MaureenT Posted April 3, 2008 Share Posted April 3, 2008 I am using Loginbox Best (http://www.oscommerce.com/community/contributions,2538). I like some of the features, particularly the account information links that show in the box once a person is logged in. However, there are two problems with it. One, because the loginbox shows up on non-SSL encrypted pages, it gives the impression that if a person enters their username and password in the form, it would be sent unencrypted. Two, despite my best efforts to fix it, both the forgotten password link and the registration link take people to non-encrypted versions of password_forgotten.php and create_account.php. So, this is what I want to do. Except for the greeting at the top, I want to remove all the content that shows up in the loginbox when a person is not logged in and replace it with a statement like "To log into your account or to create a new account CLICK HERE." The CLICK HERE link would take the person to an encrypted version of login.php, like clicking on the "My Account" link does when you are not logged in. Below is the code in loginbox.php. (Note: I have already done some other modifications to this code.) <?php /* osCommerce, Open Source E-Commerce Solutions [url="http://www.oscommerce.com"]http://www.oscommerce.com[/url] Copyright © 2002 osCommerce Released under the GNU General Public License Autologin added by DJ Downey [url="http://www.liquidgfx.com"]http://www.liquidgfx.com[/url] */ // WebMakers.com Added: Do not show if on login or create account if ( (!strstr($_SERVER['PHP_SELF'],'login.php')) and (!strstr($_SERVER['PHP_SELF'],'create_account.php')) and !tep_session_is_registered('customer_id') ) { ?> <!-- loginbox //--> <?php if (!tep_session_is_registered('customer_id')){ ?> <tr> <td> <?php $info_box_contents = array(); $info_box_contents[] = array('align' => 'left', 'text' => BOX_LOGINBOX_HEADING ); new infoBoxHeading($info_box_contents, $newtheme, false, false); $loginboxcontent = " <form name=\"login\" method=\"post\" action=\"" . tep_href_link(FILENAME_LOGIN, 'action=process', 'SSL') . "\"> <table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\"> <tr> <td align=\"center\" class=\"infoBoxContents\"> " . tep_box_greeting_top() . " </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> " . BOX_LOGINBOX_EMAIL . " </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> <input type=\"text\" name=\"email_address\" maxlength=\"96\" size=\"20\" value=\"\"> </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> " . BOX_LOGINBOX_PASSWORD . " <A HREF=\"" . tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL') . "\">" . BOX_LOGINBOX_FORGOT_PASSWORD . "</A> </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> <input type=\"password\" name=\"password\" maxlength=\"40\" size=\"20\" value=\"\"> </td> </tr> <tr> <td class=\"infoBoxContents\" align=\"center\"> " . tep_image_submit('button_login.gif', IMAGE_BUTTON_LOGIN) . " </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> " . BOX_LOGINBOX_NEW . " </td> </tr> </table> </form> "; $info_box_contents = array(); $info_box_contents[] = array('align' => 'center', 'text' => $loginboxcontent ); new infoBox($info_box_contents); ?> </td> </tr> <?php } else { // If you want to display anything when the user IS logged in, put it // in here... Possibly a "You are logged in as :" box or something. } ?> <!-- loginbox_eof //--> <?php // WebMakers.com Added: My Account Info Box } else { if (tep_session_is_registered('customer_id')) { ?> <!-- my_account_info //--> <tr> <td> <?php $info_box_contents = array(); $info_box_contents[] = array('align' => 'left', 'text' => BOX_HEADING_LOGIN_BOX_MY_ACCOUNT ); new infoBoxHeading($info_box_contents, $newtheme, false, false); $loginboxcontent = " <table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\"> <tr> <td align=\"center\" class=\"loginBoxGreeting\"> " . tep_box_greeting_top() . " </td> </tr> <tr> </table> "; $info_box_contents = array(); $info_box_contents[] = array('align' => 'center', 'text' => $loginboxcontent . '<a href="' . tep_href_link(FILENAME_ACCOUNT, '', 'SSL') . '">' . LOGIN_BOX_MY_ACCOUNT . '</a><br>' . '<a href="' . tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL') . '">' . LOGIN_BOX_ACCOUNT_EDIT . '</a><br>' . '<a href="' . tep_href_link(FILENAME_ACCOUNT_HISTORY, '', 'SSL') . '">' . LOGIN_BOX_ACCOUNT_HISTORY . '</a><br>' . '<a href="' . tep_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL') . '">' . LOGIN_BOX_ADDRESS_BOOK . '</a><br>' . '<a href="' . tep_href_link(FILENAME_LOGOFF, '', 'SSL') . '"><b>' . LOGIN_BOX_LOGOFF . '</b></a>' ); new infoBox($info_box_contents); ?> </td> </tr> <!-- my_account_info_eof //--> <?php } } ?