Option to autologon after clicking on signup link

class2.php

@@ -9,8 +9,8 @@
 * General purpose file
 *
 * $Source: /cvs_backup/e107_0.8/class2.php,v $
-* $Revision: 1.91 $
-* $Date: 2008-12-28 22:37:42 $
+* $Revision: 1.92 $
+* $Date: 2009-01-04 16:00:19 $
 * $Author: e107steved $
 *
 */
@@ -856,16 +856,18 @@ if ($pref['maintainance_flag'] && ADMIN == FALSE && strpos(e_SELF, 'admin.php')
 	exit();
 }
 
+
 $sql->db_Mark_Time('(Start: Login/logout/ban/tz)');
 
+
 if (isset($_POST['userlogin']) || isset($_POST['userlogin_x']))
 {
 	e107_require_once(e_HANDLER.'login.php');
 	$usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin'], varset($_POST['hashchallenge'],''));
 }
 
+
 if ((e_QUERY == 'logout') || (($pref['user_tracking'] == 'session') && isset($_SESSION['ubrowser']) && ($_SESSION['ubrowser'] != $ubrowser)))
-//if (e_QUERY == 'logout')
 {
 	if (USER)
 	{
@@ -879,7 +881,8 @@ if ((e_QUERY == 'logout') || (($pref['user_tracking'] == 'session') && isset($_S
 	$udata = (USER === true ? USERID.'.'.USERNAME : '0');
 	$sql->db_Update('online', "online_user_id = 0, online_pagecount=online_pagecount+1 WHERE online_user_id = '{$udata}' LIMIT 1");
 
-	if ($pref['user_tracking'] == 'session') {
+	if ($pref['user_tracking'] == 'session') 
+	{
 		session_destroy();
 		$_SESSION[e_COOKIE]='';
 	}

e107_admin/prefs.php

@@ -9,8 +9,8 @@
  * Administration - Site Preferences
  *
  * $Source: /cvs_backup/e107_0.8/e107_admin/prefs.php,v $
- * $Revision: 1.23 $
- * $Date: 2008-12-31 17:08:14 $
+ * $Revision: 1.24 $
+ * $Date: 2009-01-04 16:00:19 $
  * $Author: e107steved $
  *
 */
@@ -844,6 +844,13 @@ $text .= "
 							".$frm->radio_switch('user_reg_secureveri', $pref['user_reg_secureveri'])."
 						</td>
 					</tr>
+					<tr>
+						<td class='label'>".PRFLAN_197.": </td>
+						<td class='control'>
+							".$frm->radio_switch('autologinpostsignup', $pref['autologinpostsignup'])."
+							<div class='smalltext field-help'>".PRFLAN_198."</div>
+						</td>
+					</tr>
 					<tr>
 						<td class='label'>".PRFLAN_129.":</td>
 						<td class='control'>

e107_files/def_e107_prefs.php

@@ -11,8 +11,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_files/def_e107_prefs.php,v $
-|     $Revision: 1.19 $
-|     $Date: 2008-12-07 21:41:04 $
+|     $Revision: 1.20 $
+|     $Date: 2009-01-04 16:00:19 $
 |     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
@@ -55,6 +55,7 @@ City, State, Country
   'signcode' => '0',
   'user_reg_veri' => '1',
   'user_reg_secureveri' => '1',
+  'autologinpostsignup' => '0',
   'signup_pass_len' => '',
   'signup_maxip' => '3',
   'signup_disallow_text' => '',

e107_handlers/login.php

@@ -12,8 +12,8 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_handlers/login.php,v $
-|     $Revision: 1.19 $
-|     $Date: 2008-12-21 11:07:58 $
+|     $Revision: 1.20 $
+|     $Date: 2009-01-04 16:00:19 $
 |     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
@@ -50,6 +50,9 @@ class userlogin
 		#
 		# - parameters #1:      string $username, $_POSTED user name
 		# - parameters #2:      string $userpass, $_POSTED user password
+		# @param $autologin - 'signup' - uses a specially encoded password - logs in if matches
+		#					- zero for 'normal' login
+		#					- non-zero sets the 'remember me' flag in the cookie
 		# - return              boolean
 		# - scope				public
 		*/
@@ -75,9 +78,10 @@ class userlogin
 //	    $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
 		$e107->check_ban("banlist_ip='{$fip}' ",FALSE);			// This will exit if a ban is in force
 
-		$autologin = intval($autologin);
+		$forceLogin = ($autologin == 'signup');
+		$autologin = intval($autologin);		// Will decode to zero if forced login
 
