wizardsandwars Posted February 6, 2003 Share Posted February 6, 2003 I downloaded this last nite and got it installed. It appeared to be working nicely. However, when I went to this site, http://www.searchengineworld.com/cgi-bin/s.../sim_spider.cgi I discovered that with the autologin enabled, the spiders can't see your site, at all. If anyone out there is useing this contribution, make sure you go there and see if spiders can see YOUR website. Quote ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
dreamscape Posted February 7, 2003 Share Posted February 7, 2003 hey Wizards, I noticed the same thing too when I installed it... it is because most spiders (maybe all) do not spider secure pages (HTTPS/SSL) and the autologin routine redirects through HTTPS. a quick fix is to check if the user has cookies enabled. if they do, then do the autologin routine. if not, then do not do it b/c they are either a bot or have cookies disabled (neither of which can use the autologin anyways). I just came up with this, installed it, and then tested on the search engine spider sim and my pages can now be spidered... also cookie users can still auto login. HERE IT IS: in includes/modules/autologin.php, place this code before the start of the autologin code (at the very top after the comments): setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60); $cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"]; if ($cookieinfo == "CookieOn") { basically sets a temp cookie to determine if cookies are enabled, and if so, then continues with the auto login routine. if not, then it is skipped over (no HTTPS redirect, so we get spidered!) also, at the end of the autologin.php files, you will need to close the if statement, so put a } right before the closing ?>: } ?> Also, what I am thinking of doing, is that since only cookied users can use the autologin, only present the option to them on login.php using the same if statement (or perhaps placing it in application_top.php and setting a variable like $COOKIES_ENABLED = true and then the check for cookies would just become if ($COOKIES_ENABLED == true) to use across different pages to check if the user has enabled cookies. Also, after the check, it might be a good idea to delete the temp cookie since we create it on every page to check for cookies enabled, but I haven't thought that far ahead. Quote The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke Link to comment Share on other sites More sharing options...
wizardsandwars Posted February 7, 2003 Author Share Posted February 7, 2003 Nice work! OK, I'll put this in tonight, and I'll look at some of your other suggestions, as well. I hadn't realized that spiders couldn't spider a site on SSL. In fact, I put almost the entire shop on SSL. In other words, once the customer hits a secure page, he says in secured pages until he leaves. That way there are no warnings that they are "about to leave a sucure page" and what not. Quote ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
dreamscape Posted February 7, 2003 Share Posted February 7, 2003 Wizards, I changed it some... I moved the cookie test to application_top, so that on a few other pages, I can check if cookies are on alot easier... so in application_top.php I added: // Determine if cookies are enabled setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60); $cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"]; if ($cookieinfo == "CookieOn") { global $cookies_on; $cookies_on = true; } I dunno if it matters where it goes, but I put if right after the require configure line (about line 35). so then in modules/autologon.php, I took out the cookie check since I moved it to app_top, and use this now: if ($cookies_on == true) { then in /login.php, the part that was added in from the contrib for users to select if they want to be remembered, I changed from: if (ALLOW_AUTOLOGON != 'false') { to if ((ALLOW_AUTOLOGON != 'false') && ($cookies_on == true)) { this way, if a user has cookies disabled, they don't even see a hint of the autologin feature, since it doesn't work for them... I think we have something now :D Quote The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke Link to comment Share on other sites More sharing options...
hatimad Posted February 18, 2003 Share Posted February 18, 2003 Hi, sorry i am a dummy and cant figure out what do you mean by so then in modules/autologon.php, I took out the cookie check since I moved it to app_top, and use this now: if ($cookies_on == true) { could you possibly explain what changes you made in /catalog/includes/modulesautologon.php and /cataloge/login.php thank you Hats Quote Link to comment Share on other sites More sharing options...
hatimad Posted February 19, 2003 Share Posted February 19, 2003 can anyone help? Quote Link to comment Share on other sites More sharing options...
