Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Refactored authenticator code - please before updating your working copy » Archive

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

Refactored authenticator code - please before updating your working copy

Go to End


12 Posts   6053 Views

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

29 June 2007 at 10:02pm

Hi guys,

I refactored the new authenticator code. Now you can easily enable/disable the various authentication methods in sapphire/_config.php.

Because we have now that new configuration file, the code that changed PHPs include path isn't needed anymore in your mysite/_config.php, so simple delete it (and the constant definition) there.

The only thing where you may have to add it is the installer when you do a clean install, but since it isn't under version control I can't add the code there.

I wish you all a great weekend,
Markus

Avatar
elijahlofgren

Google Summer of Code Hacker, 222 Posts

30 June 2007 at 4:10am

Edited: 30/06/2007 5:41am

Hi Markus,

I just tried it out and it works great. Thanks!

One thing I've noticed in the past is that the "Remember me next time" option does not appear to work. I have not tested it since your latest update. It seems after a couple of hours, I have to login again. Has this functionality been changed?
Edit: I just got logged out again (it's only been a few hours). So it seems that it still isn't remembering me. It could just be something I'm doing wrong though. ;)

Cheers,

Elijah

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

2 July 2007 at 4:18am

The "Remember me next time" feature should work as expected. I just tried it.. I logged in yesterday and looked now if I'm still logged in.. all worked as expected.

The only thing I changed is that now the check box is not checked by default as it was before (for security reasons).

Can you give me more details? Maybe your browser configuration deletes the cookie after some time!? Can you check that the "alc_enc" cookie is set and that the value of it is "user_id:xxx" where xxx is equal to the "RememberLoginToken" column in the member table.

Maybe you have also another webapp that deletes you your silverstripe cookie!?

Avatar
elijahlofgren

Google Summer of Code Hacker, 222 Posts

2 July 2007 at 1:16pm

> Can you give me more details?

Hi Markus,

Thanks for your response. I will plan on trying to reproduce the problem and giving you the details that you requested.

Thanks,

Elijah

Avatar
elijahlofgren

Google Summer of Code Hacker, 222 Posts

3 July 2007 at 6:39am

> Can you give me more details? Maybe your browser configuration deletes the cookie after some time!?

I have Firefox set to keep cookies until they expire and not automatically delete them.

> Can you check that the "alc_enc" cookie is set and that the value of it is "user_id:xxx" where xxx is equal to the "RememberLoginToken" column in the member table.

The value of my "alc_enc" cookie is being set to: 1%3A85410e945f2f4dbcdd69b3d171f0e752

"%3a" is the URL-encode version of ":" according to http://www.w3schools.com/html/html_urlencode.asp

So it seems that somehow my cookie is not being created correctly.
I'm using Firefox 2 on Ubuntu Feisty with Apache/2.2.3 (Ubuntu) PHP/5.2.1

> Maybe you have also another webapp that deletes you your silverstripe cookie!?
I don't think this is happening because I'm usually only running phpMyAdmin and SilverStripe.

Thanks for looking into this,

Elijah

Avatar
elijahlofgren

Google Summer of Code Hacker, 222 Posts

11 July 2007 at 1:40pm

I've made the 'Remember me next time' option work on my end by calling urldecode() on the cookie value:

------------------------------------------------------------------------
r38216 | elofgren | 2007-07-10 20:37:49 -0500 (Tue, 10 Jul 2007) | 1 line

BUGFIX: Make 'Remember me next time?' setting work even if the ':' in _COOKIE['alc_enc'] is converted to '%3a' by calling urldecode($_COOKIE['alc_enc']) See: http://www.silverstripe.com/google-summer-of-code-forum/flat/1826#post1832
------------------------------------------------------------------------

Let me know if it breaks on your end,

Elijah

Avatar
Markus

Google Summer of Code Hacker, 152 Posts

11 July 2007 at 8:53pm

Hi Elijah,

Sorry I think I overlooked your answer with the details..
That's a strange problem.. maybe a PHP bug!

According to the PHP documentation the cookie should be automatically urlencoded and decoded:

Note that the value portion of the cookie will automatically be urlencoded when you send the cookie, and when it is received, it is automatically decoded and assigned to a variable by the same name as the cookie name. If you don't want this, you can use setrawcookie() instead if you are using PHP 5.

Even if I think your patch doesn't produce any side effects I don't know if it is a good idea to apply it.. The problem has to be somewhere else and we should fix it there!

The used cookie class is in sapphire/core/Cookie.php and is straightforward.. so I couldn't find any bug there! Maybe you can find it somewhere else.. Otherwise try to update your PHP installation so that we can check if it is a PHP problem..

Avatar
elijahlofgren

Google Summer of Code Hacker, 222 Posts

12 July 2007 at 8:37am

> Even if I think your patch doesn't produce any side effects I don't know if it is a good idea to apply it.. The problem has to be somewhere else and we should fix it there!

Hi Markus,

Agreed. I've filed a trac ticket and CCed you to remind myself to look into this: http://support.silverstripe.com/gsoc/ticket/40

Thanks,

Elijah

Go to Top
Go to TopReturn to top