sNews Forum
Previous sNews versions => sNews 1.3 => sNews 1.3 Mods and Addons => Topic started by: George Antoniadis on December 13, 2005, 02:41:59 pm
-
This is the begining of a user managment mod using mysql...
I needed something like this so here goes...
Using phpMyAdmin or whatever add this table into you mysql
CREATE TABLE `users` (
`id` int(3) unsigned NOT NULL auto_increment,
`username` varchar(150) NOT NULL default '',
`password` varchar(150) NOT NULL default '',
`email` varchar(250) NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `username` (`username`)
) ENGINE=MyISAM;
Find this:
function title() {and BEFORE it add:
function do_login() {
$login_username = $_POST['Username'];
$login_password = $_POST['Password'];
$query = "SELECT * FROM " .s('prefix'). "users WHERE username = '$login_username'";
$result = mysql_query($query);
while ($r = mysql_fetch_array($result)) {
if ($r['password'] == $login_password) {
$_SESSION['Logged_In'] = "True";
$_SESSION['Username'] = s('username');
return true;
} else {
return false;
}
}
}
Find this:
if (md5($_POST['Username']) == s('username') && md5($_POST['Password']) == s('password')) {
$_SESSION['Logged_In'] = "True";
$_SESSION['Username'] = s('username');
}
and replace the whole thing with:
do_login();
This is it for now... Now insert some users and passwords into the mysql... :)
WARNING:
This is a very fist beta mod... Should work correctly...
The passwords are not yet md5d so they are free to anyone who has access to your mysql...
There is still no inteface to allow creationg/changes in users...
TODO:
Hashing password.
Allow users to get new password/change their passwords
Have two user levels... admin / poster... admin can create posters, but posters can't... everyone can post! :P
Maybe mod so each news post has an author?
-
Ok, I do not get a thing...but the function is neat. Might want to try this out once you have gone from beta to stable version. Is it possible for you to post when this is done and provide a download link with some "explanation for idiots.txt" ??
Patric.
-
I've rewritten quick a few lines of code due to the fact that I had to make unicode work... :/
Before posting the whole file I need to ask the author of this script to allow me to make the mods I need...
The original scripts calls one too many times the mysql connect thingie... Something that in the copy or sNews I'm working on doesn't happen...
If s/he has any objections on changing this I won't be able to post the script cause of the many differences with the original...
:) I'll do my best in any case! ;)
Ps. What thing don't you get?
-
I think HE, Luka, will say... -"Nah, thats ok"...But I agree with you. He has to say this, as it is his script.
As to what things I do not understand...Hehe, the whole codebit you posted. I'm no hardcore coder in PHP. I can barely make minor changes to it in order to make it look the way I want it to, but functionwise...I'm not to count with ;).
I get what you're doing and what use that could be to ie me, but how you do it is beyond me, as is what Luka and Albert and the others on this here site...I'm just an poor ol' designer...
-
I've been flamed quite a few times for naming he female coders so... :P hehhh~ ;)
I've just PMd luka with a whole bunch hoping he's aint gonna get pissed off~ ^_^
-
Hehe...well we do not flame eachother here... I can actually ask the most stupid q's ever and just get plain answers, so if I haven't gotten flamed here, you won't.
Luka, won't be pissed off. He's kind of busy right now with the 1.4 version and it's upcoming release, so possibly you'll have to wait for an answer, but not pissed off...And I think you'll get the answer aswell rather swiftly...
P
-
There are just some stuff I'd REAAAAALLLLYYYY love to get to the 1.4 version so I don't have to mod every version to get unicode working! :(
After this I think we could get down and make a mod that will allow modules...
so every mod would be just one file in a directory or something like this...
Shouldn't be very difficult considering the code is so clean... :)
-
That kind of thinking is darn good...
The intention with this script is to keep it simple, neat, nice and a "one filer"...as it should, I'd might add. We do not want another MamboJambo ;). But I can imagen more addons/mod's or what ever you might call it. Certain site's crave certain slutations, hehe...solutions, I mean. Which in plain english would be something like: A mod to allow modules would be awsome !!
