Website Membership 1.06 Released!

17 posts by 7 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: March 15, 2012   (RSS)

Re: [camjessie] Website Membership 1.06 Released!

By Jason - December 22, 2011

Hi,

The best approach would be to create those fields in your new section, this way you won't need to customize any code.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By Djulia - February 22, 2012 - edited: February 22, 2012

Hi Dave,

Is there a change with the use of the sessions (1.07) ?
It is impossible to check a value of session if no user is connected.
I do not have any problem if I use the version 1.03 (or if I deactivate the plugin).
The sessions are removed or encoded?
It is more possible to use a captcha for example.

I attached an example if you wish to check.

Thanks! :)
Djulia

Attachments:

check_sessions.php 2K

By Djulia - February 22, 2012 - edited: February 22, 2012

Hi Dave,

I found the origin of the problem.
In the file lib/login_functions.php, I commented on lines 88-89.
That functions again. The values of sessions are preserved.
But, it is more possible to close the session of a user.

It would be possible to destroy the specified variables:
unset($_SESSION['username']);
unset($_SESSION['passwordHash']);

Do you think that there is an official solution?

Thanks again! :)
Djulia

By Djulia - February 23, 2012

Hi Dave,

I think that it is simpler to modify the plugin.

Line 96 in websiteM(...).php.
//user_eraseLoginSession();
unset($_SESSION['username']);
unset($_SESSION['passwordHash']);

Thus, the lib file is not modified.

That seems to function correctly. My values of sessions are preserved and the user can disconnect himself without problem.

Your opinion?

Thanks! :)

Djulia

Re: [Djulia] Website Membership 1.06 Released!

By Dave - February 29, 2012

Hi Djulia,

Sorry for the delay. That seems like a workable fix.

I think what I'd like to do longer term is move the current users keys to a unique key under $_SESSION such as $_SESSION['cmsb'] to make it unlikely they will get overwritten by another script.

I have to be careful with those, though, as they require a lot of testing and updates to the flash uploader and other code.

Let me know if your solution will work for now or if you need an update for the next release. Thanks!
Dave Edis - Senior Developer
interactivetools.com

By Djulia - March 15, 2012

Hi Dave,

>I think that it is simpler to modify the plugin.
>Line 96 in websiteM(...).php.
>//user_eraseLoginSession();
>unset($_SESSION['username']);
>unset($_SESSION['passwordHash']);

No problem after several days of use.
I think that it is a correct solution.

Thanks!

Djulia