Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest sNews - sNews 1.7 - with its own forums - for discussion and user mods.

Author Topic: printing user name as plain text when logged in  (Read 207 times)

Fred K

  • Still trying to learn stuff
  • ULTIMATE member
  • ******
  • Karma: 130
  • Posts: 2728
    • Personal
printing user name as plain text when logged in
« on: February 05, 2013, 02:04:11 PM »

This may sound a little weird, to misquote the guy in the movie, but what I would like to do for a user profile page is to be able to print the user name in plain text, within the admin area. Don't know if it's at all possible, but if it is...

Basic usage is intended for change username/password form, like so (note the placeholder element):
Code: [Select]
<?php echo '
<form>
    <label for="uname">Username: </label><input type="text" name="uname" placeholder="'
.s('username').'">
    <label for="pass1">Password: </label><input type="password" name="pass1" placeholder="">
    <!-- etc -->
</form>
'
?>

Obviously the above code doesn't print the actual plain text username but its md5 hash string which is useless in this context. So - is it at all possible to print the plain text username in admin, and, if it is, how would that be done? 'Cause I've got a few pretty uses for it...

(I have googled. Not found anything useful so far.)
Logged

nukpana

  • Hero Member
  • *****
  • Karma: 71
  • Posts: 663
Re: printing user name as plain text when logged in
« Reply #1 on: February 06, 2013, 11:32:49 AM »

Why not just add another setting just like you have it?

Also, you can just echo the setting instead of the whole block.
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
Re: printing user name as plain text when logged in
« Reply #2 on: February 06, 2013, 04:47:10 PM »

I agree with Jason... add another setting value for real_name to input and retrieve the real name.

Interesting discussion on  md5 no longer being secure
This discussion and this one too on Stackoverflow suggests md5 strings are one-way encryptions, not reversable.
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Fred K

  • Still trying to learn stuff
  • ULTIMATE member
  • ******
  • Karma: 130
  • Posts: 2728
    • Personal
Re: printing user name as plain text when logged in
« Reply #3 on: February 06, 2013, 09:20:52 PM »

Why not just add another setting just like you have it?

Also, you can just echo the setting instead of the whole block.

Well, adding another field just to get to an already existing setting didn't seem worth the trouble *if it had been possible to get to the username setting*, which it seems not to be.

The sample code isn't the whole real block, there's more to it in the application. Whole block is echoed here just to bring out the colours... :P

Quote from: Keyrocks
add another setting value for real_name to input and retrieve the real name

Naaw, the real name is used for the *real* name, not the username. Different usage.

Anyway, since the username setting isn't possible to get to in plain text I'm rethinking the approach. Thanks guys.
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
Re: printing user name as plain text when logged in
« Reply #4 on: February 07, 2013, 04:03:36 AM »

Naaw, the real name is used for the *real* name, not the username. Different usage.

Well... you can make the value-name whatever you want it to be and type whatever you want in the field for it... such as u_name2 ... just sayin' is all.  ;)
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

nukpana

  • Hero Member
  • *****
  • Karma: 71
  • Posts: 663
Re: printing user name as plain text when logged in
« Reply #5 on: February 08, 2013, 12:52:13 PM »

Fred, now that I rethink this, it may be possible.   

On successful POST submit of the login form, you still should be able to get the POSTed username - add it to a SESSION variable and keep it until the user logs out.

Psuedo code:
Code: [Select]
<?php

// sNews - whatever block this is...
if( s('user') === md5($_POST['user']) &&  s('pwrd') === md5($_POST['pwrd']) {
   
// Session = token(); blah blah

   // New code
   
$_SESSION['user'] = $_POST['user'];
}

// new func
fn getUserName() {
   return isset(
$_SESSION['user']) ? $_SESSION['user'] : false;
}

?>


Welcome <?=getUserName(); ?>

Of course untested, unapproved, and evil bunnies are not invading the New York area today....
« Last Edit: February 08, 2013, 12:54:45 PM by nukpana »
Logged

Fred K

  • Still trying to learn stuff
  • ULTIMATE member
  • ******
  • Karma: 130
  • Posts: 2728
    • Personal
Re: printing user name as plain text when logged in
« Reply #6 on: February 08, 2013, 02:51:22 PM »

Quote from: nukpana
Of course untested, unapproved, and evil bunnies are not invading the New York area today....

Yeah. First part fails because of this little'un:
if(isset($_POST['Loginform']) && !_ADMIN) {

Trying to work around that, this way:
Code: [Select]
// (after loginform block)
if($_SESSION[_SITE.'Logged_In'] && _ADMIN) {
$_SESSION['user'] = $_POST['user'];
}

...

<input ...  placeholder="'.$_SESSION['user'].'">

It does nothing, of course. Using your function getUserName in the mix doesn't produce any results either, sadly. Thanks for trying though, it was worth a shot. Hopefully no bunnies have invaded...
« Last Edit: February 08, 2013, 02:53:17 PM by Fred K »
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
Re: printing user name as plain text when logged in
« Reply #7 on: February 08, 2013, 07:46:26 PM »

This thread discussion has me wondering if we should consider using another PHP encryption function that works with a corresponding decryption function... to replace our use of MD5. We only use it for the username and password at this point - in 3 locations within snews.php so it should be relatively easy to modify those 3 locations for encryption purposes.

