D7.0.4 Remember Me issue...

We had an issue with the Remember Me? feature not working on v7.0.4 dolphin on our site.  In digging a little, I found that the function bx_login defaults the remember me status to false and does not try to get the form data to change this boolean in the code before logging the user in.

If you want to fix this, you can do the following in your code:

Open /inc/profiles.inc.php - look for the following code (original code is at line 443)

function bx_login($iId, $bRememberMe = false) {

Place the following block just below it:

if ((bool)$_POST['rememberMe'] == true) {
$bRememberMe = true;
};

Save and clear your cache.  Next time you or a member logs in and checks the Remember Me button, the cookie will be properly created and they will be remembered.  Enjoy --

Hi,

Thank you for posting this.

I am not a programmer or such and I wanted to ask you where do I find this /inc/profiles.inc.php and the code line?

Thanks.

Yuval

You need to look into the folder you installed Dolphin - then go to the folder inside it called 'inc' -- inside that folder is a file called profiles.inc.php

Go to approximately line 443 - you should see the line posted above in the FIRST green box.

Directly below it, insert the lines of code in the SECOND green box.

THIS FIX APPLIES TO DOLPHIN v7.0.4 only -- it is not tested on ANY other version.  Other versions will most likely not match the lines listed below either.

If you are not very experienced in editing text based files, you may want to have someone do this for you.  I ALSO RECOMMEND you backup the file before you edit it incase you make a mistake - you can copy the backup back over so your site does not go offline.

Can you confirm this trouble in boonex.us?

I can confirm for you. It hasn't worked since i installed 7.04. Just hadn't gotten around to reporting it yet.

Thanks for this fix

 Can you please include this fix in ..7.0.5 ?

Ok ticket was created - http://www.boonex.com/trac/dolphin/ticket/2376

Thank you so much for this data man.

Now i'm sure I will find it.

I applied this fix and it screwed my site up big time, removing it restored my site. What did I do wrong??

function bx_login($iId, $bRememberMe = false) {

if ((bool)$_POST['rememberMe'] = true) {
$bRememberMe = true;
};

I can't answer that.  You most likely inserted the code in the wrong place, or misspelled something.  There is no real way this piece of code can 'screw up a whole site' -- it looks for a form post value, and if it finds it, sets a 'local variable' inside a function so that a cookie can be written.  Not only that, but the code is only called when the 'login' process is called.  It does nothing to ANY other code in D7.0.4

Can not reproduce this bug, "remember me feature" is working fine.

Also provided code is not correct, it always remembers user passwords - it may be serious problems with your site's users privacy because of this!

Don't apply it!

I applied it and it solved my problem. My site would not remember me. I could close my browser, then open it right back up and would have to login again. Now it seems to work fine for me. I don't see the security risk of my browser saving my login password anyway.

You obviously weren't testing this on a 'clean install' of Dolphin 7.0.4 -- This bug DOES exist, and has been an issue for some time, as there are several complaints about how the "Remember Me" feature DOES NOT WORK.

Now, if you have a clean install, check the remember me box, login, then close your browser.

Re-open your browser - you will not be remembered.  You will have to RE-LOGIN.  I have had this issue for several months, on several re-installs of D7.0.4

Second - you claim this can be serious problems with users privacy?  And how is that?  It uses the cookie storage procedure that was authored by Boonex.  The problem with the bx_login function is that it defaults "rememberme" to false in the function definition.  That means that every time the function is called, it does not matter where rememberMe was checked or not, it is overridden to false when the bx_login function executes.  Are you saying that Boonex wrote an insecure login function, with bad cookie practices, then covered it up by defaulting/overriding the rememberme feature to disable it? If that is the case, then you owe ME and apology and need to CLARIFY your post, as it is BOONEX who made the insecure function - and all I did is expose it by attempting to make the code work as the software advertises...  What is the point of Remember Me? if it does not "Remember Me?"  IF it doesn't work, REMOVE THE CHECKBOX FROM THE FORM and the OFFENDING CODE THAT IS INSECURE - or better yet, FIX IT.  Instead, you accuse me of publishing a fix that makes sites insecure?

