Guest
Re: Correctly updating Last Visit
« Reply #3 on: December 30, 2005, 10:30:57 am »

It's in the only file it could possibly be in - bridge/coppermine.inc.php
Logged

radianation

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 79
    • Radianation
Re: Correctly updating Last Visit
« Reply #4 on: December 31, 2005, 01:26:54 pm »

Isn't it theoretically possible that it could have been in any file? Thanks for your help.
Logged

mrdee

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 28
Re: Correctly updating Last Visit
« Reply #5 on: March 28, 2006, 10:28:44 am »

Just thought I would ask if you succeeded in getting this working, and whether you may be able to post the code for changing the latest version?  I recently moved to this software from 4images, and this is one feature I really miss (I have to look at raw server logs now, and don't really want to disable the "remember me" feature).  Thanks in advance if you can help...
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 19 queries.