For encryption - mcrypt_encrypt
For decryption - mcrypt_decrypt

Do you think it's worth considering? It would solve Fred's problem, and I suspect it would be useful for encrypting/decrypting any other data one might choose to store in a database.
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

nukpana

  • Hero Member
  • *****
  • Karma: 71
  • Posts: 663
Re: printing user name as plain text when logged in
« Reply #8 on: February 08, 2013, 11:22:35 PM »

@Doug, the one way hashing is fine for the application that it is being used for.  Using you method could open up a can of worms... think about the what is being hashed again - an admin's password?
Logged

mosh

  • Hero Member
  • *****
  • Karma: 77
  • Posts: 510
  • Awesome day :)
    • cms-zen
Re: printing user name as plain text when logged in
« Reply #9 on: February 08, 2013, 11:43:46 PM »

Quote from: nukpana
Of course untested, unapproved, and evil bunnies are not invading the New York area today....

Yeah. First part fails because of this little'un:
if(isset($_POST['Loginform']) && !_ADMIN) {

Trying to work around that, this way:
Code: [Select]
// (after loginform block)
if($_SESSION[_SITE.'Logged_In'] && _ADMIN) {
$_SESSION['user'] = $_POST['user'];
}

...

<input ...  placeholder="'.$_SESSION['user'].'">

It does nothing, of course. Using your function getUserName in the mix doesn't produce any results either, sadly. Thanks for trying though, it was worth a shot. Hopefully no bunnies have invaded...


Hi,
nukpana's solution works.

on snews.php find
$_SESSION[_SITE.'Logged_In'] = token();

add after,
$_SESSION['user'] = $user;

use the function to recall the name
      // new func
      function getUserName() {
         return isset($_SESSION['user']) ? $_SESSION['user'] : false;
      }
      echo 'Welcome '.getUserName();

awesome night

Fred K

  • Still trying to learn stuff
  • ULTIMATE member
  • ******
  • Karma: 130
  • Posts: 2728
    • Personal
Re: printing user name as plain text when logged in
« Reply #10 on: February 09, 2013, 12:33:13 AM »

Well, it doesn't work in my setting and, as far as I can tell, it shouldn't work, because the first part ($_SESSION['user'] = $user;) is placed within the block that is conditioned by if(isset($_POST['Loginform']) && !_ADMIN)
and I'm trying to print the username when in _ADMIN...

And (@Doug and Jason), decrypting encrypted data is a can of worms. Which, as stated, is why I'm rethinking the whole thing. That said, if md5 isn't strong enough an encryption thingy then considering an alternative might be a good thing...y. :P
« Last Edit: February 09, 2013, 12:37:15 AM by Fred K »
Logged

nukpana

  • Hero Member
  • *****
  • Karma: 71
  • Posts: 663
Re: printing user name as plain text when logged in
« Reply #11 on: February 09, 2013, 05:29:02 AM »

Evil bunnies are falling in droves.....

This works....
Code: [Select]
<?php

if(isset($_POST['Loginform']) && !_ADMIN) {
$user checkUserPass($_POST['uname']);
$pass checkUserPass($_POST['pass']);
unset($_POST['uname'],$_POST['pass']);
// Patch #18 - 1.7.1 - revised string by KikkoMax
if (checkMathCaptcha() && md5($user) === s('username') && md5($pass) === s('password')) {
//if (md5($user) === s('username') && md5($pass) === s('password') && checkMathCaptcha()) {
$_SESSION[_SITE.'Logged_In'] = token();
// EQ
$_SESSION['user'] = $user;
notification(2,'','administration');
} else { die( notification(2,l('err_Login'),'login')); }
}
// EQ
function getUserName() {
return isset($_SESSION['user']) 
$_SESSION['user']
false;
}
if( 
getUserName() ) {
echo 'Welcome ' getUserName() .'! Evil Bunnies are falling!';
}

?>


... again, untested, unapproved, and those evil bunnies better not make me lose power...
http://usnews.nbcnews.com/_news/2013/02/08/16895255-this-is-it-mammoth-winter-storm-lashes-northeast?lite
Logged

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6019
  • Semantically Challenged
    • snews.ca
Re: printing user name as plain text when logged in
« Reply #12 on: February 09, 2013, 05:24:49 PM »

Confirmed - works OK Jason. :)
I just put the last part in index.php where I wanted it displayed... could go anywhere within the template.
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Fred K

  • Still trying to learn stuff
  • ULTIMATE member
  • ******
  • Karma: 130
  • Posts: 2728
    • Personal
Re: printing user name as plain text when logged in
« Reply #13 on: February 09, 2013, 05:47:42 PM »

Yup, now even I get it... :D
Works just fine, thanks. And yes, there are a few really nice (albeit cosmetic) uses for it.
Logged