By adding the If-then statement to the function, the fix simply allows the checkbox in the login form to be read instead of being ignored.

Because saying that my fix voids the security of the software is a blatant slam, especially after saying you cannot reproduce the bug...

Can someone get me a damned programmer - someone who actually knows what is going on here?

This is ridiculous...  I not only paid for this software, but have had to DEBUG it to run it's advertised features and make it functional as it claims it is but TRULY is NOT out of the box...

rideguydotcom, I can see why you are frustrated over this, and where alexT is wrong.. however, alexT is right about one thing. Your code always defaults to the rememberMe variable being true, simply due to a typo in your if statement.

You wrote:

if ((bool)$_POST['rememberMe'] = true) {
$bRememberMe = true;
};

Notice the single equals sign. You are actually performing an assignment instead of a comparison.

The correct code should be:

if ((bool)$_POST['rememberMe'] == true) { 
$bRememberMe = true;
};

Thank you for that clarification - and in that aspect (and that aspect ONLY), I apologize to AlexT.

I will also edit my above post to reflect your notes so that nobody else experiences the issue of my mis-spelling/missed equals sign.

EDIT/NOTE:  Would a moderator please modify my original post to reflect the missing '==' as aMusic noted in their post?  I am unable to edit my post.  Thank you.

Regarding aMusic's correction to my fix, the updated code is below in the quotation box (fixed).  Thank you, aMusic!

AlexT: I can also confirm Remember me is NOT working on 7.0.4 clean install. If here is provided code for fix whioch is working why dont u simply add it to 7.0.5 ? I quite dont understand whats going on ... Install clean 7.0.4 and try remember me yourself ... you will see the problem

The problem can not be reproduced on http://www.boonex.us/ site using Firefox and Safari browsers.

If somebody can ? please report the browser you are using and PM me your login details.

By default bx_login function don't "remember me", but when login is performed it is definitely "remember me".

Please refer to the following line in member.php file:

$p_arr = bx_login($member['ID'], (bool)$_POST['rememberMe']);

I've made correction in the first post, but I still don't see any sense in it, since everything works.

The only browser I use is Firefox, but I also have Internet Explorer as well as Safari installed, and all three exhibit same behavior on a default clean install.

Not only this, but according to your above statement, you are right -- the login call assigns the remember me variable.  But the FUNCTION DEFINITION in profiles.inc.php overrides that by definition

function bx_login($iId, $bRememberMe = false) {

That is the function definition above, and it sets $bRememberMe to false, overriding the form value being sent to it.  The other three places bx_login is called by dolphin, it is not supplied a 'rememberme' value, which is why I'm betting this 'default value' is assigned.  That is why I use the if-then statement I added above to refresh the form post value into the function.  Otherwise, it just stays as false, regardless of what is being sent to it.

I may not be the most experienced PHP developer, but I do know how many things work, and this definitely does not.

Please can you reproduce the problem on boonex.us site ?

What version of Dolphin does boonex.us run?  Is it the release version of 7.0.4 or is it a Trac/SVN managed version that is continually updated as code and bugs are fixed?

It is 7.0.4, every time new version is released www.boonex.us is updated using official upgrade script.

So it's not done from a clean install of Dolphin?  There has to be some difference - because I've tested this on several 'clean' installs of Dolphin v7.0.4 and they ALL have this login issue.  I don't know why your boonex.us is not replicating it.  I can install it on a clean web on my server and duplicate it with clean version all day long.  So could my members.  So can other members here.  There is SOME difference between versions somewhere.

Try here:

http://www.demozzz.com/dolphin705b/

It is clean install - and no problem at all too.