mikerat Posted February 20, 2003 Share Posted February 20, 2003 Hi Hatimad, You are not a dummy ... it just sounds more complicated than it is. Add the text in red (I think it is around line 185ish in /catalog/includes/application_top.php): // define how the session functions will be used require(DIR_WS_FUNCTIONS . 'sessions.php'); tep_session_name('osCsid'); // Determine if cookies are enabled setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60); $cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"]; if ($cookieinfo == "CookieOn") { global $cookies_on; $cookies_on = true; } // include the database functions require(DIR_WS_FUNCTIONS . 'database.php'); Edit the very bottom of the same file where it says HMCS:Begin Autologon (Remember the green text is already there ... just add the code in red): // HMCS: Begin Autologon ****************************************************************** if ($cookies_on == true) { if (ALLOW_AUTOLOGON == 'true') { // Is Autologon enabled? if (basename($PHP_SELF) != FILENAME_LOGIN) { // yes if (!tep_session_is_registered('customer_id')) { include('includes/modules/autologon.php'); } } } else { setcookie("email_address", "", time() - 3600, $cookie_path); //no, delete email_address cookie setcookie("password", "", time() - 3600, $cookie_path); //no, delete password cookie } } // HMCS: End Autologon ****************************************************************** I hope this is useful to you. Quote Link to comment Share on other sites More sharing options...
hatimad Posted February 20, 2003 Share Posted February 20, 2003 Hi Mike, thanks a lot, i did exactly what you said but it still shows the SID along with my default.php am i suppose to make any changes in /catalog/includes/modules/autologon.php and /cataloge/login.php thanks for your help hats Quote Link to comment Share on other sites More sharing options...
mikerat Posted February 22, 2003 Share Posted February 22, 2003 Go to this online spider simulator and check if the search engines can see your links: http://www.searchengineworld.com/cgi-bin/s.../sim_spider.cgi After you type in your domain it will list any links it sees. Let me know if this helps. Quote Link to comment Share on other sites More sharing options...
hatimad Posted February 22, 2003 Share Posted February 22, 2003 Hi, i typed in url of my default.php and it spidered all my links but SID was attached with all of the links when other search engins spiders do they spider it with sid? thanks Hats Quote Link to comment Share on other sites More sharing options...
mikerat Posted February 23, 2003 Share Posted February 23, 2003 Yes, they do. There is a workaround that disables the SID for the search engines. Just go to this thread http://www.oscommerce.com/forums/viewtopic.php...ight=sid+killer and follow the instructions at the start of the thread ... it works just fine for me. Quote Link to comment Share on other sites More sharing options...
hatimad Posted February 23, 2003 Share Posted February 23, 2003 i tried to install SID killer few days ago, but since autologon was installed it didnt let it work. it will get stuck at the logoff and wont go ahead, and show me the blank page i will try to install it again since i have applied your fix to the autologon contibution and let you know thanks for your help Hats Quote Link to comment Share on other sites More sharing options...
dreamscape Posted February 23, 2003 Share Posted February 23, 2003 ohh... sorry for not replying earlier... quite some time ago I dumped the autologin... I had it installed for about 30 minutes and decided, ya know its just not worth it... its a neat idea, but the way it works, re-reouting every page through login/logoff.php just makes for alot of headaches... it is a great idea I think, just needs to be worked on some I think. Quote The only thing necessary for evil to flourish is for good men to do nothing - Edmund Burke Link to comment Share on other sites More sharing options...
hatimad Posted February 23, 2003 Share Posted February 23, 2003 Hi, i tried to install the SID killer again but the same problem it gets stuck at logoff.php in secure server and keeps refrashing blank logoff.php Joshua, can you give me idea how did you make it work? thank you Quote Link to comment Share on other sites More sharing options...
