sNews Forum

Previous sNews versions => sNews 1.3 => sNews 1.3 Mods and Addons => Topic started by: George Antoniadis on December 13, 2005, 02:41:59 pm

Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 13, 2005, 02:41:59 pm
This is the begining of a user managment mod using mysql...
I needed something like this so here goes...

Using phpMyAdmin or whatever add this table into you mysql
Code: [Select]
CREATE TABLE `users` (
  `id` int(3) unsigned NOT NULL auto_increment,
  `username` varchar(150) NOT NULL default '',
  `password` varchar(150) NOT NULL default '',
  `email` varchar(250) NOT NULL default '',
  PRIMARY KEY  (`id`),
  UNIQUE KEY `username` (`username`)
) ENGINE=MyISAM;

Find this:
Code: [Select]
function title() {and BEFORE it add:
Code: [Select]
function do_login() {
$login_username = $_POST['Username'];
$login_password = $_POST['Password'];
  $query = "SELECT * FROM " .s('prefix'). "users WHERE username = '$login_username'";
$result = mysql_query($query);
  while ($r = mysql_fetch_array($result)) {
if ($r['password'] == $login_password) {
$_SESSION['Logged_In'] = "True";
    $_SESSION['Username'] = s('username');
return true;
} else {
return false;
}
}
}

Find this:
Code: [Select]
if (md5($_POST['Username']) == s('username') && md5($_POST['Password']) == s('password')) {
$_SESSION['Logged_In'] = "True";
$_SESSION['Username'] = s('username');
}
and replace the whole thing with:
Code: [Select]
do_login();
This is it for now... Now insert some users and passwords into the mysql... :)

WARNING:
This is a very fist beta mod... Should work correctly...
The passwords are not yet md5d so they are free to anyone who has access to your mysql...
There is still no inteface to allow creationg/changes in users...

TODO:
Hashing password.
Allow users to get new password/change their passwords
Have two user levels... admin / poster... admin can create posters, but posters can't... everyone can post! :P
Maybe mod so each news post has an author?
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Patric Ahlqvist on December 13, 2005, 02:48:41 pm
Ok, I do not get a thing...but the function is neat. Might want to try this out once you have gone from beta to stable version. Is it possible for you to post when this is done and provide a download link with some "explanation for idiots.txt" ??

Patric.
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 13, 2005, 02:54:19 pm
I've rewritten quick a few lines of code due to the fact that I had to make unicode work... :/

Before posting the whole file I need to ask the author of this script to allow me to make the mods I need...
The original scripts calls one too many times the mysql connect thingie... Something that in the copy or sNews I'm working on doesn't happen...
If s/he has any objections on changing this I won't be able to post the script cause of the many differences with the original...

:) I'll do my best in any case! ;)

Ps. What thing don't you get?
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Patric Ahlqvist on December 13, 2005, 03:00:16 pm
I think HE, Luka, will say... -"Nah, thats ok"...But I agree with you. He has to say this, as it is his script.

As to what things I do not understand...Hehe, the whole codebit you posted. I'm no hardcore coder in PHP. I can barely make minor changes to it in order to make it look the way I want it to, but functionwise...I'm not to count with ;).

I get what you're doing and what use that could be to ie me, but how you do it is beyond me, as is what Luka and Albert and the others on this here site...I'm just an poor ol' designer...
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 13, 2005, 03:04:05 pm
I've been flamed quite a few times for naming he female coders so... :P hehhh~ ;)

I've just PMd luka with a whole bunch hoping he's aint gonna get pissed off~ ^_^
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Patric Ahlqvist on December 13, 2005, 03:07:55 pm
Hehe...well we do not flame eachother here... I can actually ask the most stupid q's ever and just get plain answers, so if I haven't gotten flamed here, you  won't.

Luka, won't be pissed off. He's kind of busy right now with the 1.4 version and it's upcoming release, so possibly you'll have to wait for an answer, but not pissed off...And I think you'll get the answer aswell rather swiftly...

P
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 13, 2005, 03:13:40 pm
There are just some stuff I'd REAAAAALLLLYYYY love to get to the 1.4 version so I don't have to mod every version to get unicode working! :(

After this I think we could get down and make a mod that will allow modules...
so every mod would be just one file in a directory or something like this...

Shouldn't be very difficult considering the code is so clean... :)
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Patric Ahlqvist on December 13, 2005, 03:19:32 pm
That kind of thinking is darn good...

The intention with this script is to keep it simple, neat, nice and a "one filer"...as it should, I'd might add. We do not want another MamboJambo ;). But I can imagen more addons/mod's or what ever you might call it. Certain site's crave certain slutations, hehe...solutions, I mean. Which in plain english would be something like: A mod to allow modules would be awsome !!

I have some thought's on what to do, but have no clue what so ever on how to achieve it...

Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Luka on December 13, 2005, 03:24:19 pm
I've seen the message you sent me analyzerx.

