Website Membership 1.06 Released!

17 posts by 7 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: March 15, 2012   (RSS)

So if I specify a different table for WSM_ACCOUNTS_TABLE then do I need to add all the fields that the accounts table has (expiresDate,neverExpires,etc…) to that new table? If not where do I edit it so I don't get the MYSQL errors searching for those specific fields but don't mess anything else up?

By Djulia - February 22, 2012 - edited: February 22, 2012

Hi Dave,

Is there a change with the use of the sessions (1.07) ?
It is impossible to check a value of session if no user is connected.
I do not have any problem if I use the version 1.03 (or if I deactivate the plugin).
The sessions are removed or encoded?
It is more possible to use a captcha for example.

I attached an example if you wish to check.

Thanks! :)
Djulia

Attachments:

check_sessions.php 2K

By Djulia - February 22, 2012 - edited: February 22, 2012

Hi Dave,

I found the origin of the problem.
In the file lib/login_functions.php, I commented on lines 88-89.
That functions again. The values of sessions are preserved.
But, it is more possible to close the session of a user.

It would be possible to destroy the specified variables:
unset($_SESSION['username']);
unset($_SESSION['passwordHash']);

Do you think that there is an official solution?

Thanks again! :)
Djulia

By Djulia - February 23, 2012

Hi Dave,

I think that it is simpler to modify the plugin.

Line 96 in websiteM(...).php.
//user_eraseLoginSession();
unset($_SESSION['username']);
unset($_SESSION['passwordHash']);

Thus, the lib file is not modified.

That seems to function correctly. My values of sessions are preserved and the user can disconnect himself without problem.

Your opinion?

Thanks! :)

Djulia

Re: [Djulia] Website Membership 1.06 Released!

By Dave - February 29, 2012

Hi Djulia,

Sorry for the delay. That seems like a workable fix.

I think what I'd like to do longer term is move the current users keys to a unique key under $_SESSION such as $_SESSION['cmsb'] to make it unlikely they will get overwritten by another script.

I have to be careful with those, though, as they require a lot of testing and updates to the flash uploader and other code.

Let me know if your solution will work for now or if you need an update for the next release. Thanks!
Dave Edis - Senior Developer
interactivetools.com

By Djulia - March 15, 2012

Hi Dave,

>I think that it is simpler to modify the plugin.
>Line 96 in websiteM(...).php.
>//user_eraseLoginSession();
>unset($_SESSION['username']);
>unset($_SESSION['passwordHash']);

No problem after several days of use.
I think that it is a correct solution.

Thanks!

Djulia