wizardsandwars Posted February 23, 2003 Author Share Posted February 23, 2003 Hatimad, as far as I know, the Sid Killer will not work properly is you have SSL on a different server as you regular domain. Quote ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
hatimad Posted February 23, 2003 Share Posted February 23, 2003 ok, i just now removed the autologon contribution and installed SID Killer v1.2 i checked my site at http://www.searchengineworld.com/cgi-bin/s.../sim_spider.cgi and there is no session ID attached to the links as far as I know, the Sid Killer will not work properly is you have SSL on a different server as you regular domain is there any known problem i am missing? thanks Quote Link to comment Share on other sites More sharing options...
wizardsandwars Posted February 23, 2003 Author Share Posted February 23, 2003 Well, many people have problems with it logging me out when I go from a SSL page to a non SSL page. Quote ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
hatimad Posted February 24, 2003 Share Posted February 24, 2003 yes you are right i noticed it...thanks for pointing it out.. any solutions? thanks Quote Link to comment Share on other sites More sharing options...
blueline Posted November 15, 2003 Share Posted November 15, 2003 (edited) Guys.....for some reason this mod isn't physically installing a cookie on my machine. I've done everything I can......but no luck. I do have cookies enabled, and am getting them from other sites. I tested it using the code above, and cookies are on... I actually get a cookie on my machine (the temp test cookie) but I don't get the actual logon cookie. Guys? Thanks, -Chris Edited November 15, 2003 by blueline Quote Chris Sullivan Link to comment Share on other sites More sharing options...
Guest Posted November 20, 2003 Share Posted November 20, 2003 (edited) Guys.....for some reason this mod isn't physically installing a cookie on my machine. I've done everything I can......but no luck. I do have cookies enabled, and am getting them from other sites. I tested it using the code above, and cookies are on... I actually get a cookie on my machine (the temp test cookie) but I don't get the actual logon cookie. Guys? Thanks, -Chris Hey Chris, I had the same problem...I've been working on getting this implemented on my site but have been very frustrated. What I found was the problem for me was that I was using the "Use Search -Engine Safe URLs" option but contribution works off of a PHP get path which pulled up "action" for my path. Try sorting your cookies by when they were last modified and play around with it. My cookies were coming up with the domain "action." You need to go into the code if you are having this problem... Hope that helps... Although I'm having a problem of my own. The Autologon feature works great on my computer, but whenever I use my brother's computer, login, close the browser, and open up the site again, I get automatically sent to a secured logoff page. So maybe someone can help me with that one? Maybe the wizards might return and give some help... Thanks -Aaron Edited November 20, 2003 by aedmonds Quote Link to comment Share on other sites More sharing options...
blueline Posted November 21, 2003 Share Posted November 21, 2003 Actually, I am not getting a cookie installed at all. I tried the "test" cookie process in application_top and that works, but the auto login cookies just don't install.... Quote Chris Sullivan Link to comment Share on other sites More sharing options...
Guest Posted November 21, 2003 Share Posted November 21, 2003 Actually, I am not getting a cookie installed at all. I tried the "test" cookie process in application_top and that works, but the auto login cookies just don't install.... Is your "test" cookie being called with the PHP setcookie function or the OSC tep_setcoookie function? I changed all of mine to use the tep_setcookie function...not sure if that makes any difference... <_< Another thing I did was I changed all of the: $cookie_url_array = parse_url((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . substr(DIR_WS_CATALOG, 0, -1)); $cookie_path = $cookie_url_array['path']; to the following: if (function_exists('session_set_cookie_params')) { session_set_cookie_params(0, $cookie_path, $cookie_domain); } elseif (function_exists('ini_set')) { ini_set('session.cookie_lifetime', '0'); ini_set('session.cookie_path', $cookie_path); ini_set('session.cookie_domain', $cookie_domain); } Not sure if that has any effect either...guess we'll find out now, won't we.... Can somebody tell me if that will effect OSC in any negative way? Thanks -Aaron Quote Link to comment Share on other sites More sharing options...