I have some thought's on what to do, but have no clue what so ever on how to achieve it...
-
I've seen the message you sent me analyzerx.
Version 1.4 that you see on Solucija.com is using a perm connection to the database, and I'm testing it to see if it'll be good enough or we'll connect to the database every time.
I'll be happy to hear to all suggestions you might have considering mods, addons and the rest of the family.
I'm just kinda busy right now with the new version and some small problems came out to the light ;D
Since SEF url's arrived every link has to have a full path... Even the style.css in your template... I can see error reports now ;D
The thing you're working on, the database stored users, hm.. It's a thing we could do in like an hour, but there are some things that need to be discussed. Believe me that I've given this a lot of thought and still decided to keep the username and password in the snews.php.. However, a mod would be great ;D
-
Thoughts are perfect too~ ;)
I like that the script is only one file, (very much to be exact ;) but for example now anyone who wants to adding something,
(authors, geolocations, xml, links in the menu etc) has to mod the file...
Wouldn't be easier both for devs and users that s/he could just upload one file and be done with? :)
Luka:
Thanks for the quick reply~ ^_^
I supose that the discussions are on the "bulletproof" part you are talking about on the site? :P
If I can help beta testing and working on bugs just tell me~ ^_^ I'd be more than happy to~ :)
-
I supose that the discussions are on the "bulletproof" part you are talking about on the site? :P
Exactly. Engine vurnerabilities are being reported as much intense as Britney's boobslip, and
there are some really bad people that will make me stop working on sNews eventually.
If I can help beta testing and working on bugs just tell me~ ^_^ I'd be more than happy to~ :)
Well if you have the time I could email some copies of the new engine tonight to anyone who wants
to take a test ride ;D
-
I'll try to see how I can make this as secure as I can...
XSS and MySQL injection won't be a problem on the mod side and I'll try to see what happens with url injections and stuff and get back to you~ ^_^
Well if you have the time I could email some copies of the new engine tonight to anyone who wants
to take a test ride ;D
'd love to~ ^_^
-
to anyone who wants
to take a test ride
Well, now we just have to make a female kinda logo to use... As in "I would like to take her for a ride"...
Pardon my sexist approach ;)...
-
Ok, it took me a bit more than one hour but it's done now... :)
The basic at least... :P
Add edit delete users... but everyone can... It's just a couple more lines to put admin/user modes but I need to be somewhere now... :/
If anyone has any ideas on what else should be done please feel free~ ;)
(users will be able to change ONLY their password, admins can change everyone's ;)
(Passwords will be md5d so user CANOT retrieve his password... ^_^ this is for many reasons... ;)
-
http://noodles.gr/sNews/sNews_1.3_pconnect-mod+user-db/
That's a working draft... login with admin/admin :)
I'm working on the admin/user modes now...
You can find the modded version in:
http://noodles.gr/sNews/sNews_1.3_pconnect-mod+user-db/snews_php.txt
I'll update it every time it's stable ;)
-
nice work mate! it'll be interesting to see how this develops..I'll be watching for sure ;)
-
http://noodles.gr/sNews/sNews_1.3_pconnect-mod+user-db/
Ok... that's more like it... :) user modes are on and working...
admin/admin is the admin
test/test is just a user...
^_^
try create a user with admin and then login with it, and change the password... :)
admins can VIEW and EDIT all users and admin accounts...
I need some help... should the admin be able to create more admins? :/// or not?
-
maybe you could distinguish between Admins and SuperAdmins..the latter would have the ability to create Admins and Users..while Admins could only create Users? :)
I don't think Admins should be able to view, edit, or delete other Admin accounts..just my opinion ;D
-
maybe you could distinguish between Admins and SuperAdmins..the latter would have the ability to create Admins and Users..while Admins could only create Users? :)
I don't think Admins should be able to view, edit, or delete other Admin accounts..just my opinion ;D
niiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiceeeeeeee~ ^_^
Thanks I'll do that~ :>
[edit] a question... Any reasons why admins should be able to see passwords?