Maybe there are some problems on you server or browser. For example IE browsers have problems with settings cookies for local domains with underscores, like http://my_domain/

Here's a real thought -- what version of php is that server running (either one)?  My server runs php 5.2.6 (Plesk) - with the php.ini modified to allow the higher session and upload limits for videos --  Maybe it's a php quirk with handling of the function and cookies.  If you want, I will remove the 'patch' from my server and you can test it out there.

I am happy to see that it is not a wide-spread error/issue, although there are more than one site that are suffering from it (as noted by some of the replies above) -- this might be something that can be tracked down with a little effort, as it is not reproducable 100% of the time, but does exist as an issue.

I have also just helped another Dolphin admin with his Remember-Me issue and in regards to php version, his server runs php 5.2.14, which is below my 5.2.6 -- maybe there is a cookie or function handling issue that is php version related that is causing problems for Dolphin.  AlexT, can you verify or report the version of php that boonex.us or demozzz.com is running?

We are using PHP 5.3.2-1 + Suhosin Patch 0.9.9.1 on www.boonex.us server (the same on www.demozzz.com)

Also try to check your browser, there are some plugins which clear cookies and other private data upon browser closing.

So you are above 5.2.x then --

As for my browser, I know that is not the issue -- I do not run plugins like those -- or it would have created the issue for me while visiting your two sites, but those functioned properly -- as you said they would.  But the only difference between our sites and yours so far is the differences in php version and platform.

I have this problem too on my clean install version Dolphin 7.04

It is real problem.

Sorry, I do not speak on english.

After applying this patch, the 'Remember Me' function on my site, works for the first time.... ever.

I don't see the same issue in D 7.0.5.  I believe an upgrade should solve your problem.  Just a suggestion.

Respectfully,

Jeff

I did.

HoustonLively - what php version is your server running?  In what I've investigated, I'm thinking it's an issue with php versions prior to 5.3 - all the sites that I've talked to with the issue see this happening and are running php versions 5.2.x or lower

5.2.16

There's another vote for it being related to the php version being run -- I'll bet that it is some issue with how 5.2.x and older handles something because everyone so far who doesn't have the issue is running a higher version of php.  My servers run 5.2.16 as well and they all exhibited the issue in my testing.  Another user who I applied the patch for was running 5.1.x I believe.

I have heard that there are subtle differences in the ways 5.2.x and  5.3.x  handle cookies.  I don't know the specific details though.

Neither do I on the details, but with php I've learned that there are always little differences between versions, many undocumented at that -- and the behavior of cookies (which could be a cookie issue or another issue) - just happens to affect the way Boonex Dolphin processes / handles it's cookies.  Many members say the feature works fine -- but there are several here that have the same problem you and I did.  The little patch (which handles the way a function is called, not so much how the cookie is written) seems to cure it.

In the end, I'm just happy that if anyone is running Dolphin, and has this problem, there is a little piece of code in the forums that they can apply (via search the forums) that solves the issue.  And with the correction pointed out by another member, and the moderator's assistance in fixing my original post) nobody will get an 'insecure' system because of it.  They still have the ability to 'not' be remembered.  But at least now if they want to be remembered by the system, it will work.

Thanks for your input on your system and that the patch did help.

On a different note, I still have to post my fixes for the Video Upload issues that I had during my install(s) of D7.0.4 (and past versions) including an ffdshow that actually works, and so forth.  I need to get out my 'diff' utility and compare my code to the original 7.0.4 release code so I can post my changes that worked on my servers.

Currently, I have Dolphin running 99% on a Windows 2003 server (including RMS), with running cron jobs, working uploads, and so forth.  Our last remaining issue is a couple things relating to the url rewriting and the Orca Forums module.

This fix worked until I upgraded to .06 but now it doesn't. Is there a new fix for this?

I've been having this problem since yesterday and found out a friend with the same hosting company was having the same problem too.

The server I'm on is running PHP v5.2.17

I'm running Dolphin v7.0.7 and after adding this fix "Remember Me" seems to be working again.

Thanx :)