blueline Posted November 21, 2003 Share Posted November 21, 2003 Actually, the "test" cookie is being called with the setcookie function that comes with PHP. That works. The other cookie which is being called by the tep_setcookie function is not working. I have included the code below so that you can see. The "test" cookie // Determine if cookies are enabled setcookie("TEMPCOOKIE", "CookieOn", time() + 60 * 60); $cookieinfo = $HTTP_COOKIE_VARS["TEMPCOOKIE"]; if ($cookieinfo == "CookieOn") { global $cookies_on; $cookies_on = true; } The "autologin" cookie // HMCS: Begin Autologon ****************************************************************** if ($cookies_on == true) { if (ALLOW_AUTOLOGON == 'true') { // Is Autologon enabled? if (basename($PHP_SELF) != FILENAME_LOGIN) { // yes if (!tep_session_is_registered('customer_id')) { include('includes/modules/autologon.php'); } } } else { setcookie("email_address", "", time() - 3600, $cookie_path); //no, delete email_address cookie setcookie("password", "", time() - 3600, $cookie_path); //no, delete password cookie } } // HMCS: End Autologon ****************************************************************** Thanks a bunch guys. -Chris Quote Chris Sullivan Link to comment Share on other sites More sharing options...
Guest Posted November 21, 2003 Share Posted November 21, 2003 Actually Chris, the autologn cookie code that you posted is only deleting the cookie. Notice how it is giving a value of "" and the time is set for the past. Lets see what is in your autologon.php code... Quote Link to comment Share on other sites More sharing options...
blueline Posted November 21, 2003 Share Posted November 21, 2003 Here ya go. Thanks for the help. <?php /* $Id: autologon.php,v 1.11 2003/01/18 20:00:00 Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Copyright (c) 2003 HMCservices Released under the GNU General Public License */ if ($cookies_on == true) { $cookie_url_array = parse_url((ENABLE_SSL == true ? HTTPS_SERVER : HTTP_SERVER) . substr(DIR_WS_CATALOG, 0, -1)); $cookie_path = $cookie_url_array['path']; if (($email_address != "") && ($password != "")) { $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_lastname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'"); if (tep_db_num_rows($check_customer_query)) { $check_customer = tep_db_fetch_array($check_customer_query); if (tep_validate_password($password, $check_customer['customers_password'])) { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . $check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'"); $check_country = tep_db_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; if(!tep_session_is_registered('customer_id')) tep_session_register('customer_id'); if(!tep_session_is_registered('customer_default_address_id')) tep_session_register('customer_default_address_id'); if(!tep_session_is_registered('customer_first_name')) tep_session_register('customer_first_name'); if(!tep_session_is_registered('customer_country_id')) tep_session_register('customer_country_id'); if(!tep_session_is_registered('customer_zone_id')) tep_session_register('customer_zone_id'); setcookie('email_address', $email_address, time()+ (365 * 24 * 3600), $cookie_path, '', ((getenv('HTTPS') == 'on') ? 1 : 0)); setcookie('password', $check_customer['customers_password'], time()+ (365 * 24 * 3600), $cookie_path, '', ((getenv('HTTPS') == 'on') ? 1 : 0)); $date_now = date('Y-m-d'); $qr = "update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . $customer_id . "'"; tep_db_query($qr); $cart->restore_contents(); // restore cart contents } } } else { if($autologon_executed != 'true'){ $autologon_page = '<html><head><meta http-equiv="Refresh" content="0;URL=' . tep_href_link(FILENAME_LOGOFF, '', 'SSL') . '"></head><body></body></html>'; $autologon_link = ((getenv('HTTPS') == 'on') ? 'https://' : 'http://') . $SERVER_NAME . $REQUEST_URI . (strpos($REQUEST_URI, "?") ? '&' : '?') . SID; $autologon_executed = 'true'; if(!tep_session_is_registered('autologon_link')) tep_session_register('autologon_link'); if(!tep_session_is_registered('autologon_executed')) tep_session_register('autologon_executed'); tep_session_close(); exit($autologon_page); } } if (tep_session_is_registered('autologon_link')) { $x = $autologon_link; tep_session_unregister('autologon_link'); tep_redirect($x); } } ?> Thanks again/ Quote Chris Sullivan Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.