I want to md5 the password so admins and users can only create new ones instead of admins being able to view the user's password...
So I'm wondering if I should make an option for md5 or plain text password... :/ opinions on that?
-
Hi
Just like to say good job with the login script, Luka will be happy.
ref the admin.
May be with SuperAdmin/ owner of the News only he/she can see the passwords. text password view.
But just Admin and users will not be able to see them. so md5.
Then there is what you would like them to do as well with sNews.(Admin and users) Not SuperAdmin
add aritical Yes No
dell aritical Yes No
dell comments Yes No
Albert
-
Albert thanks for a nice reply~ :)
May be with SuperAdmin/ owner of the News only he/she can see the passwords. text password view.
But just Admin and users will not be able to see them. so md5.
The thing is that md5 can't be reversed so it's either plain text or hashed...
Unless I include a two way encrption with a key... but it's just strain on the script...
Then there is what you would like them to do as well with sNews.(Admin and users) Not SuperAdmin
add aritical Yes No
dell aritical Yes No
dell comments Yes No
Ok so that's the way we are going~ ^_^
One more question... Should the super admin's username/password be hardcoded in the php file? like Luka has it now? Or mysql again?
This is very simple to do in any case... I've added a $_SESSION['Mode'] which can be "Admin", "User", SuperAdmin"... so in any place we need to check who can do something we just include this...
I'll probably wait a 1-2 days for 1.4 to come out (fingers crossed~ ^_^) cause I remember something about the 15th? :/ (or am I wrong?)
So I don't have to change the whooooole thing from scratch~ :)
-
Hi analyzerx
Yah wait for 1.4 is out 1st then we can see how luka has coded sNews 1.4.
i have some more designs to add too as well, so I wll wait...
Albert
-
Not sure if I should've brought this back up, but I'd like to know if 1.4/2.0 supports multiple users. Is this also the idea behind this topic? Or is this topic about one user logging in using sql?
Anyway, I'd really like the possibility of multiple users.
-
This topic is for a mod that allows snews to have multiple users stored in mysql to login...
there is nothing said for native support in 1.4 for mysql users or multiple users.... :)
this mod is paused until 1.4 is released! :P
-
but a great one it is ;). Hope it'll come to be a fact. I'll have use for it for sure.
-
this should be ready 2-3 days after the RC release of 1.4...
I've done some work on it on storing salted cookies, session managment, password retrieval etc...
User modes (root, moderator, author, user)
~root can add/edit/del users/posts/comments, mod can edit/del/add posts/comments, author can add/edit his comments/posts.
User will be used if users have to register to post comments...
Comment access
and I'm working in reading access...
this might not be nesesery for most ppl so it will come in 3 versions with features that one can upgrade between...! ^_^
-
this mod listed here is old and crappy! :P sorry about that! ^_^
-
hopefully 1.4 will be released this week... after the release add 1-2 days! ^_^
I'll PM you once it's done ok? ;)
just enable your mail notifications for pms
-
could you let us all know here 'a' please..this is something I'd like to play with or test also..and I'm sure others also..if you don't mind ;)
-
*Bump*
-
Analyzerx is tied up for the moment...He's becomng a "constructor" ;)...He is building a house at this time, so he's not entirly available for sNews work...
He will come back later...
-
Ah ok. Good for you, A! Will it be your own house or for someone else?
Does anyone else feel like giving it a try? :P I'd really like this function. I'll look into some code myself, and also check some free-script sites to see if they have something to offer.
-
just enable your mail notifications for pms
Whohaaaa, that is very funny if you're swedish. PMS stands for Pre Menstrual Disturbencies (Pre Menstruella Störningar) you know that temper a woman can have when she's having her period. Hehe
-
Haha, wonderfull.. :) Long live PMS! :D
(or not)
-
just enable your mail notifications for pms
Whohaaaa, that is very funny if you're swedish. PMS stands for Pre Menstrual Disturbencies (Pre Menstruella Störningar) you know that temper a woman can have when she's having her period. Hehe
;D ;D ;D..do we ever!
-
This mod is outdated and not complete. this topic is locked until a new version is out.