Master Password for Member Profiles
1 posts by 1 authors in: Forums > CMS Builder: Plugins & Add-ons
Last Post: June 19, 2014 (RSS)
By ScottL - June 19, 2014
I would like to utilize a master password to login and view any members that have signed up for membership.
This code was available in a previous post but does not work with my code. (see below).
Suggestions? Thanks.
--------------only previous forum post with master password code ---------------
// MASTER PASSWORD
if (!$isValidLogin) {
$masterPassword = "mymasterpasswordhere";
$isValidLogin = $currentUser && (md5($masterPassword) == @$_SESSION['passwordHash']);;
}
------------- part of my memberhip.php code (it's custom) ---------------------
<?php
/*
Plugin Name: Website Membership
Description: Website membership functions for user sign-up, password reminder, login, user specific content, and login only content
Version: 1.10
Requires at least: 2.52
Required System Plugin: True
*/
// UPDATE THESE VALUES
$GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL'] = '/member-login.php'; // url to login form
$GLOBALS['WEBSITE_LOGIN_SIGNUP_URL'] = '/member-signup.php'; // signup url linked to from the login page
$GLOBALS['WEBSITE_LOGIN_REMINDER_URL'] = '/member-password-request.php'; // password reminder url linked to from the login page
$GLOBALS['WEBSITE_LOGIN_RESET_URL'] = '/member-password-reset.php'; // password reminder url linked to from the login page
$GLOBALS['WEBSITE_LOGIN_PROFILE_URL'] = '/member-edit-profile.php'; // url to "edit my profile" page
$GLOBALS['WEBSITE_LOGIN_REQUIRED_FIELDS'] = array('agree_tos','agree_legal'); // if user is logged in and any of these fields exist and are blank (or zero) they will be redirected to the profile url with ?missing_fields=1 set
// After login, user gets redirected to the last page they were on (if defined), the url below, or to /
$GLOBALS['WEBSITE_LOGIN_POST_LOGIN_URL'] = '/Athlete-Dashboard.php';
// After logoff, user gets redirected to the last page they were on (if defined), the url below, or to /
$GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'] = '/membership.php';
$GLOBALS['WSM_ACCOUNTS_TABLE'] = 'members'; // set the accounts table WSM uses, change this to store website accounts in a different table
$GLOBALS['WSM_SEPARATE_LOGIN'] = true; // set this to allow you to login to the website and CMS simultaneously as different users
// DON'T UPDATE ANYTHING BELOW THIS LINE
$GLOBALS['WEBSITE_MEMBERSHIP_PLUGIN'] = true;
$GLOBALS['WEBSITE_MEMBERSHIP_VERSION'] = '1.10';
// plugin actions
addAction('viewer_postinit', '_websiteLogin_init', null, 0);
addAction('record_presave', 'wsm_customAccountsTable_hashPasswords', null, 3);
// add links to plugin menu
pluginAction_addHandlerAndLink('Email Templates', 'wsm_plugin_menu_redirect_templates', 'admins');
pluginAction_addHandlerAndLink('Code Generator', 'wsm_plugin_menu_redirect_generator', 'admins');
// add menu to code generator
addGenerator('wsm_codeGenerator', t("Website Membership"), t("Create membership pages such as login, signup, reset password, profile, etc"));
// add email templates to CMS
addAction('emailTemplate_addDefaults', 'wsm_emailTemplates_install', null, 0);
// uncomment this to automatically start a session with every page load
// if (!defined('START_SESSION')) { define('START_SESSION', true); }
//
function _websiteLogin_init() {
if (defined('IS_CMS_ADMIN')) { return; } // only run this form website viewers, not CMS admin pages
if (inCLI()) { return; } // don't run for command line scripts
// load login functions
require_once SCRIPT_DIR . "/lib/login_functions.php";
if (@$GLOBALS['WSM_ACCOUNTS_TABLE']) { accountsTable($GLOBALS['WSM_ACCOUNTS_TABLE']); }
if (@$GLOBALS['WSM_SEPARATE_LOGIN']) { cookiePrefix('web'); } // use different prefix for login cookies
// create accounts table if needed
wsm_customAccountsTable_create();
// load current user
$GLOBALS['CURRENT_USER'] = _websiteLogin_getCurrentUser(); //
//
doAction('_websiteLogin_init.pre_actionHandler');
// perform website login actions
if (@$_REQUEST['action'] == 'logoff') { _websiteLogin_logoff(); }
if (@$_REQUEST['action'] == 'login') { _websiteLogin_login(); }
// check for required profile fields
$accountsSchema = loadSchema(accountsTable());
if ($GLOBALS['CURRENT_USER'] && !@$GLOBALS['WEBSITE_MEMBERSHIP_PROFILE_PAGE']) {
$missingFields = array();
foreach ($GLOBALS['WEBSITE_LOGIN_REQUIRED_FIELDS'] as $field) {
$isCheckbox = (@$accountsSchema[$field]['type'] == 'checkbox');
if (!array_key_exists($field, $GLOBALS['CURRENT_USER'])) { continue; } // if field isn't defined in database, skip it
if ($isCheckbox && $GLOBALS['CURRENT_USER'][$field] != '0') { continue; } // checkboxs default to 0, so require them to have 1 (checked)
elseif (!$isCheckbox && $GLOBALS['CURRENT_USER'][$field] != '') { continue; } // for all other fields, skip unless they are blank
$missingFields[] = $field;
}
if ($missingFields) {
$url = $GLOBALS['WEBSITE_LOGIN_PROFILE_URL'] . "?missing_fields=" . implode(',', $missingFields);
redirectBrowserToURL($url);
exit;
}
}
}
// if (!$CURRENT_USER) { websiteLogin_redirectToLogin(); }
function websiteLogin_redirectToLogin($returnAfterLogin = true) {
// remember page they're trying to access
if ($returnAfterLogin) { setPrefixedCookie('lastUrl', thisPageUrl()); }
// redirect to login
$loginUrl = $GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL'] . "?loginRequired=1";
redirectBrowserToURL($loginUrl);
exit;
}
// be sure to set password or user will be logged out. The $password argument isn't required by the function for legacy support
function websiteLogin_setLoginTo($username, $password = null) {
loginCookie_set($username, getPasswordDigest($password));
}
// load user from database with cookie login details
function _websiteLogin_getCurrentUser() {
global $CURRENT_USER;
// load current user
$CURRENT_USER = getCurrentUser();
if (!$CURRENT_USER) { return false; }
// error checking - logoff expired and disabled users
if (@$CURRENT_USER['disabled']) { alert(t("Your account has been disabled.")); }
//if (@$CURRENT_USER['isExpired']) { alert(t("Your account has expired.")); } // future: maybe we should add an expires url where user gets redirect when their account has expired? For subscription renewal
if (alert()) {
loginCookie_remove();
return false;
}
//
return $CURRENT_USER;
}
//
function _websiteLogin_login() {
global $CURRENT_USER;
// attempt login?