> And here's the code that was added to /catalog/includes/functions/general.php below the "greeting_string". // Return a loginbox infobox customer greeting top function tep_box_greeting_top() { global $customer_id, $customer_first_name; if (tep_session_is_registered('customer_id')) { $account_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'"); $account = tep_db_fetch_array($account_query); $name = $account['customers_firstname'] . ' ' . $account['customers_lastname']; $greeting_box_top_string = sprintf(BOX_GREETING_TOP_PERSONAL, tep_output_string_protected($name), tep_href_link(FILENAME_PRODUCTS_NEW)); } else { $greeting_box_top_string = sprintf(BOX_GREETING_TOP_GUEST, tep_href_link(FILENAME_LOGIN, '', 'SSL'), tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL')); } return $greeting_box_top_string; } //// // Return a loginbox infobox customer greeting bottom function tep_box_greeting_bottom() { global $customer_id, $customer_first_name; if (tep_session_is_registered('customer_id')) { $account_query = tep_db_query("select customers_firstname, customers_lastname, customers_email_address from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'"); $account = tep_db_fetch_array($account_query); $name = $account['customers_firstname'] . ' ' . $account['customers_lastname']; $greeting_box_top_string = sprintf(BOX_GREETING_BOTTOM_PERSONAL, tep_output_string_protected($name), tep_href_link(FILENAME_PRODUCTS_NEW)); } else { $greeting_box_top_string = sprintf(BOX_GREETING_BOTTOM_GUEST, tep_href_link(FILENAME_LOGIN, '', 'SSL'), tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL')); } return $greeting_box_top_string; } Here is the site--which is under construction--so that you can see what the loginbox presently looks like. http://www.danielles-chocolates.com/catalog/index.php I hope someone can help me with this. I have attempted to figure it out for myself, but I simply don't know enough PHP. Quote Link to comment Share on other sites More sharing options...
MaureenT Posted April 8, 2008 Author Share Posted April 8, 2008 After several days away from this, I turned my attention back to it and figured it out for myself. It turned out to be really quite easy. I don't know why I didn't see how to do it before. I guess I just wasn't seeing what was right before my eyes. Just in case there happens to be anyone in the future who wants to do the same, I've included instructions below. First, add two new define statements in catalog/includes/languages/english/loginbox.php (and any other languages you use), one for the statement that comes before the link to login.php, another for the text of the link itself. For example: define('BOX_LOGINBOX_STATEMENT', 'To log in or to register an account, please '); define('BOX_LOGINBOX_LINK_TEXT', 'CLICK HERE'); Name them whatever you want to as long as it's something that isn't already being used by some other define statement. You might also want to change BOX_LOGINBOX_HEADING so that the infobox heading says something else besides "Login Here", which will no longer be accurate. I changed mine to say "Login/Registration". Next, find this code in catalog/includes/boxes/loginbox.php: <form name=\"login\" method=\"post\" action=\"" . tep_href_link(FILENAME_LOGIN, 'action=process') . "\"> <table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\"> <tr> <td align=\"center\" class=\"infoBoxContents\"> " . tep_box_greeting_top() . " </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> " . BOX_LOGINBOX_EMAIL . " </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> <input type=\"text\" name=\"email_address\" maxlength=\"96\" size=\"20\" value=\"\"> </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> " . BOX_LOGINBOX_PASSWORD . " <A HREF=\"" . tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'NONSSL') . "\">" . BOX_LOGINBOX_FORGOT_PASSWORD . "</A> </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> <input type=\"password\" name=\"password\" maxlength=\"40\" size=\"20\" value=\"\"> </td> </tr> <tr> <td class=\"infoBoxContents\" align=\"center\"> " . tep_image_submit('button_login.gif', IMAGE_BUTTON_LOGIN) . " </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> " . BOX_LOGINBOX_NEW . " </td> </tr> </table> </form> Change it to this: <table border=\"0\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\"> <tr> <td align=\"center\" class=\"infoBoxContents\"> " . tep_box_greeting_top() . " </td> </tr> <tr> <td align=\"center\" class=\"infoBoxContents\"> " . BOX_LOGINBOX_STATEMENT . " <A HREF=\"" . tep_href_link(FILENAME_ACCOUNT, '', 'SSL') . "\">" . BOX_LOGINBOX_LINK_TEXT . "</A> </td> </tr> </table> Change BOX_LOGINBOX_STATEMENT and BOX_LOGINBOX_LINK_TEXT to whatever you named those define statements in the first step. This will remove the login form, forgotten password link and account registration statement/link from the login box, leaving the greeting and adding a statement and link directing people to the login.php page. Obviously, only people who have SSL encryption and are concerned about the encryption problems with this login box would have any reason to do this. By the way, changing "NONSSL" to "SSL" for the forgotten password link did not work for me. Clicking on it still took a person to an unsecured version of the page. I also added , 'SSL' after 'action=process' in the form tag to add encryption to the form, but, to the observer, the form still appeared to be sending their information unencrypted. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.