-		if ($pref['auth_method'] && $pref['auth_method'] != "e107") 
+		if ($pref['auth_method'] && $pref['auth_method'] != 'e107' && !$forceLogin) 
 		{
 			$auth_file = e_PLUGIN."alt_auth/".$pref['auth_method']."_auth.php";
 			if (file_exists($auth_file)) 
@@ -94,7 +98,7 @@ class userlogin
 		$username = preg_replace("/\sOR\s|\=|\#/", "", $username);
 
 		// Check secure image
-		if ($pref['logcode'] && extension_loaded("gd")) 
+		if (!$forceLogin && $pref['logcode'] && extension_loaded("gd")) 
 		{
 			require_once(e_HANDLER."secure_img_handler.php");
 			$sec_img = new secure_image;
@@ -105,20 +109,20 @@ class userlogin
 		}
 
 		// Check username general format
-		if (strlen($username) > varset($pref['loginname_maxlength'],30))
+		if (!$forceLogin && (strlen($username) > varset($pref['loginname_maxlength'],30)))
 		{  // Error - invalid username
 			return $this->invalidLogin($username,LOGIN_BAD_USERNAME,$fip);
 		}
 
-		$lookemail = varset($pref['allowEmailLogin'],0) && (strpos($username,'@') !== FALSE);		// See if we look up against email or user name
+		$lookemail = !$forceLogin && varset($pref['allowEmailLogin'],0) && (strpos($username,'@') !== FALSE);		// See if we look up against email or user name
 		// Look up user in DB - even if email addresses allowed, still look up by user name as well - user could have specified email address for their login name
-		if ($sql->db_Select("user", "*", "`user_loginname`= '".$tp -> toDB($username)."'".($lookemail ? " OR `user_email` = '".$tp -> toDB($username)."'" : '') ) !== 1) 	// Handle duplicate emails as well
+		if ($sql->db_Select('user', '*', "`user_loginname`= '".$tp -> toDB($username)."'".($lookemail ? " OR `user_email` = '".$tp -> toDB($username)."'" : '') ) !== 1) 	// Handle duplicate emails as well
 		{	// Invalid user
 			return $this->invalidLogin($username,LOGIN_BAD_USER,$fip);
 		}
 
 		// User is in DB here
-		$lode = $sql -> db_Fetch();		// Get user info
+		$lode = $sql -> db_Fetch(MYSQL_ASSOC);		// Get user info
 		$lode['user_perms'] = trim($lode['user_perms']);
 		$lookemail = $lookemail && ($tp -> toDB($username) == $lode['user_email']);		// Know whether login name or email address used now
 		if ($lookemail && varsettrue($pref['passwordEncoding']))
@@ -134,6 +138,15 @@ class userlogin
 
 		// Now check password
 		$user_info = new UserHandler();
+		if ($forceLogin)
+		{
+			if (md5($lode['user_name'].$lode['user_password'].$lode['user_join']) != $userpass)
+			{
+				return $this->invalidLogin($username,LOGIN_BAD_PW,$fip);
+			}
+		}
+		else
+		{
 			if ((($pref['password_CHAP'] > 0) && ($response && isset($_SESSION['challenge'])) && ($response != $_SESSION['challenge'])) || ($pref['password_CHAP'] == 2))
 			{  // Verify using CHAP
 	//		  $admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login","U: {$username}, P: {$userpass}, C: {$_SESSION['challenge']} R:{$response} S: {$lode['user_password']}",FALSE,LOG_TO_ROLLING);
@@ -150,6 +163,7 @@ class userlogin
 					return $this->invalidLogin($username,LOGIN_BAD_PW,$fip);
 				}
 			}
+		}
 
 		// Check user status
 		switch ($lode['user_ban'])
@@ -266,7 +280,7 @@ class userlogin
 		if (strstr($_SERVER['SERVER_SOFTWARE'], "Apache")) 
 		{
 			header("Location: ".$redir);
-		  exit;
+			exit();
 		} 
 		else 
 		{

e107_languages/English/admin/lan_prefs.php

@@ -12,9 +12,9 @@
 |     GNU General Public License (http://gnu.org).
 |
 |     $Source: /cvs_backup/e107_0.8/e107_languages/English/admin/lan_prefs.php,v $
-|     $Revision: 1.15 $
-|     $Date: 2008-12-19 14:01:07 $
-|     $Author: secretr $
+|     $Revision: 1.16 $
+|     $Date: 2009-01-04 16:00:19 $
+|     $Author: e107steved $
 +----------------------------------------------------------------------------+
 */
 
