Welcome to Geeklog Thursday, January 20 2022 @ 11:41 am EST

Geeklog Forums

Modifying users.php for authentication


Anonymous

Anonymous
I have a site that is for members only. I have changed the New User link in the language file to point to the admin contact link for someone to request a signup. The problem is, if someone knows geeklog, they will realize they can enter site url/users.php?mode=new and create an account. What can I do to get rid of this page? I want to be able to change that link so after I approve someone, I can send them that link (as a different name) so they can sign up. Any help would be greatly appreciated.Thanks
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 12/01/02
Posts: 13073
Location:Stuttgart, Germany
Wouldn't it be easier to activate the user submission queue? $_CONF['usersubmission'] = 1; After that change, new users won't get their password until they are approved by the Admin. bye, Dirk
 Quote

Status: offline

os

Forum User
Junior
Registered: 11/04/02
Posts: 27
this is what I use on my odots.org site .. Don't know if its 'secure' though .. Notice the variables at the beginning of the file. ø.s --- user.php pasted from word ufgh ;(wonder what happens ..) <?php /* Reminder: always indent with 4 spaces (no tabs). */ // +---------------------------------------------------------------------------+ // | Geeklog 1.3 | // +---------------------------------------------------------------------------+ // | users.php | // | User authentication module. | // | | // +---------------------------------------------------------------------------+ // | Copyright (C) 2000,2001 by the following authors: | // | | // | Authors: Tony Bibbs - tony@tonybibbs.com | // | Mark Limburg - mlimburg@users.sourceforge.net | // | Jason Wittenburg - jwhitten@securitygeeks.com | // +---------------------------------------------------------------------------+ // | | // | This program is free software; you can redistribute it and/or | // | modify it under the terms of the GNU General Public License | // | as published by the Free Software Foundation; either version 2 | // | of the License, or (at your option) any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ // // *+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+* // By .øs 260902 see http://odots.org // Removed most of this file, so its only possible to login and // view / edit personal info. // // Variables to set what messages users get when they try to do something no-no // $nn_user = "For å få en bruker her, må du <a href="profiles.php?uid=2">maile admin.</a> og spørre pent Smile" ; $nn_pasw = "For å få passordet ditt, må du <a href="profiles.php?uid=2">maile admin.</a> og spørre pent Smile" ; // // *+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+* // *+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+*+-+* // $Id: users.php,v 1.44 2002/09/06 14:00:39 dhaun Exp $ /** * This file handles user authentication * * @author Tony Bibbs <tony@tonybibbs.com> * @author Mark Limburg <mlimburg@users.sourceforge.net> * @author Jason Whittenburg * */ /** * Geeklog common function library */ require_once('lib-common.php'); // Uncomment the line below if you need to debug the HTTP variables being passed // to the script. This will sometimes cause errors but it will allow you to see // the data being passed in a POST operation // echo COM_debug($HTTP_POST_VARS); /** * Shows a profile for a user * * This grabs the user profile for a given user and displays it * * @param int $user User ID of profile to get * @return string HTML for user profile page * */ function userprofile($user) { global $_TABLES, $_CONF, $_USER, $LANG04, $LANG01, $LANG_LOGIN, $_GROUPS; if (empty ($_USER['username']) && (($_CONF['loginrequired'] == 1) || ($_CONF['profileloginrequired'] == 1))) { $retval .= COM_startBlock($LANG_LOGIN[1]); $login = new Template($_CONF['path_layout'] . 'submit'); $login->set_file (array ('login'=>'submitloginrequired.thtml')); $login->set_var ('login_message', $LANG_LOGIN[2]); $login->set_var ('site_url', $_CONF['site_url']); $login->set_var ('lang_login', $LANG_LOGIN[3]); $login->set_var ('lang_newuser', $LANG_LOGIN[4]); $login->parse ('output', 'login'); $retval .= $login->finish ($login->get_var('output')); $retval .= COM_endBlock(); return $retval; } $retval = ''; $result = DB_query("SELECT username,fullname,regdate,homepage,about,pgpkey,photo FROM {$_TABLES['userinfo']},{$_TABLES["users"]} WHERE {$_TABLES['userinfo']}.uid = {$_TABLES['users']}.uid AND {$_TABLES['users']}.uid = $user"Wink; $nrows = DB_numRows($result); if ($nrows == 0) { // no such user return COM_refresh ($_CONF['site_url'] . '/index.php'); } $A = DB_fetchArray($result); // format date/time to user preference $curtime = COM_getUserDateTimeFormat($A["regdate"]); $A['regdate'] = $curtime[0]; $user_templates = new Template($_CONF['path_layout'] . 'users'); $user_templates->set_file(array('profile'=>'profile.thtml','row'=>'commentrow.thtml','strow'=>'storyrow.thtml')); $user_templates->set_var('site_url', $_CONF['site_url']); $user_templates->set_var('start_block_userprofile', COM_startBlock($LANG04[1] . ' ' . $A['username'])); $user_templates->set_var('end_block', COM_endBlock()); $user_templates->set_var('lang_username', $LANG04[2]); $user_templates->set_var('username', $A['username']); if (!empty($A['photo']) AND $_CONF['allow_user_photo'] == 1) { $user_templates->set_var('user_photo','<img src="' . $_CONF['site_url'] . '/images/userphotos/' . $A['photo'] . '" alt="">'); } else { $user_templates->set_var('user_photo',''); } $user_templates->set_var('user_fullname', $A['fullname']); $user_templates->set_var('lang_membersince', $LANG04[67]); $user_templates->set_var('user_regdate', $A['regdate']); $user_templates->set_var('lang_email', $LANG04[5]); $user_templates->set_var('user_id', $user); $user_templates->set_var('lang_sendemail', $LANG04[81]); $user_templates->set_var('lang_homepage', $LANG04[6]); $user_templates->set_var('user_homepage', $A['homepage']); $user_templates->set_var('lang_bio', $LANG04[7]); $user_templates->set_var('user_bio', nl2br(stripslashes($A['about']))); $user_templates->set_var('lang_pgpkey', $LANG04[8]); $user_templates->set_var('user_pgp', nl2br($A['pgpkey'])); $user_templates->set_var('start_block_last10stories', COM_startBlock($LANG04[82] . ' ' . $A['username'])); $user_templates->set_var('start_block_last10comments', COM_startBlock($LANG04[10] . ' ' . $A['username'])); $user_templates->set_var('start_block_postingstats', COM_startBlock($LANG04[83] . ' ' . $A['username'])); // for alternative layouts: use these as headlines instead of block titles $user_templates->set_var('headline_last10stories', $LANG04[82]); $user_templates->set_var('headline_last10comments', $LANG04[10]); $user_templates->set_var('headline_postingstats', $LANG04[83]); // list of last 10 stories by this user $groupList = ''; $sql = "SELECT sid,title,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW()) AND ("; if (!empty ($_USER['uid'])) { foreach ($_GROUPS as $grp) { $groupList .= $grp . ','; } $groupList = substr ($groupList, 0, -1); $sql .= "(owner_id = {$_USER['uid']} AND perm_owner >= 2) OR "; $sql .= "(group_id IN ($groupList) AND perm_group >= 2) OR "; $sql .= "(perm_members >= 2) OR "; } $sql .= "(perm_anon >= 2)) ORDER BY unixdate DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { for ($i = 1; $i <= $nrows; $i++) { $C = DB_fetchArray($result); $user_templates->set_var('row_number', $i . '.'); $user_templates->set_var('story_begin_href', '<a href="' . $_CONF['site_url'] . '/article.php?story=' . $C['sid'] . '">'); $C['title'] = str_replace('$','&#36;',$C['title']); $user_templates->set_var('story_title', stripslashes($C['title'])); $user_templates->set_var('story_end_href', '</a>'); $storytime = COM_getUserDateTimeFormat($C['unixdate']); $user_templates->set_var('story_date', $storytime[0]); $user_templates->parse('story_row','strow',true); } } else { $user_templates->set_var('story_row','<tr><td>' . $LANG01[37] . '</td></tr>'); } // list of last 10 comments by this user // first, get a list of all stories the current visitor has access to $sql = "SELECT sid FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) AND ("; if (!empty ($_USER['uid'])) { $sql .= "(owner_id = {$_USER['uid']} AND perm_owner >= 2) OR "; $sql .= "(group_id IN ($groupList) AND perm_group >= 2) OR "; $sql .= "(perm_members >= 2) OR "; } $sql .= "(perm_anon >= 2))"; $result = DB_query($sql); $numsids = DB_numRows($result); $sidList = ''; for ($i = 1; $i <= $numsids; $i++) { $S = DB_fetchArray ($result); $sidList .= $S['sid']; if ($i != $numsids) { $sidList .= ','; } } // add all polls the current visitor has access to $sql = "SELECT qid FROM {$_TABLES['pollquestions']} WHERE "; if (!empty ($_USER['uid'])) { $sql .= "(owner_id = {$_USER['uid']} AND perm_owner >= 2) OR "; $sql .= "(group_id IN ($groupList) AND perm_group >= 2) OR "; $sql .= "(perm_members >= 2) OR "; } $sql .= "(perm_anon >= 2)"; $result = DB_query($sql); $numqids = DB_numRows($result); if (($numqids > 0) && !empty ($sidList)) { $sidList .= ','; } for ($i = 1; $i <= $numqids; $i++) { $Q = DB_fetchArray ($result); $sidList .= "'" . $Q['qid'] . "'"; if ($i != $numqids) { $sidList .= ','; } } // then, find all comments by the user in those stories and polls $sql = "SELECT sid,title,pid,type,UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['comments']} WHERE (uid = $user) AND (sid in ($sidList)) ORDER BY unixdate DESC LIMIT 10"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { for ($i = 1; $i <= $nrows; $i++) { $C = DB_fetchArray($result); $user_templates->set_var('row_number', $i . '.'); if ($C['type'] == 'article') { $user_templates->set_var('comment_begin_href', '<a href="' . $_CONF['site_url'] . '/comment.php?mode=display&amp;sid=' . $C['sid'] . '&amp;title=' . urlencode($C['title']) . '&amp;pid=' . $C['pid'] . '">'); } else { $user_templates->set_var('comment_begin_href', '<a href="' . $_CONF['site_url'] . '/comment.php?mode=display&amp;sid=' . $C['sid'] . '&amp;title=' . urlencode($C['title']) . '&amp;pid=' . $C['pid'] . '&amp;qid=' . $C['sid'] . '">'); } $C['title'] = str_replace('$','&#36;',$C['title']); $user_templates->set_var('comment_title', stripslashes($C['title'])); $user_templates->set_var('comment_end_href', '</a>'); $commenttime = COM_getUserDateTimeFormat($C['unixdate']); $user_templates->set_var('comment_date', $commenttime[0]); $user_templates->parse('comment_row','row',true); } } else { $user_templates->set_var('comment_row','<tr><td>' . $LANG01[29] . '</td></tr>'); } // posting stats for this user $user_templates->set_var ('lang_number_stories', $LANG04[84]); $sql = "SELECT count(*) AS count FROM {$_TABLES['stories']} WHERE (uid = $user) AND (draft_flag = 0) AND (date <= NOW()) AND ("; if (!empty ($_USER['uid'])) { $sql .= "(owner_id = {$_USER['uid']} AND perm_owner >= 2) OR "; $sql .= "(group_id IN ($groupList) AND perm_group >= 2) OR "; $sql .= "(perm_members >= 2) OR "; } $sql .= "(perm_anon >= 2))"; $result = DB_query($sql); $N = DB_fetchArray ($result); $user_templates->set_var('number_stories', $N['count']); $user_templates->set_var ('lang_number_comments', $LANG04[85]); $sql = "SELECT count(*) AS count FROM {$_TABLES['comments']} WHERE (uid = $user) AND (sid in ($sidList))"; $result = DB_query($sql); $N = DB_fetchArray ($result); $user_templates->set_var('number_comments', $N['count']); $user_templates->set_var ('lang_all_postings_by', $LANG04[86] . ' ' . $A['username']); $user_templates->parse('output', 'profile'); $retval .