Version 1.4 that you see on Solucija.com is using a perm connection to the database, and I'm testing it to see if it'll be good enough or we'll connect to the database every time.

I'll be happy to hear to all suggestions you might have considering mods, addons and the rest of the family.

I'm just kinda busy right now with the new version and some small problems came out to the light  ;D
Since SEF url's arrived every link has to have a full path... Even the style.css in your template... I can see error reports now  ;D

The thing you're working on, the database stored users, hm.. It's a thing we could do in like an hour, but there are some things that need to be discussed. Believe me that I've given this a lot of thought and still decided to keep the username and password in the snews.php.. However, a mod would be great  ;D
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 13, 2005, 03:29:42 pm
Thoughts are perfect too~ ;)

I like that the script is only one file, (very much to be exact ;) but for example now anyone who wants to adding something,
(authors, geolocations, xml, links in the menu etc) has to mod the file...

Wouldn't be easier both for devs and users that s/he could just upload one file and be done with? :)

Luka:
Thanks for the quick reply~ ^_^

I supose that the discussions are on the "bulletproof" part you are talking about on the site? :P

If I can help beta testing and working on bugs just tell me~ ^_^ I'd be more than happy to~ :)
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Luka on December 13, 2005, 03:33:54 pm
Quote from: analyzerx
I supose that the discussions are on the "bulletproof" part you are talking about on the site? :P

Exactly. Engine vurnerabilities are being reported as much intense as Britney's boobslip, and
there are some really bad people that will make me stop working on sNews eventually.

Quote from: analyzerx
If I can help beta testing and working on bugs just tell me~ ^_^ I'd be more than happy to~ :)

Well if you have the time I could email some copies of the new engine tonight to anyone who wants
to take a test ride  ;D
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 13, 2005, 03:39:50 pm
I'll try to see how I can make this as secure as I can...
XSS and MySQL injection won't be a problem on the mod side and I'll try to see what happens with url injections and stuff and get back to you~ ^_^

Quote from: Luka
Well if you have the time I could email some copies of the new engine tonight to anyone who wants
to take a test ride  ;D

'd love to~ ^_^
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Patric Ahlqvist on December 13, 2005, 03:43:36 pm
Quote
to anyone who wants
to take a test ride

Well, now we just have to make a female kinda logo to use... As in "I would like to take her for a ride"...

Pardon my sexist approach ;)...
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 13, 2005, 05:01:34 pm
Ok, it took me a bit more than one hour but it's done now... :)
The basic at least... :P

Add edit delete users... but everyone can... It's just a couple more lines to put admin/user modes but I need to be somewhere now... :/

If anyone has any ideas on what else should be done please feel free~ ;)

(users will be able to change ONLY their password, admins can change everyone's ;)
(Passwords will be md5d so user CANOT retrieve his password... ^_^ this is for many reasons... ;)
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 13, 2005, 07:12:00 pm
http://noodles.gr/sNews/sNews_1.3_pconnect-mod+user-db/

That's a working draft... login with admin/admin :)
I'm working on the admin/user modes now...

You can find the modded version in:
http://noodles.gr/sNews/sNews_1.3_pconnect-mod+user-db/snews_php.txt
I'll update it every time it's stable ;)
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: bryn on December 13, 2005, 07:23:35 pm
nice work mate! it'll be interesting to see how this develops..I'll be watching for sure ;)
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 13, 2005, 07:44:04 pm
http://noodles.gr/sNews/sNews_1.3_pconnect-mod+user-db/

Ok... that's more like it... :) user modes are on and working...
admin/admin is the admin
test/test is just a user...

^_^
try create a user with admin and then login with it, and change the password... :)
admins can VIEW and EDIT all users and admin accounts...

I need some help... should the admin be able to create more admins? :/// or not?
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: bryn on December 13, 2005, 10:04:21 pm
maybe you could distinguish between Admins and SuperAdmins..the latter would have the ability to create Admins and Users..while Admins could only create Users? :)

I don't think Admins should be able to view, edit, or delete other Admin accounts..just my opinion ;D
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 14, 2005, 12:51:24 am
Quote from: bryn
maybe you could distinguish between Admins and SuperAdmins..the latter would have the ability to create Admins and Users..while Admins could only create Users? :)

I don't think Admins should be able to view, edit, or delete other Admin accounts..just my opinion ;D

niiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiceeeeeeee~ ^_^
Thanks I'll do that~ :>

[edit] a question... Any reasons why admins should be able to see passwords?
I want to md5 the password so admins and users can only create new ones instead of admins being able to view the user's password...
So I'm wondering if I should make an option for md5 or plain text password... :/ opinions on that?
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: albert on December 14, 2005, 08:48:02 am
Hi

Just like to say good job with the login script, Luka will be happy.

ref the admin.

