"Not active" in Login Admin file allowing access

Issues related to the Login tools of WYSIWYG Web Builder.
Forum rules
PLEASE READ THE FORUM RULES BEFORE YOU POST:
viewtopic.php?f=12&t=1901

MUST READ:
http://www.wysiwygwebbuilder.com/login_basics.html
http://www.wysiwygwebbuilder.com/login_tools.html

TIP:
A lot of information about the login tools can be found in the help/manual.
Also checkout the demo template that is include with the software.
Post Reply
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

"Not active" in Login Admin file allowing access

Post by trenoweth »

Hello,

I am using the login script and have just realised that instead of going to the error page, a "Not active" login is allowing access in the same way as an "Active" one. I've puzzled over this for ages, please tell me where I'm going wrong.

I have copied the existing files across to a dummy login, which is at http://www.trenoweth.co.uk/Test/Login/login.php

file name : login.php

User name is: Logintest and p/w is: test
************************************************************************************************************************

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['form_name']) && $_POST['form_name'] == 'loginform')
{
$success_page = 'http://www.trenoweth.co.uk/Test/logintest.html';
$error_page = 'http://www.trenoweth.co.uk/Test/Login/loginfail.php';
$database = '../usersdb.php';
$crypt_pass = md5($_POST['password']);
$found = false;
$fullname = '';
$session_timeout = 600;
if(filesize($database) > 0)
{
$items = file($database, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach($items as $line)
{
list($username, $password, $email, $name, $active) = explode('|', trim($line));
if ($username == $_POST['username'] && $active != "0" && $password == $crypt_pass)
{
$found = true;
$fullname = $name;
}
}
}
if($found == false)
{
header('Location: '.$error_page);
exit;
}
else
{
if (session_id() == "")
{
session_start();
}
$_SESSION['username'] = $_POST['username'];
$_SESSION['fullname'] = $fullname;
$_SESSION['expires_by'] = time() + $session_timeout;
$_SESSION['expires_timeout'] = $session_timeout;
header('Location: '.$success_page);
exit;
}
}
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$password = isset($_COOKIE['password']) ? $_COOKIE['password'] : '';
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>-</title>
<link href="login.css" rel="stylesheet">
</head>
<body>
<blockquote>
<p>Please remember that your user name and password are case sensitive - if a character is in the
incorrect case you&#39;ll simply be returned to this screen.</p>

</blockquote>
<div id="wb_Login1" style="position:absolute;left:150px;top:200px;width:300px;height:214px;z-index:0;">
<form name="loginform" method="post" accept-charset="UTF-8" action="<?php echo basename(__FILE__); ?>" id="loginform">
<input type="hidden" name="form_name" value="loginform">
<table id="Login1">
<tr>
<td class="header">Log In</td>
</tr>
<tr>
<td class="label"><label for="username">User Name</label></td>
</tr>
<tr>
<td class="row"><input class="input" name="username" type="text" id="username" value="<?php echo $username; ?>"></td>
</tr>
<tr>
<td class="label"><label for="password">Password</label></td>
</tr>
<tr>
<td class="row"><input class="input" name="password" type="password" id="password" value="<?php echo $password; ?>"></td>
</tr>
<tr>
<td style="text-align:center;vertical-align:bottom"><input class="button" type="submit" name="login" value="Log In" id="login"></td>
</tr>
</table>
</form>
</div>
</body>
</html>
************************************************************************************************************************
file name: loginfail.php

The same as above but with a message that either User name or Password was incorrect. This ought to show when the Login is set to "not active" (as it is at present) but instead it goes the the success file, logintest.html
************************************************************************************************************************
file name: http://www.trenoweth.co.uk/Test/logintest.html

A basic file advising successful login.
************************************************************************************************************************
admin file: http://www.trenoweth.co.uk/Test/LoginAdmin.php

P/w for this is: test2018
************************************************************************************************************************
User avatar
Pablo
 
Posts: 21508
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo »

There is a problem with the database. It has one '|' too many.
How was this database created?
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

Hello Pablo,

Many thanks for the reply, which I really struggled to find but can now see.

Right, but which '|' is the additional one please?

I have just created fictitious logins using the "Create new user" link on the Admin page which has exactly the same problem. I haven't edited the script at all, this is exactly as it is on the server:

usersdb.php file is:

Logintest|098f6bcd4621d373cade4e832627b4f6||||0|NA
Freddie|098f6bcd4621d373cade4e832627b4f6|fred@hisemail.com|Fred|Flintstone|0|NA
Barney|098f6bcd4621d373cade4e832627b4f6|barney@hisemail.com|Barney|Rubble|0|NA

Login is at: http://www.trenoweth.co.uk/Test/Login/login.php
All passwords are test
Admin is at: http://www.trenoweth.co.uk/Test/LoginAdmin.php
Password is test2018
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

I have just spent quite some time removing a '|' one at a time, testing, then restoring it when it didn't help, but I always found a non active login went through to the success page.
User avatar
Pablo
 
Posts: 21508
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo »

Your admin looks different than the standard script. There is an extra column 'surname'.
Did you add this yourself?
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

Yes, I added it so that the database may be sorted into alphabetical order by surname.

I've also been trying to set up a completely new login script starting from scratch using WB14 (the previous one above was originally written on WB11) but I don't seem to be able to get anywhere with LoginAdmin.