= $user_templates->finish($user_templates->get_var('output')); return $retval; } /** * Shows the user login form after failed attempts to either login or access a page * requiring login. * * @return string HTML for login form * */ function loginform() { global $_CONF, $LANG04; $retval = ''; $user_templates = new Template ($_CONF['path_layout'] . 'users'); $user_templates->set_file('login', 'loginform.thtml'); $user_templates->set_var('site_url', $_CONF['site_url']); $user_templates->set_var('start_block_loginagain', COM_startBlock($LANG04[65])); $user_templates->set_var('lang_message', $LANG04[66]); $user_templates->set_var('lang_username', $LANG04[2]); $user_templates->set_var('lang_password', $LANG04[4]); $user_templates->set_var('lang_forgetpassword', $LANG04[25]); $user_templates->set_var('lang_login', $LANG04[80]); $user_templates->set_var('end_block', COM_endBlock()); $user_templates->parse('output', 'login'); $retval .= $user_templates->finish($user_templates->get_var('output')); return $retval; } /** * Shows user their account info form * * @param int $msg Id of message to display if one is needed * @param string $referrer * @return string HTML for form * */ function defaultform($msg, $referrer='') { global $LANG04, $_CONF; if (!empty($msg)) { $retval .= COM_startBlock($LANG04[21]) . $msg . COM_endBlock(); } $retval .= COM_startBlock($LANG04[65]) . '<form action="' . $_CONF['site_url'] . '/users.php" method="post">' . LB . '<table border="0" cellspacing="0" cellpadding="3">' . LB . '<tr><td colspan="2">' . $LANG04[66] . '</td></tr>' . LB . '<tr><td align="right"><b>' . $LANG04[2] . ':</b></td><td><input type="text" size="16" name="loginname"></td></tr>' . LB . '<tr><td align="right"><b>' . $LANG04[4] . ':</b></td><td><input type="password" name="passwd" size="16"></td></tr>' . LB . '<tr><td align="center" colspan="2"><input type="submit" value="Login"></td></tr>' . LB . '</table></form>' . COM_endBlock(); $retval .= COM_startBlock($LANG04[22]) . '<form action="' . $_CONF['site_url'] . '/users.php" method="post">' . LB . '<table border="0" cellspacing="0" cellpadding="3">' . LB . '<tr><td colspan="2">' . $LANG04[23] . '</td></tr>' . LB . '<tr><td align="right"><b>' . $LANG04[2] . ':</b></td><td><input type="text" size="16" maxlength="16" name="username"></td></tr>' . LB . '<tr><td align="right"><b>' . $LANG04[5] . ':</b></td><td><input type="text" size="16" maxlength="32" name="email"></td></tr>' . LB . '<tr><td align="center" class="warning" colspan="2">' . $LANG04[24] . '</td></tr>' . LB . '<tr><td align="center" colspan="2"><input type="hidden" name="mode" value="create"><input type="submit" value="' . $LANG04[27] . '"></td></tr>' . LB . '</table></form>' . COM_endBlock(); $retval .= COM_startBlock($LANG04[25]) . '<form action="' . $_CONF['site_url'] . '/users.php" method="post">' . LB . '<table border="0" cellspacing="0" cellpadding="3">' . LB . '<tr><td colspan="2">' . $LANG04[26] . '</td></tr>' . LB . '<tr><td align="right"><b>' . $LANG04[2] . ':</b></td><td><input type="text" size="16" maxlength="16" name="username"></td></tr>' . LB . '<tr><td align="center" colspan="2"><input type="hidden" name="mode" value="emailpasswd">' . '<input type="submit" value="' . $LANG04[28] . '"></td></tr>' . LB . '</table></form>' . COM_endBlock(); return $retval; } // MAIN if (isset ($HTTP_POST_VARS['mode'])) { $mode = $HTTP_POST_VARS['mode']; } elseif (isset ($HTTP_GET_VARS['mode'])) { $mode = $HTTP_GET_VARS['mode']; } else { $mode = ""; } switch ($mode) { case 'logout': if (!empty($_USER['uid']) AND $_USER['uid'] > 1) { SESS_endUserSession($_USER['uid']); COM_accessLog("userid = {$HTTP_COOKIE_VARS[$_CONF["cookie_session"]]} {$LANG04[29]} $REMOTE_ADDR."Wink; } setcookie($_CONF['cookie_session'],'',time() - 10000,$_CONF['cookie_path']); setcookie($_CONF['cookie_name'],'',time() - 10000,$_CONF['cookie_path']); $display = COM_refresh($_CONF['site_url'] . '/index.php?msg=8'); break; case 'profile': $display .