@@ -180,18 +180,18 @@ define("PRFLAN_168", "Site Contact Person(s)");
 define("PRFLAN_169", "If the chosen group contains more than one person, the user will be asked to select a person from the group.");
 //define("PRFLAN_170", "Use reverse DNS to allow host banning");
 //define("PRFLAN_171", "Turning this option on will allow you to ban users by hostname, rather then just IP or email address.  <br />NOTE: This may affect pageload times on some hosts");
-define("PRFLAN_172", "Login Name maximum length (10..100)");
-define("PRFLAN_173", "Check at SourceForge for e107 updates once/day");
-define("PRFLAN_174", "Name for responses to emails from site");
-define("PRFLAN_175", "This will appear in the 'From' field of registration and other emails from this site");
-define("PRFLAN_176", "Email address for emails from site");
-define("PRFLAN_177", "Address specified for replies to emails from this site.");
-define("PRFLAN_178", "Password transmission method");
-define("PRFLAN_179", "(Only supported if using sessions for user tracking.)");
-define("PRFLAN_180", "Plaintext");
-define("PRFLAN_181", "CHAP, plaintext fallback");
-define("PRFLAN_182", "CHAP only");
-define("PRFLAN_183", " CHAP requires JS enabled in user's browser");
+define('PRFLAN_172', 'Login Name maximum length (10..100)');
+define('PRFLAN_173', 'Check at SourceForge for e107 updates once/day');
+define('PRFLAN_174', 'Name for responses to emails from site');
+define('PRFLAN_175', 'This will appear in the \'From\' field of registration and other emails from this site');
+define('PRFLAN_176', 'Email address for emails from site');
+define('PRFLAN_177', 'Address specified for replies to emails from this site.');
+define('PRFLAN_178', 'Password transmission method');
+define('PRFLAN_179', '(Only supported if using sessions for user tracking.)');
+define('PRFLAN_180', 'Plaintext');
+define('PRFLAN_181', 'CHAP, plaintext fallback');
+define('PRFLAN_182', 'CHAP only');
+define('PRFLAN_183', ' CHAP requires JS enabled in user\'s browser');
 define('PRFLAN_184', 'Allow login by email address');
 define('PRFLAN_185', '(as well as login name)');
 define('PRFLAN_186', 'Yes');
@@ -205,7 +205,9 @@ define('PRFLAN_193', 'To allow users to set their own login names, leave blank')
 define('PRFLAN_194', '# - alpha<br />. - numeric<br />* - alphanumeric<br />Other chars used as entered.');
 define('PRFLAN_195', 'Changed values:');
 define('PRFLAN_196', 'Log all page accesses');
-//define('PRFLAN_197', '');
+define('PRFLAN_197', 'Auto-login new user after clicking on signup link');
+define('PRFLAN_198', 'If disabled, user has to explicitly log in after signup');
+//define('PRFLAN_199', '');
 
 //0.8
 define("PRFLAN_154a", "If 'Admin Approval' is selected, it is recommended that you enable email notification on user signup <a href='".e_ADMIN."notify.php'>here</a>.");

signup.php

@@ -9,8 +9,8 @@
  * User signup
  *
  * $Source: /cvs_backup/e107_0.8/signup.php,v $
- * $Revision: 1.30 $
- * $Date: 2008-12-29 09:31:36 $
+ * $Revision: 1.31 $
+ * $Date: 2009-01-04 16:00:19 $
  * $Author: e107steved $
  *
 */
@@ -28,7 +28,7 @@ include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_user.php');		// Generic user-related
 define('SIGNUP_DEBUG', FALSE);
 
 include_once(e_HANDLER.'user_extended_class.php');
-$ue = new e107_user_extended;
+$usere = new e107_user_extended;
 require_once(e_HANDLER.'calendar/calendar_class.php');
 $cal = new DHTML_Calendar(true);
 require_once(e_HANDLER.'validator_class.php');
@@ -336,6 +336,11 @@ if (e_QUERY)
 				$admin_log->user_audit(USER_AUDIT_EMAILACK,$row);
 				
 				$e_event->trigger("userveri", $row);
+				if (varset($pref['autologinpostsignup']))
+				{
+					require_once(e_HANDLER.'login.php');
+					$usr = new userlogin($row['user_loginname'], md5($row['user_name'].$row['user_password'].$row['user_join']), 'signup', '');
+				}
 				require_once(HEADERF);
 				$text = LAN_SIGNUP_74." <a href='index.php'>".LAN_SIGNUP_22."</a> ".LAN_SIGNUP_23."<br />".LAN_SIGNUP_24." ".SITENAME;
 				$ns->tablerender(LAN_SIGNUP_75, $text);
@@ -488,7 +493,7 @@ if (isset($_POST['register']))
 		$eufVals = array();
 		if (isset($_POST['ue']))
 		{
-			$eufVals = $ue->userExtendedValidateAll($_POST['ue'], varset($_POST['hide'],array()));		// Validate the extended user fields
+			$eufVals = $usere->userExtendedValidateAll($_POST['ue'], varset($_POST['hide'],array()));		// Validate the extended user fields
 		}