Is a Permanent Login (Auto-Login) Possible?

[crazy_chris]

hey,

how could it be possible to let users "stay logged in on this computer" (auto / permanent login)?

thx

[BlindSide]

Sure, you just need to set a cookie, and configure the Zen Cart login to look for it.

http://us2.php.net/manual/en/features.cookies.php

Then take a look at...

• [STORE_ROOT]/includes/modules/pages/login/header.php
• [STORE_ROOT]/includes/modules/create_account.php

[crazy_chris]

okay, that works really nice.
but since it's so easy to modify cookies, how to make it safe?
store the password as md5-string in the cookie?

[BlindSide]

The cookie should definitely have the PW encoded.

[crazy_chris]

sorry, but WHY wouldn't you take md5-encryption for the customers password?

zen_validate_password doesn't help any, because that function deals with the unencrypted password as value.
in the cookie i have an md5... and the function zen_encrypt_password always produces a different string...

how would you suggest to compare the md5-pw to the one in the db?

[crazy_chris]

sorry, my mistake.

of course i can store the password from the db in the cookie and have not to deal with this extendet encryption method

[Ryk]

Is this explained (i.e. a step-by-step how-to with code examples) anywhere for people like me - non-programmers but willing to have ago?

[Ryk]

I'll rephrase that - does anyone have a step-by-step guide as how to incorporate this in ZC? Or better still, a contribution?

[crazy_chris]

okay, i'll write a brief explanation of that.
but tomorrow...

[crazy_chris]

hi.

1. first of all, add a checkbox to your login-form called something like "permLogin".
   _
2. edit the file "/includes/modules/pages/login/header_php.php"
   if the login is ok, zencart will proceed to the beyond line 57 and does all the stuff around line 70. just after this we hook in. put that code there:
   _
   if (!empty($_REQUEST["permLogin"])) {
   ___ unset($c);
   ___ $c[] = $_SESSION['customer_id'];
   ___ $c[] = $_SESSION['customer_default_address_id'];
   ___ $c[] = $_SESSION['customers_authorization'];
   ___ $c[] = $_SESSION['customer_first_name'];
   ___ $c[] = $_SESSION['customer_last_name'];
   ___ $c[] = $_SESSION['customer_country_id'];
   ___ $c[] = $_SESSION['customer_zone_id'];
   ___ $c[] = $check_customer->fields['customers_password'];
   
   ___ $c_str = implode("~~~", $c);
   ___ setcookie("zencart_cookie_permlogin", $c_str, time()+36000000);
   }
   ___
   this will store all the relevant information in the cookie.
   ___
3. edit the file "/includes/modules/pages/index/header_php.php"
   if you start your zencart, this page will be loaded. here we check if the login is set and if, then we login automatically.
   at the very top of that file, just after "$zco_notifier..." add this code:
   ___
   if (substr_count($_COOKIE["zencart_cookie_permlogin"], "~~~") > 1) {
   ___ if (empty($_SESSION['customer_id'])) {
   ______ $c = explode("~~~", $_COOKIE["zencart_cookie_permlogin"]);
   
   ______ $q = "SELECT customers_password FROM " . TABLE_CUSTOMERS . " WHERE customers_id=" . $c[0];
   ______ $r = $db->Execute($q);
   
   ______ $pw_cookie = zen_db_prepare_input($c[7]);
   ______ $pw_zencart = $r->fields['customers_password'];
   
   ______ if ($pw_cookie == $pw_zencart) {
   _________ $_SESSION['customer_id'] = $c[0];
   _________ $_SESSION['customer_default_address_id'] = $c[1];
   _________ $_SESSION['customers_authorization'] = $c[2];
   _________ $_SESSION['customer_first_name'] = $c[3];
   _________ $_SESSION['customer_last_name'] = $c[4];
   _________ $_SESSION['customer_country_id'] = $c[5];
   _________ $_SESSION['customer_zone_id'] = $c[6];
   _________ $_SESSION['cart']->restore_contents();
   ______ }
   ___ }
   }
   

___
___
Thats pretty much it