CMS Made Simple Forums

1) The cookie path is not set when a user logs in to the admin panel. This creates
a problem for the iframe that is used in the osCommerce admin module, since it is
not in the 'admin' path it does not allow continuation on the check_login() function.

Workaround:

function generate_user_object($userid)
{
    global $gCms;
    $db =& $gCms->GetDb();
    $config =& $gCms->GetConfig();

    global $gCms;
    $userops =& $gCms->GetUserOperations();
    $oneuser =& $userops->LoadUserByID($userid);

    if ($oneuser)
    {
        $_SESSION['cms_admin_user_id'] = $userid;
        $_SESSION['cms_admin_username'] = $oneuser->username;
        setcookie('cms_admin_user_id', $oneuser->id, 0); // password)), 0, '/');
    }
}

See the line that has an arrow on it, change it to look like this:

setcookie('cms_admin_user_id', $oneuser->id, 0, '/');

Disadvantages to workaround: none

2) osCommerce session handling will not cooperate with the session handling of CMSms.
This is the last of the big problems I have with a full integration between osCommerce
and CMSms, but I have no time nor an idea at the moment how to fix it. I am hoping
to get some attention from the CMSms (lead) developers.


Workaround: Disable the session handling of CMSms in /include.php as following:

Where it says:

@session_name('CMSSESSID');
@ini_set('url_rewriter.tags', '');
@ini_set('session.use_trans_sid', 0);
#if(!@session_id()) {
if(!@session_id() && (isset($_REQUEST[session_name()]) || isset($CMS_ADMIN_PAGE)))
{
    #Trans SID sucks also...
    @ini_set('url_rewriter.tags', '');
    @ini_set('session.use_trans_sid', 0);
    @session_start();
}

write around it:

if ($CMS_ADMIN_PAGE)
{
   ...
}

Disadvantages to workaround: will probably create a problem with other modules
that need CMSms's session handling.