Problem with environment and autologin cookie

[Iván Gutiérrez]

Hi everybody,

Recently I started working with this class and it's very powerful. But on release 0.96 I've found some issues/mistakes/or available improvements.

First, I can´t get working in way of being able to register a user, because model was incorrect, some column was missing. The problem was inside the bd creation script, because there are two distinct files, one in root folder (the bad) and one in demo/install folder (the good). Recreating the users table with the good script solve the problem.

Next, I cant' get working autologin, because no cookie are registered when login finish successful and auto option is passed as true. This problem occurs when you run your site on a host that includes the port number (ex: in my case 127.0.0.1:81), and when your opt cookie_host value is set to false. This causes that when you want to set the cookie, the value was taken from the server variable http_host ($_SERVER['HTTP_HOST']). I replaced it with the variable server_name ($_SERVER['SERVER_NAME']) and works for me fine.

Finally, in setcookie method I made some minor changes. The code:

protected function setCookie(){

if($this->pass and $this->id){

$cookied = false;

$code = $this->make_hash($this->id,$this->pass);

if(!$this->opt['cookie_host'])

$this->opt['cookie_host'] = $_SERVER['SERVER_NAME'];

if(!headers_sent()){

//echo "PHP";

$cookied = setcookie($this->opt['cookie_name'],$code,strtotime($this->opt['cookie_time']),

$this->opt['cookie_path'],$this->opt['cookie_host']);

}else{

//Headers have been sent use JavaScript to set cookie

$time = intval($this->opt['cookie_time']);

echo "<script>";

echo '

 function setCookie(c_name,value,expiredays){

var exdate=new Date();

exdate.setDate(exdate.getDate()+expiredays);

document.cookie=c_name+ "=" +escape(value)+((expiredays==null) ? "" : "; expires="+exdate.toUTCString()); path=escape("'.

$this->opt["cookie_path"].'");

 }

';

echo "setCookie('{$this->opt['cookie_name']}','{$code}',{$time})";

echo "</script>";

$cookied = true;

}

if ($cookied)

$this->report("Cookies have been updated for auto login");

else

$this->error("Cookies haven't been updated for auto login");

}else{

$this->error("Info required to set the cookie {$this->opt['cookie_name']} is not available");

}

}

I hope you found this information useful.

 See you

[Pablo Tejada]

Hi,
I don't the setCookie() has been modified lately. Like you mentioned you will have the cookie issue on the dev environment which i think you can compensate without altering the source by simply adding the server HTTP_NAME to  opt[cookie_host] instead of false.

And as for the SQL script discrepancy i'll look into it, i thought the two script only differed on the group_id column.

Thanks for your input, and if you find any other enhancement or suggestions, feel free to fork and send a pull request on GitHub

--
Project's home page http://ptejada.com/projects/uFlex/
---
You received this message because you are subscribed to the Google Groups "uFlex" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uflex+un...@googlegroups.com.
To post to this group, send email to uf...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/uflex/1de9f4cb-8d33-4225-bc23-c7f10faebbd6%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Iván Gutiérrez]

Hi,

Yes, I can change the opt[cookie_host] value to get it working in my environment. The sample I mentioned is not my dev environment, was only an example, but my host is http://www.domain.com:9072, and don't works either. Yes again, I can change the value opt[cookie_host] from false to my server name.

However, I considered it as a issue/improvement because this can be a common problem, and knowing that php setcookie method don't accept this and don't return error, I think that my solution offers a clearly way to get it working in all the servers and all possible configurations without doing no more.

Another workaround is clear the port from the host address in all cases, but in my opinión is less clean.

With this problem, I've wasted a lot of time on my work. Maybe you should reconsider.

About the database script problem, at least the last_name and first_name columns are not included in the root folder file script.

[Pablo Tejada]

After further reading/research on the subject of HTTP_HOST vs SERVER_NAME apparently SERVER_NAME is more reliable. Do you want to submit a pull request or should i make the change?

To view this discussion on the web visit https://groups.google.com/d/msgid/uflex/eb43f4d7-a777-49fd-91b6-47d6474fb1bb%40googlegroups.com.

[Iván Gutiérrez]

I've never used github and regrettably now I don't have time to get me up to date with the documentation. It's best that you make the change.

You shoul reconsider store the result of setcookie method, as I show in my snippet. This call can fail and no trace message was stored on console.

Thansk for your consideration

[Pablo]

Commit:

https://github.com/ptejada/uFlex/commit/06788520f0dc79b6e62869e3c9ee3bc23b310982