BigCommerce - Hosted Ecommerce Software by Interspire

Interspire Forum

 
Go Back   Interspire Forum > Interspire Knowledge Manager Community Forum > Customization and Integration

 
 
Thread Tools Display Modes
  #1  
Old 09-07-2007, 02:55 AM
rhyspaterson rhyspaterson is offline
Junior Member
 
Join Date: Apr 2007
Posts: 7
Default Supporting multiple user logins

Hey guys,

Apparently the new major release of ActiveKB will support multiple user logins to the front-end, but for the time being i am attempting to create a quick hack. Basically when the FrontendAccess() function is called in general.php, instead of checking the $_POST['frontendUser'] and $_POST['frontendPass'] variables against those stored in the $GLOBALS config, i am checking them against a simple .csv file.

The only problem i have come across however, is actually opening the .csv file in the function, because whenever i do the code seems to hang and bring up a blank page.

PHP Code:
    /**
    * FrontendAccess
    *
    * Determines if the user has access to the frontend of the site and
    * returns accordingly
    *
    * @return boolean Does the user have access to the frontend ?
    */
    
function FrontendAccess()
    {
        
// If either the user or pass on the settings page is blank then let
        // them in
        
if (empty($GLOBALS['frontendUser'])
            || empty(
$GLOBALS['frontendPass'])) {
            return 
true;
        }

        
// If the user has already authenticated, cool let them in
        
if (isset($_SESSION['frontendUser']) && isset($_SESSION['frontendPass']) && $_SESSION['frontendUser'] == $GLOBALS['frontendUser'] && $_SESSION['frontendPass'] == $GLOBALS['frontendPass']) {
            return 
true;
        }
                
        
// If the user is trying to authenticate and suceeds, let them in
        
if (isset($_POST['frontendUser']) && isset($_POST['frontendPass'])) {
            
            
// create shorter variables
            
$username $_POST['frontendUser'];
            
$password $_POST['frontendPass'];
            
            
$row 1;
            
$handle fopen("userList.csv""r");
            
            
// open the file and read it into an array
            
while (($data fgetcsv($handle1000",")) !== FALSE) {
                
$num count($data);
            
                
// check the username and password agains the $_POST variables
                
if (($data[0] == $username)&&($data[1] == $password)){
                    
// it's a match
                    
                    
$_SESSION['frontendUser'] = $GLOBALS['frontendUser'];
                    
$_SESSION['frontendPass'] = $GLOBALS['frontendPass'];
                    if (isset(
$_POST['frontendRemember'])
                        && isset(
$_POST['frontendRemember']) == 1) {
                        
// Allow the user to be remembered for 2 weeks (i.e. 14 days)
                        
$cookielength time()+60*60*24*14;
                        
setcookie($GLOBALS['cookiePrefix'].'akb_f_u'$GLOBALS['frontendUser'], $cookielength);
                        
setcookie($GLOBALS['cookiePrefix'].'akb_f_p'$GLOBALS['frontendPass'], $cookielength);
                    }
                    return 
true;
                }
            }
            
fclose($handle);
        }

        
// If they clicked the remember me option in the past
        
if (isset($_COOKIE[$GLOBALS['cookiePrefix'].'akb_f_u']) && isset($_COOKIE[$GLOBALS['cookiePrefix'].'akb_f_p']) && $_COOKIE[$GLOBALS['cookiePrefix'].'akb_f_u'] == $GLOBALS['frontendUser'] && $_COOKIE[$GLOBALS['cookiePrefix'].'akb_f_p'] == $GLOBALS['frontendPass']) {
            
$_SESSION['frontendUser'] = $GLOBALS['frontendUser']; $_SESSION['frontendPass'] = $GLOBALS['frontendPass'];
            return 
true;
        }

        
// The site is password protected and they havn't authorised so fail
        
return false;
    } 
As you can see i am just bypassing the $GLOBALS variables and opening my .csv file. The new code, as far as i can determine, is fine in terms of syntax and so on. I'm thinking when the KB tries to open said file that something goes wrong. The .csv file has correct permissions. Should i not be trying to open a file here? The general.php file sits in /kb/lib/ as does my .csv file. Thanks!

Last edited by rhyspaterson; 09-07-2007 at 02:58 AM..
  #2  
Old 09-17-2007, 02:34 AM
Jarrad Jarrad is offline
Junior Member
 
Join Date: Jul 2007
Posts: 20
Default

Hi Rhys,

Well done! This is an awesome little hack.

I just did a quick test and it seemed to work fine. Put your csv file in the root directory and it should work.

Of course the problem with that is people from the outside world will have access to it. It would be best to put this outside of the webroot and then specify a relative or full path for it in your code.

Excellent stuff.
  #3  
Old 02-19-2010, 10:22 PM
benwsi
Guest
 
Posts: n/a
Default Multiple logins at same time?

Jarrad & rhyspaterson,

Got a quick question. I'm trying to something similar, I think. We have a simple kb that we're trying to create, and need to allow access for a large group(s), ideally using a single login.

For example, the entire sales staff would use a sales login to VIEW the articles restricted as sales.

Tech support tells me this isn't possible out of the box. One user, one login, at one time. And creating 250 users isn't feasible, just to gain access to additional articles.

Any help or insight, or workarounds would be helpful.

Thanks,

Ben

current plan is to simple create a duplicate instance of the KB, and run that in a password protected directory. Open to ideas for that as well.
  #4  
Old 02-02-2011, 04:34 PM
cberry + cberry is offline
Interspire Customer
 
Join Date: Feb 2011
Posts: 3
Default

This is very simple to bypass. All this function does is check to see if anyone else is logged in under the same username and deletes their logged in credentials so it logs out the previous logged in person.

Use at your own risk.

To allow multiple logins under the same user:

Edit "lib/general.php"

Search for "pageload" and add in "return true;" where I show it in the excerpt below. That is all.

function pageLoad() {
$auth = new AKB_AUTH();
$login = $auth->IsLoggedIn();
if ($login) {

### Added here to bypass the multiple login not allowed
return true;
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump