Module: Remember Username
Posted by Maurice Makaay
All files from this thread
File Name | File Size | Posted by | Date | ||
---|---|---|---|---|---|
remember_username-1.1.0.tar.gz | 1.2 KB | open | download | Maurice Makaay | 05/20/2008 | Read message |
remember_username-1.1.0.zip | 1.9 KB | open | download | Maurice Makaay | 05/20/2008 | Read message |
Module: Remember Username August 05, 2007 07:48AM |
Admin Registered: 20 years ago Posts: 8,532 |
This module will store the Phorum username that was last used in a cookie.
When entering the login screen, the username will be automatically filled in, based on this cookie.
Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Edited 2 time(s). Last edit at 05/20/2008 10:53AM by Maurice Makaay.
When entering the login screen, the username will be automatically filled in, based on this cookie.
Changelog: ---------- 2007-08-05 v1.1.0 - Rewrite for Phorum 5.2. 2005-01-23 v1.0.0 - Initial release
Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Edited 2 time(s). Last edit at 05/20/2008 10:53AM by Maurice Makaay.
Re: Module: Remember Username May 16, 2008 10:17AM |
Admin Registered: 18 years ago Posts: 746 |
Hi Maurice,
I installed your module. When it is enabled and I go to the login page (after logging out) I get immediately the "username/password was not found or is inactive" error message. My username is filled in but there shouldn't be thrown an error message even when I just entering that page...
Regards
Oliver
Using Phorum since 7/2000: forum.langzeittest.de (actual version 5.2.23)
Modules "Made in Germany" for version 5.2: Author_as_Sender, CarCost, Close_Topic, Conceal_Message_Timestamp,
Format_Email, Index_Structure, Mailing_List, Pervasive_Forum, Spritmonitor, Terms_of_Service and German_Language_Files_Package.
I installed your module. When it is enabled and I go to the login page (after logging out) I get immediately the "username/password was not found or is inactive" error message. My username is filled in but there shouldn't be thrown an error message even when I just entering that page...
Regards
Oliver
Using Phorum since 7/2000: forum.langzeittest.de (actual version 5.2.23)
Modules "Made in Germany" for version 5.2: Author_as_Sender, CarCost, Close_Topic, Conceal_Message_Timestamp,
Format_Email, Index_Structure, Mailing_List, Pervasive_Forum, Spritmonitor, Terms_of_Service and German_Language_Files_Package.
Re: Module: Remember Username May 20, 2008 10:52AM |
Admin Registered: 20 years ago Posts: 8,532 |
I think that this accidentally was the 5.1 compatible 1.0.0 package.
Please try if 1.1.0 fixes things for you.
Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Please try if 1.1.0 fixes things for you.
Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Module: Remember Username May 21, 2008 04:34AM |
Admin Registered: 18 years ago Posts: 746 |
Hi Maurice,
Yes, it's working fine. Thanks.
Regards
Oliver
Using Phorum since 7/2000: forum.langzeittest.de (actual version 5.2.23)
Modules "Made in Germany" for version 5.2: Author_as_Sender, CarCost, Close_Topic, Conceal_Message_Timestamp,
Format_Email, Index_Structure, Mailing_List, Pervasive_Forum, Spritmonitor, Terms_of_Service and German_Language_Files_Package.
Edited 1 time(s). Last edit at 05/21/2008 04:35AM by Oliver Riesen.
Quote
Maurice Makaay
I think that this accidentally was the 5.1 compatible 1.0.0 package.
Please try if 1.1.0 fixes things for you.
Yes, it's working fine. Thanks.
Regards
Oliver
Using Phorum since 7/2000: forum.langzeittest.de (actual version 5.2.23)
Modules "Made in Germany" for version 5.2: Author_as_Sender, CarCost, Close_Topic, Conceal_Message_Timestamp,
Format_Email, Index_Structure, Mailing_List, Pervasive_Forum, Spritmonitor, Terms_of_Service and German_Language_Files_Package.
Edited 1 time(s). Last edit at 05/21/2008 04:35AM by Oliver Riesen.
Re: Module: Remember Username January 30, 2011 10:02PM |
Registered: 14 years ago Posts: 39 |
Re: Module: Remember Username January 31, 2011 12:33AM |
Admin Registered: 20 years ago Posts: 8,532 |
By default, Phorum remembers the logon session. There should be no need for a "Remember me" option for the password. Like on the phorum.org website, you should see that you are still logged in after returning to the site.
Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Module: Remember Username January 31, 2011 12:42AM |
Registered: 14 years ago Posts: 39 |
Re: Module: Remember Username January 31, 2011 01:30AM |
Admin Registered: 22 years ago Posts: 9,240 |
Re: Module: Remember Username September 17, 2013 02:03AM |
Registered: 11 years ago Posts: 7 |
There is a security issue in the current version of the module.
(I purposely omit the details to not encourage its exploitation.)
If a cookie for this module is somehow set outside with some scripting in it, it allows session hijacking and the like.
To prevent this behavior something like this would do.
$username = trim($_COOKIE['phorum_mod_remember_username']);
$focus_field = 'password';
// If the cookie is forged. (It contains something other than a username.)
if(filter_var($username, FILTER_SANITIZE_STRING) != $username)
{
// Delete the forged cookie.
setcookie('phorum_mod_remember_username', '', time() - 3600, $PHORUM['session_path'], $PHORUM['session_domain']);
// Set an empty username.
$username = '';
// Focus on username field.
$focus_field = 'username';
}
// Replace the username with the remembered username.
$PHORUM['DATA']['LOGIN']['username'] = $username;
// Make the focus shift to the appropriate field.
$PHORUM['DATA']['FOCUS_TO_ID'] = $focus_field;
(I purposely omit the details to not encourage its exploitation.)
If a cookie for this module is somehow set outside with some scripting in it, it allows session hijacking and the like.
To prevent this behavior something like this would do.
$username = trim($_COOKIE['phorum_mod_remember_username']);
$focus_field = 'password';
// If the cookie is forged. (It contains something other than a username.)
if(filter_var($username, FILTER_SANITIZE_STRING) != $username)
{
// Delete the forged cookie.
setcookie('phorum_mod_remember_username', '', time() - 3600, $PHORUM['session_path'], $PHORUM['session_domain']);
// Set an empty username.
$username = '';
// Focus on username field.
$focus_field = 'username';
}
// Replace the username with the remembered username.
$PHORUM['DATA']['LOGIN']['username'] = $username;
// Make the focus shift to the appropriate field.
$PHORUM['DATA']['FOCUS_TO_ID'] = $focus_field;
Sorry, only registered users may post in this forum.