May be with SuperAdmin/ owner of the News  only he/she can see the  passwords. text password view.
But just Admin and users will not be able to see them. so md5.

Then there is what you would like them to do as well with sNews.(Admin and users) Not SuperAdmin
add aritical Yes No
dell aritical Yes No
dell comments Yes No


Albert
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on December 14, 2005, 05:23:58 pm
Albert thanks for a nice reply~ :)

Quote from: albert
May be with SuperAdmin/ owner of the News  only he/she can see the  passwords. text password view.
But just Admin and users will not be able to see them. so md5.

The thing is that md5 can't be reversed so it's either plain text or hashed...
Unless I include a two way encrption with a key... but it's just strain on the script...

Quote from: albert
Then there is what you would like them to do as well with sNews.(Admin and users) Not SuperAdmin
add aritical Yes No
dell aritical Yes No
dell comments Yes No

Ok so that's the way we are going~ ^_^
One more question... Should the super admin's username/password be hardcoded in the php file? like Luka has it now? Or mysql again?

This is very simple to do in any case... I've added a $_SESSION['Mode'] which can be "Admin", "User", SuperAdmin"... so in any place we need to check who can do something we just include this...

I'll probably wait a 1-2 days for 1.4 to come out (fingers crossed~ ^_^) cause I remember something about the 15th? :/ (or am I wrong?)
So I don't have to change the whooooole thing from scratch~ :)
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: albert on December 14, 2005, 05:31:20 pm
Hi analyzerx

Yah wait for 1.4 is out 1st then we can see how luka has coded  sNews 1.4.

i have some more designs to add too as well, so I wll wait...

Albert
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Jochum Meester on January 19, 2006, 12:42:07 pm
Not sure if I should've brought this back up, but I'd like to know if 1.4/2.0 supports multiple users. Is this also the idea behind this topic? Or is this topic about one user logging in using sql?
Anyway, I'd really like the possibility of multiple users.
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on January 19, 2006, 01:53:05 pm
This topic is for a mod that allows snews to have multiple users stored in mysql to login...
there is nothing said for native support in 1.4 for mysql users or multiple users.... :)

this mod is paused until 1.4 is released! :P
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Patric Ahlqvist on January 21, 2006, 11:49:10 am
but a great one it is ;). Hope it'll come to be a fact. I'll have use for it for sure.
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on January 26, 2006, 08:50:32 pm
this should be ready 2-3 days after the RC release of 1.4...
I've done some work on it on storing salted cookies, session managment, password retrieval etc...
User modes (root, moderator, author, user)
~root can add/edit/del users/posts/comments, mod can edit/del/add posts/comments, author can add/edit his comments/posts.
User will be used if users have to register to post comments...
Comment access

and I'm working in reading access...

this might not be nesesery for most ppl so it will come in 3 versions with features that one can upgrade between...! ^_^
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on January 26, 2006, 09:30:59 pm
this mod listed here is old and crappy! :P sorry about that! ^_^
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on February 06, 2006, 03:26:51 pm
hopefully 1.4 will be released this week... after the release add 1-2 days! ^_^
I'll PM you once it's done ok? ;)

just enable your mail notifications for pms
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: bryn on February 06, 2006, 07:47:02 pm
could you let us all know here 'a' please..this is something I'd like to play with or test also..and I'm sure others also..if you don't mind ;)
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Jochum Meester on February 16, 2006, 12:24:51 am
*Bump*
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Patric Ahlqvist on February 16, 2006, 07:56:00 am
Analyzerx is tied up for the moment...He's becomng a "constructor" ;)...He is building a house at this time, so he's not entirly available for sNews work...

He will come back later...
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Jochum Meester on February 16, 2006, 10:00:19 am
Ah ok. Good for you, A! Will it be your own house or for someone else?
Does anyone else feel like giving it a try? :P I'd really like this function. I'll look into some code myself, and also check some free-script sites to see if they have something to offer.
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Patric Ahlqvist on February 16, 2006, 10:29:16 am
Quote
just enable your mail notifications for pms

Whohaaaa, that is very funny if you're swedish. PMS stands for Pre Menstrual Disturbencies (Pre Menstruella Störningar) you know that temper a woman can have when she's having her period. Hehe
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: Patrik on February 16, 2006, 10:32:59 am
Haha, wonderfull.. :) Long live PMS! :D

(or not)
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: bryn on February 16, 2006, 07:55:49 pm
Quote from: Patric
Quote
just enable your mail notifications for pms

Whohaaaa, that is very funny if you're swedish. PMS stands for Pre Menstrual Disturbencies (Pre Menstruella Störningar) you know that temper a woman can have when she's having her period. Hehe

;D ;D ;D..do we ever!
Title: [MOD] User login using mysql mod. sNews 1.3
Post by: George Antoniadis on March 11, 2006, 07:19:00 pm
This mod is outdated and not complete. this topic is locked until a new version is out.