= COM_siteHeader('menu') . userprofile($HTTP_GET_VARS['uid']) . COM_siteFooter(); break; case 'create': $display .= COM_siteHeader('menu'); //by .os .. //$display .= newuserform($msg); echo("$nn_user"Wink; $display .= COM_siteFooter(); break; case 'getpassword': $display .= COM_siteHeader('menu'); //by .os .. //$display .= newuserform($msg); echo("$nn_pasw"Wink; $display .= COM_siteFooter(); break; case 'emailpasswd': $display .= COM_siteHeader('menu'); //by .os .. //$display .= newuserform($msg); echo("$nn_pasw"Wink; $display .= COM_siteFooter(); break; case 'new': $display .= COM_siteHeader('menu'); //by .os .. //$display .= newuserform($msg); echo("$nn_user"Wink; $display .= COM_siteFooter(); break; default: if (isset ($HTTP_POST_VARS['loginname'])) { $loginname = $HTTP_POST_VARS['loginname']; } if (isset ($HTTP_POST_VARS['passwd'])) { $passwd = $HTTP_POST_VARS['passwd']; } if (!empty($loginname) && !empty($passwd)) { $mypasswd = COM_getPassword($loginname); } else { srand((double)microtime()*1000000); $mypasswd = rand(); } if (!empty($passwd) && $mypasswd == md5($passwd)) { $userdata = SESS_getUserData($loginname); $_USER=$userdata; $sessid = SESS_newSession($_USER['uid'], $REMOTE_ADDR, $_CONF['session_cookie_timeout'], $_CONF['cookie_ip']); SESS_setSessionCookie($sessid, $_CONF['session_cookie_timeout'], $_CONF['cookie_session'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']); // Now that we handled session cookies, handle longterm cookie if (!isset($HTTP_COOKIE_VARS[$_CONF["cookie_name"]]) || !isset($HTTP_COOKIE_VARS['password'])) { // Either their cookie expired or they are new $cooktime = COM_getUserCookieTimeout(); if ($VERBOSE) { COM_errorLog("Trying to set permanent cookie with time of $cooktime",1); } if (!empty($cooktime)) { // They want their cookie to persist for some amount of time so set it now if ($VERBOSE) { COM_errorLog('Trying to set permanent cookie',1); } setcookie($_CONF['cookie_name'],$_USER['uid'],time() + $cooktime,$_CONF['cookie_path']); setcookie($_CONF['cookie_password'],md5($passwd),time() + $cooktime,$_CONF['cookie_path']); } } else { $userid = $HTTP_COOKIE_VARS[$_CONF['cookie_name']]; if (empty ($userid) || ($userid == 'deleted')) { unset ($userid); } else { if ($VERBOSE) { COM_errorLog('NOW trying to set permanent cookie',1); COM_errorLog('Got '.$userid.' from perm cookie in users.php',1); } if ($userid) { $user_logged_in = 1; // Create new session $userdata = SESS_getUserDataFromId($userid); $_USER = $userdata; if ($VERBOSE) { COM_errorLog('Got '.$_USER['username'].' for the username in user.php',1); } } } } // Now that we have users data see if their theme cookie is set. If not set it setcookie($_CONF['cookie_theme'],$_USER['theme'],time() + 31536000,$_CONF['cookie_path']); // Increment the numlogins counter for this user // DB_change("users","numlogins","numlogins + 1","username","$loginname"Wink; if (($HTTP_REFERER) && ($HTTP_REFERER <> ($_CONF['site_url']."/users.php"Wink)) { $indexMsg = $_CONF['site_url'] . '/index.php?msg='; if (substr ($HTTP_REFERER, 0, strlen ($indexMsg)) == $indexMsg) { $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } else { $display .= COM_refresh($HTTP_REFERER); } } else { $display .= COM_refresh($_CONF['site_url'] . '/index.php'); } } else { $display .= COM_siteHeader('menu'); $display .= COM_showMessage($msg); switch ($mode) { case 'create': // Got bad account info from registration process, show error message // and display form again $display .= newuserform(); break; default: // Show login form $display .= loginform(); break; } if ($mode != "new" && empty($msg)) { $msg = $LANG04[31]; } //$display .= defaultform($msg) . COM_siteFooter(); $display .= COM_siteFooter(); } break; } echo $display; ?>
 Quote

All times are EST. The time is now 11:41 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content