CMSimple_XH–Forum

[Tata]

1. RE: Delete button - could be comfortable for experienced user. But can be a source of bad problems. In any case - I would make apperance of such button configurable at least.
2. RE: Plugin - it really depends on how many users would have such specific requirement. I personly would prefer some external folder with all possible source files accessible from one poblic instance and I would teach pupils to understand also the basics of CMSimple, incl. installation, basic configuration and maybe also the basics of template construction. Setting up the portal mentioned in my previous post took me in fact about a day. But since then it happend only twice that a user damaged his "website". Reparation was made in a couple of minutes.
3. RE: Plugin tutorial - have here: http://cmsimple.sk/?Download:Pluginy_a_ ... stiahnutie . I have uploaded som examples and tutorials here long ago. Maybe it hepls a bit more.

[majke]

I have to think a little more about it. But the file you mention already exists : it's /cmsimple/log.txt. But what if the admin forget to logout ? Are we stuck forever ? Keep in touch !

If sessions are complicated in php maybe we can just write some boolean in one file, check it at every login, and write the message "Someone is editing this website right now!" if it is true. Is it possible?

We don't want our user to be stuck forever, It can be done with the message "Someone is editing this website since [Y-m-d H:i:s]" "Wait till he's over, then try again" with an option to edit anyway "on his own risk because his modifications could be erased by other user".
If admin sees that login-date is old he can go one and edit.
The function that writes "logged_in" information in log.txt file is writelog in /cmsimple/login.php
We can also write "logged_out" information then check it out at every login.
Thanks a lot Fabien for your help, my question is quite different from your topic, if you want i can move it in a new topic?

[fabien]

Hi majke
Finally, your idea was excellent and I managed to implement it. It works now as you suggested : a warning is displayed if a user tries to connect to the edition interface when somebody else has already been connected. I managed to differentiate one user from another by checking his ip adress. Also, if the second user connects anyway to the interface, then the first connected user gets the same type of warning.
For the moment, the trick works with direct modifications to the source code. I will then try to use Tata's advices (thanks Tata !) to turn it into a well designed plugin.

1/ The first thing to do is to correct the bug that prevent the system to take care of the language when writing to the log file. In the file /cmsimple/login.php, you will find the following code (l 84 to 91 for me) :

Code: Select all

if ($login && !$adm) {
   if ($cf['security']['type'] != 'wwwaut') {
      if ($passwd == $cf['security']['password'] && ($cf['security']['type'] == 'page' || $cf['security']['type'] == 'javascript')) {
         setcookie('status', 'adm');
         setcookie('passwd', $passwd);
         $adm = true;
         $edit = true;
         writelog(date("Y-m-d H:i:s")." from ".sv('REMOTE_ADDR')." logged_in\n");
      }
      else
         shead('401');
...

You have to replace

Code: Select all

writelog(date("Y-m-d H:i:s")." from ".sv('REMOTE_ADDR')." logged_in\n");

by

Code: Select all

writelog(date($tx['log']['dateformat']).' '.sv('REMOTE_ADDR').' '.$tx['log']['loggedin']."\n");

2/ Then you will make the system write in the log file when user clicks on LOGOUT button. Later in login.php, you will find (l 113-135 for me) :

Code: Select all

else if($logout && $adm) {
   $fn = date("YmdHis").'.htm';
   [...]
   }
   else e('cntsave', 'backup', $fn);
   $adm = false;
   setcookie('status', '');
   setcookie('passwd', '');
   $o .= '<p><font color="red">'.$tx['login']['loggedout'].'</font></p>';
}

Insert a call to writelog function :

Code: Select all

   $adm = false;
   writelog(date($tx['log']['dateformat']).' '.sv('REMOTE_ADDR').' '.$tx['log']['loggedout']."\n");
   setcookie('status', '');
   setcookie('passwd', '');

3/ This call needs a small add to the language file (/cmsimple/languages/en.php). Just add the third line (the two first one should already be there) :

Code: Select all

$tx['log']['dateformat']="Y-m-d H:i:s";
$tx['log']['loggedin']="logged in";
$tx['log']['loggedout']="logged out";

You will also add to this language file a new error message to display when a conflict happens.

Code: Select all

$tx['error']['sbdisediting']="An administrator is already editing this website since";

4/ Now, back to login.php, you have to create a new function that reads the last line of the log file. Add this piece of code after the closing bracket of the writelog function (or elsewhere if you know what you are doing):

Code: Select all

/**
* Read the last line of the log file, and check if a user is currently connected.
* If yes, return its ip address and connection time.
*/
function readLastLog() {
   global $pth, $tx, $e;
   if ($fh = @fopen($pth['file']['log'], "rb")) {
      $contents = fread($fh, filesize($pth['file']['log']));
      fclose($fh);
      $ip_pattern = '[0-9\.]{7,15}';
      $date_pattern = '[\w0-9:\-\/ \.]+';
      preg_match("/($date_pattern) ($ip_pattern) ".$tx['log']['loggedin'].'\n*$/',$contents, $match);
      return $match;
   } else {
      e('cntopen', 'log', $pth['file']['log']);
      chkfile('log', true);
   }
}

5/ Finally, the call to this function should take place just after $adm variable is set, and before $login variable is checked (l 77 for me):

Code: Select all

$adm = (gc('status') == 'adm' && logincheck());

// display a warning if somebody else is already connected
if($login || $adm){
   $lastLog = readLastLog();
   if(sizeof($lastLog) > 0){
      if($lastLog[2] != sv('REMOTE_ADDR')) e('sbdisediting','',$lastLog[1]);
   }
}

if ($cf['security']['type'] == 'page' && $login && $passwd == '' && !$adm) {
   $login = null;
   $f = 'login';
}

That's it !
Please tell me if it works for you. If yes, I will think about a way to safely forbid another user to connect (to just display a warning).

[PatrikGC]

@PatrikGC
The latest free menumanager supports more then 3 levels!!

I'm happy, very happy and so happy
Thank you !!!