[mlimg]
[xlang:en]

   == AUTO-LOGIN V3 (REMEMBER ME) hacked files for XOOPS 2.0.14JP ==

------------------------------------------------------------------

Hacked core files to be able to login automatically (+ alpha).
This package is for XOOPS 2.0.14JP


[b]USAGE:[/b]
1) Overwrite these files into your XOOPS 2.0.14JP
2) update system module. If you are using a custom template set you will need
to edit or delete the system_block_login.html for that set by template
manager.

AUTO-LOGIN V3 is a little safer than V2.
V3 stores user's password as md5 encoded with time limitation.
If cookie is stolen by someone, he can't login after auto-login expiration.
This means that short expiration makes your site a little bit safer.

The feature of Retry or Repost is implemented with AUTO-LOGIN V2.

- You can access dynamic contents directly with autologin without CSRF
  vulnerablities.

- You can retry to post even if you are timed-out from the session.

These features are implemented in session_confirm.php.
Don't forget uploding this file.


If you want to set the life time of remembering, insert a line into
mainfile.php like this:
[code]
define('XOOPS_AUTOLOGIN_LIFETIME',2678400);
[/code]
This example specifies the life time as 1 month.
The default value is 604800 (= 1week).

The prior version of auto-login hacks useed the value of session_expire.
But this hack harms customizing session.
Thus I've changed the code like above.


This hack stores the password as an MD5 hash on the client, but this is
vulnerable to dictionary attacks, and simple copying to another computer.

This hack is a potential security hole, don't enable it lightly.


[b]HACKED POINTS:[/b]

You can easily find hacked points by searching the words 'GIJ'.
If you use customized language files or some language files other than english
or japanese, you should manually add a line into language/(your
language)/global.php

[code]
define('_REMEMBERME','remember me'); // describe with your language
define('_RETRYPOST','Time-out. Do you post again?');
[/code]

And if you can, edit this line.

[code]
define('_USERNAME','username or email: '); // describe with your language
[/code]


[b]ABOUT + ALPHA:[/b]

This hack also modifies your XOOPS can be logged in by email.
Users can login not only uname+password but also email+password.
Of course, even the users logged in by email+password can login automatically
on/after next access.



[/xlang:en]
[xlang:ja]

XOOPS 2.0.14JPѤΥȥϥå(+)Ѥߥեѥå (V3)

--------------------------------------------------

XOOPS 2.0.14JP
˼ưǽͿ뤿ΥѥåǤ
Υ˴ޤޤե򡢤ȤXOOPS 2.0.14JP
˾񤭤뤳Ȥǡưǽͭˤʤޤ

ˡ񤭸Υƥ⥸塼륢åץǡȤǡIDȥѥɤ򵭲פȤåܥåɽޤʤƥץ졼ȥåȤѤƤϡƥץ졼ȥޥ͡ꡢѤΥƥץ졼ȥåΥƥsystem_userform.htmlsystem_block_login.html롢ޤϼȤǥåܥåɲäɬפޤ

ºݤˤϡƥץ졼ȴȹԤռϽפǡ⥸塼륢åץǡȤ⡢tplsadminѤơɤΤ褦ʥƥץ졼Ȥκʬ뤫򤷤ʤ顢ƥץ졼Ȥ򹹿Τ٥ȤǤ

V3 Ǥϡåؤ¸㴳Ѥ뤳Ȥǡ¿ޥˤʤޤ
դmd5󥳡ɤ줿ѥɤå¸ޤΤǡïåȤƤ⡢δ°ʹߤǤХޤ
Ĥޤꡢȥͭ¤פʤ櫓ǡǥեȤΣ֤򣱥䣱ǯ˱ĹȡȤαդ

ȥV2ǡȥ饤ǽĤޤΥȥHackǤϡCSRFкΤˡʤꥳƥĤ˥ȥȥåפФ뤳Ȥ¿ޤϤäsession_confirm.php˥쥯ȤƤ顢ξޤ

session_confirm.phpV2եǤ˺줺˥åץɤƤ

ޤƤ˥å󤬻ڤǡƤȤȤи򤪻⾯ʤʤȻפޤΥȥV2ͭˤƤ桼ǤСټư󤷤ơľ˺ƤεͿޤV2̵ܶǽ


Hackϡunamemd5ϥåѤΥѥɤ򥯥å¸ΤǤ֤ͭϡǥեȤǣ(604800)ȤʤäƤޤ

⤷ͤѹϡmainfile.php
ФƲΤ褦ˣɲäƲ
[code]
define('XOOPS_AUTOLOGIN_LIFETIME',2678400);
[/code]
ιԤϾʤȤ⡢include XOOPS_ROOT_PATH."/include/common.php";
Ƚ񤫤줿Ԥˤɬפޤ

ޤե (langage/japanese/global.php)
˼ƤϡΥե񤭤ΤǤϤʤȤǽ񤭴Ƥ

[code]
define('_USERNAME','桼ID ޤ e-mail: '); // 񤭴
[/code]

[code]
define('_REMEMBERME','IDȥѥɤ򵭲'); // ɲ
define('_RETRYPOST','ڤǤƤޤ'); // ɲ
[/code]


ϽפǤå˥󤬻ĤäƤȤȤϡïޤǽޤѥԥ塼ʤɤѤκݤˤϡɬȤƤ齪λ褦˥ʥ󥹤ɬפǤ礦


μưHackǤϡưͭ¤Ȥơsession_expireͤήѤƤޤƤޤȡॻåǽ¾ȤʤʤäƤޤᡢXOOPS_AUTOLOGIN_LIFETIME
Ȥǻꤹ˲Ƥޤ


ȡΥ֤񤭤ȡemailɥ쥹ǤǤHack⼫ưŪͭˤʤޤ
񤯤ȡRyujiemailLoginHackƱʤȻפ줽ǤޤǤȺäƤޤ󡣥桼̾ȤƤʸˡ@
ޤޤƤСemail
ˤȿꤷƥȤHackǤ

դ˸СʬHackս⾯ʤƺѤǤޤŪˤϡinclude/checklogin.php
ѹǤΤǡСؤɿ⾯ϳڤˤʤ뤫⤷ޤ

ǶΥåԥ󥰥ȤǤϡֹǤ᡼륢ɥ쥹Ǥդ롢ȤΤƤƤΤǡʤ˼䤹HackǤϤʤǤ礦


ޤinclude/common.php
ʤɤϡ¾HackȥХåƥ󥰤䤹Τǡ񤭤Ⱥ륱⤢Ǥ礦ξϡΥ֤γƥեˤĤơ'GIJ'ȤʸǸСHackս꤬ɤȽϤǤ


                    by GIJOE    http://www.peak.ne.jp/xoops/
[/xlang:ja]
