- b2evolution 4.0.3 Vulnerability
- [fixed] v4.1.5 PHP notice about $dummy_fields variable
#1 Oct 06, 2012 08:32
Hello and greetings all.
I'm new to b2Evolution and have been having a fun 'ol day getting familiar with its functionality and customizability. I came across something that I'd swear is a bug, but I hope I'm missing something simple.
I want to shorten the length of time that sessions stay alive and users stay logged in - seven days or whatever seems a tad long for the system to have to keep track of someone with no activity. But every time I try I am immediately logged out & told that either cookies aren't enabled or I've waited longer than such-and-such number of minutes, and when clicking the Resubmit button it just repeats that same error message.
My first attempt at this was setting it to 30 minutes using my hosting company's default installed version of b2Evolution 3.3. I upgraded to this most recent version of 4-1-5 since there was no way of logging in to change the number of seconds/minutes.
With 4-1-5, there is a drop-down list for each unit of measurement (days, hours, etc), so I selected 1 hour, & was given an error message that the minimum is 120 minutes. So I selected "2 hours". The exact same error happened as with 3.3 -- being told that either cookies aren't enabled or I waited longer than the time-out period, and then clicking Resubmit keeps repeating the error message, as does clearing out the browser cache & trying to log back in from scratch.
I searched these forums and found "$use-hacks" mentioned along with "hacks.php". I found in "_advanced.php" that this variable is deprecated although in that file, another file "_main.php" or "main.php" is mentioned, but it also says that "$use-hacks" is deprecated. I tried it anyway since I figured maybe it'll still work since this variable is there in these two files. But it didn't, and I got the same error again about either cookies or waiting too long.
So I logged in to my hosting control panel to get to phpMyAdmin in the hopes of getting to the variable directly. I figured this would be worth a try since "db->Settings" is mentioned in the file "hacks.php". But I found no table called "Settings" inside the dbase (although did find "evo-settings") and doing a search through the dbase for "timeout" and "session" came up with no variable names that are for session timeouts.
So is there a way to get to this variable manually? Isn't it in the database somewhere in any of the tables? Or am I missing something about "$use-hacks" and "hacks.php"?