It generates an HTML file, has no link that I can see for the usersdb.php file, is already populated with a number of names starting with yours that cannot be edited nor deleted. Nor do the New User and Logout buttons work, so I presume this is just a demo page?
User avatar
Pablo
 
Posts: 21508
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo »

Yes, I added it so that the database may be sorted into alphabetical order by surname.
That is what causing the extra '|' in the user database, which makes it invalid for the other scripts.
It generates an HTML file, has no link that I can see for the usersdb.php file, is already populated with a number of names starting with yours that cannot be edited nor deleted. Nor do the New User and Logout buttons work, so I presume this is just a demo page?
Are you using the latest update?
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

In my efforts to resolve the extra '|' problem I took the surnames right out of the equation so I was left with just the original five columns, but the problem was still there.
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

Are you using the latest update?
As I have mentioned, the script was originally written with WB11 though I think it has also been through WB12. I do now have the latest WB14 and haven't been able to produce a working LoginAdmin page from it. Just the HTML file with the pre-populated names that cannot be edited.
User avatar
Pablo
 
Posts: 21508
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo »

Are you using the latest update: version 14.0.4?
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

I downloaded it on 4th June, which says it is Version 14 (May 7 2018)
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

But isn't this rather irrelevant? I should be able to add a new field providing it is added everywhere, in the sign-up and the admin scripts?
User avatar
Pablo
 
Posts: 21508
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo »

But isn't this rather irrelevant?
It is very relevant, because the latest update has many improvements. Including fixes in the login admin.
I should be able to add a new field providing it is added everywhere, in the sign-up and the admin scripts?
No, you cannot just add new fields everywhere. The database has a defined structure, if you add extra fields then this will affect all login tools. So, if you modify the admin script then you also need to update the other scripts.
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

Which I did. The added file in the Admin page was also added to the sign-up page. I think I'm correct in saying that the other files (login, password reminder) are not affected as they don't use the additional field.

If I write new scripts for the main files will I be able to use the existing LoginAdmin? I wouldn't have thought so but as the presnt version doesn't seem to produce one how to go forward?
User avatar
Pablo
 
Posts: 21508
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo »

Adding extra fields between the existing fields will affect the other tools.
For example, the login script expects the 5th parameter to be the 'active' field.

You will not have this problem if you use a MySQL database because then the field order does not matter.
but as the presnt version doesn't seem to produce one how to go forward?
Please make sure you have version 14.0.4, then the admin script will work the same as before.
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

So if I rearrange it so that the active field is number five, that should resolve things?

I do still have active as 5, though starting with 0 that probably means it is really 6

This is my amended coding:

$values = explode('|', trim($line));

$values[0] = $_POST['login'];

if (!empty($_POST['password']))

{

$values[1] = md5($_POST['password']);

}

$values[2] = $_POST['email'];

$values[3] = $_POST['firstname'];

$values[4] = $_POST['surname'];

$values[5] = $_POST['active'];

With corresponding amendment elsewhere.

Would simply moving the active field work so that, for example, I have (1) User name,(2) First name, (3) Surname, (4) Email, (5) Active with the hidden password field for the sixth one?

You have asked which version I have, but where is that shown? As I have said I downloaded it on 4th June, but these files were already in existence then. When I look at the About tab it just has Version 14 (May 7 2018), as here.
Image

Anyway, these files were produced in an earlier version.
User avatar
Pablo
 
Posts: 21508
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo »

So if I rearrange it so that the active field is number five, that should resolve things?
Correct
Would simply moving the active field work so that, for example, I have (1) User name,(2) First name, (3) Surname, (4) Email, (5) Active with the hidden password field for the sixth one?
All standard fields need to be in their original position, extra fields should be added at the end of the line.
When I look at the About tab it just has Version 14 (May 7 2018), as here.
This is not the most recent version. Please install the latest update.
https://www.wysiwygwebbuilder.com/forum ... um.php?f=1
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

This is not the most recent version
Well, it is what I downloaded this very week!
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

Is this 14.0.4 an update or a new paid-for program? It's only just over two months since I last paid you for an upgrade!
User avatar
Pablo
 
Posts: 21508
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo »

If you have a license for version 14.x then all updates for this version are free.
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

I have, thank goodness!
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Edit problem in Login Admin file

Post by trenoweth »

Now I have another problem! Using v14.0.4 and writing completely new files without any additional field added the program works alright as far as signing-up and using the admin page are concerned, also the active/not active function. But when I click on edit I can see that a new sign-up is denoted as an Administrator. Changing that to 'Member' or 'Guest' and saving doesn't, in fact, have any effect as when checking the edit box again it is still showing 'Administrator'.
User avatar
Pablo
 
Posts: 21508
Joined: Sun Mar 28, 2004 12:00 pm
Location: Europe
Contact:

Re: "Not active" in Login Admin file allowing access

Post by Pablo »

User roles and avatars in WWB14 only work with MySQL database. This functionality was not designed to be used with flat database.
trenoweth
 
 
Posts: 20
Joined: Mon Feb 08, 2016 10:42 pm
Location: Punganui, New Zealand

Re: "Not active" in Login Admin file allowing access

Post by trenoweth »

Ah, right, well ... I don't really require the roles so that's not a problem for me. Thanks.

Better have a look at MySQL when I have a moment though.
Post Reply