if (@$_REQUEST['username'] && @$_REQUEST['password']) {
foreach (array('username','password') as $field) { // v1.10 remove leading and trailing whitespace
$_REQUEST[$field] = preg_replace("/^\s+|\s+$/s", '', @$_REQUEST[$field]);
}
// get a list of accounts matching password and either email or username (we allow login with either)
// ... checking for valid password ensure we get error messages from getCurrentUser() that are for a valid username/password combination (eg: expired/disabled)
$accountsTable = $GLOBALS['TABLE_PREFIX'] . accountsTable();
$passwordValue = $GLOBALS['SETTINGS']['advanced']['encryptPasswords'] ? getPasswordDigest($_REQUEST['password']) : $_REQUEST['password'];
$query = mysql_escapef("SELECT username FROM `$accountsTable` WHERE password = ? AND ? IN (`username`,`email`)", $passwordValue, $_REQUEST['username']);
$usernames = array_pluck(mysql_select_query($query), 'username');
//
foreach ($usernames as $username) {
loginCookie_set($username, getPasswordDigest(@$_REQUEST['password']));
$CURRENT_USER = _websiteLogin_getCurrentUser();
if (alert()) { return; }
}
}
// error checking
if (!@$_REQUEST['username']) { alert("Please enter a username!<br/>\n"); }
else if (!@$_REQUEST['password']) { alert("Please enter a password!<br/>\n"); }
else if (!$CURRENT_USER) { alert("Invalid username or password!<br/>\n"); }
if (function_exists('wsm_login_errorchecking')) { alert(wsm_login_errorchecking($CURRENT_USER)); }
if (alert()) {
return;
}
// clear form values
$_REQUEST['username'] = '';
$_REQUEST['password'] = '';
// redirect on success
$postLoginUrl = coalesce( getPrefixedCookie('lastUrl'), @$GLOBALS['WEBSITE_LOGIN_POST_LOGIN_URL'], '/' );
removePrefixedCookie('lastUrl');
doAction('wsm_loginSuccess');
redirectBrowserToURL($postLoginUrl);
exit;
}
// remove login cookies
function _websiteLogin_logoff() {
// get logoff url
$currentPageUrl = (@$_REQUEST['action'] == 'logoff') ? thisPageUrl(array('action' => null)) : thisPageUrl(); // remove action=logoff to prevent redirect loops
$logoffUrl = coalesce(@$_SERVER['HTTP_REFERER'], $GLOBALS['WEBSITE_LOGIN_POST_LOGOFF_URL'], $currentPageUrl, '/');
// logoff and redirect
user_logoff($logoffUrl);
exit;
}
//
function websiteLogin_pluginDir() {
return dirname(__FILE__);
}
//
function wsm_generatePassword() {
$password = substr(md5(uniqid(mt_rand(), true)), 15); // example output: c5560251ef0b3eef9
return $password;
}
// list($mailErrors, $fromEmail) = wsm_sendSignupEmail($userNum, $passwordText);
// if ($mailErrors) { alert("Mail Error: $mailErrors"); }
function wsm_sendSignupEmail($userNum, $passwordText) {
$user = mysql_get(accountsTable(), $userNum);
$emailHeaders = emailTemplate_loadFromDB(array(
'template_id' => 'USER-SIGNUP',
'placeholders' => array(
'user.username' => $user['username'],
'user.email' => $user['email'],
'user.password' => $passwordText,
'loginUrl' => realUrl($GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL']),
)));
$mailErrors = sendMessage($emailHeaders);
//
return array($mailErrors, $emailHeaders['from']);
}
// Encode password on save in for custom accounts table
function wsm_customAccountsTable_hashPasswords($tableName, $isNewRecord, $oldRecord) {
global $SETTINGS;
// skip for all but custom-accounts tables
if (!$GLOBALS['WSM_ACCOUNTS_TABLE']) { return; } // skip if no custom accounts table set
if ($GLOBALS['WSM_ACCOUNTS_TABLE'] == 'accounts') { return; } // skip if using default 'accounts' table
if ($GLOBALS['WSM_ACCOUNTS_TABLE'] != $tableName) { return; } // skip if the table being saved isn't the custom-accounts table
// skip if encrypt passwords isn't enabled
if (!@$GLOBALS['SETTINGS']['advanced']['encryptPasswords']) { return; }
// encrypt password being submitted in form input
$_REQUEST['password'] = getPasswordDigest(@$_REQUEST['password']);
}