UserBase

Frequently Asked Questions

How do I customize UserBase?

Just edit userbase_prefs.cgi in a text editor; it contains many adjustable settings. You'll probably want to adjust the $PREF{title_*} settings and $PREF{webmaster_email_address} right away, for example.

To customize the styling (look and feel), just adjust the CSS code in the $PREF{css} setting. To include an external CSS file, use a CSS @import statement:

$PREF{css} = qq`

\@import url("/mystylesheet.css");

[rest of UserBase's CSS here]

`;

Notice that the @-symbol on the @import statement must be escaped with a backslash, otherwise Perl will treat it as a variable, which will result in an error.

I get an Internal Server Error!

If this happens after you edit your userbase.cgi file, then the simple solution is: don't change userbase.cgi at all. Instead, only edit userbase_prefs.cgi, as explained above.

But if you haven't edited your userbase.cgi file and you still get an Internal Server Error, or if you absolutely need to edit userbase.cgi, then see the Internal Server Error page for solutions to this problem, which is most likely caused by an installation issue and not a problem with UserBase itself.

How do I embed UserBase in another page, or within my site's existing layout?

Embedding Method A: call userbase.cgi from your PHP or SSI/shtml page:

Within the <head> section of the PHP or SSI/shtml page where you want to embed UserBase, add the following lines:

<script type="text/javascript" src="/cgi-bin/userbase.cgi?js"></script>

<link rel="stylesheet" type="text/css" media="all" href="/cgi-bin/userbase.cgi?css" />
If your page is a PHP page, then add the following line to it wherever you want UserBase's output to appear:

<?PHP virtual("/cgi-bin/userbase.cgi?" . $_SERVER['QUERY_STRING']); ?>

Or, if your page is a plain HTML page with an extension of .htm or .html, rename its extension to .shtml and then add the following line to it wherever you want UserBase's output to appear:
In your userbase_prefs.cgi file, set $PREF{print_full_html_tags} = 'no'. Then set $PREF{login_url} = '/mypage.php' or '/mypage.shtml' where 'mypage' is the name of the page where you've embedded it.

Now visit www.yoursite.com/mypage.php (or shtml) and you'll see UserBase in the page.

See step #5 of the installation instructions for more details on calling UserBase from another page.

Embedding Method B: call userbase.cgi directly, and let it display your HTML template file:

If your server doesn't support the PHP/SSI/shtml that's necessary for Embedding Method A (above), then you can use an HTML template file instead. Your page will look exactly the same as with Method A; the difference is that Method B requires you to use the full URL to the CGI script itself, since your server doesn't support any other way.

First you create an HTML file in whatever way you normally create web pages. Name this file encodable_app_template.html. In the <head> section of this file, put the strings %%css%% and %%js%% each on their own line. Then in the <body> section of the file, wherever you want UserBase's output to go, put the string %%encodable_app_output%%. Now upload this HTML file onto your website in its top level (i.e. not in a subfolder).

Now open your userbase_prefs.cgi file and find the $PREF{print_full_html_tags} setting and set it to "no". Near there, you'll also find the $PREF{encodable_app_template_file} setting; set that to "%PREF{DOCROOT}/encodable_app_template.html";

Now visit www.yoursite.com/cgi-bin/userbase.cgi and it'll use your template file.

I get an error when I try to call UserBase from PHP using virtual().

If you get an error saying "call to undefined function virtual()" then that means your server doesn't support PHP's virtual() function. This is only a minor issue, and it is not a problem with UserBase itself. It just means you need to use a different method for calling UserBase from a shortcut URL. (See step #5 of the full instructions for more details and alternatives to the virtual() function, but read the rest of this FAQ item first.)

Or, if you get a different virtual() error like "request execution failed", that probably means your userbase.cgi isn't installed quite right.

Either way, the first thing to do is get UserBase itself installed and working: visit www.yoursite.com/cgi-bin/userbase.cgi and make sure that works. Only after that works properly should you try to get the shortcut URLs working (www.yoursite.com/login/ or www.yoursite.com/login/index.php or www.yoursite.com/login/index.shtml). If your userbase.cgi gives you an Internal Server Error, it's most likely a chmod/permissions problem, but see this page for full details on how to fix it.

Can I put a small login form or "user $name logged in" message on every page?

Yes. You just need to put one line of code into every page on your site where you want the login form / message to appear. If your pages are PHP pages, then use this line:

<?PHP virtual("/cgi-bin/userbase.cgi?format=mini"); ?>

Or, if your pages are .shtml pages, use this line instead:

To adjust the login form / message, adjust the $PREF{login_form_template__mini} and $PREF{mainmenu_template__mini} settings in your userbase_prefs.cgi file.

(Note that this is in addition to the call to userbase.cgi which you already have in your site's login page.)

Can I put just a login/logout link on every page?

Yes. This will display either a "login" link or a "logout" link depending on whether the user viewing the page is currently logged in or not. You just need to put one line of code into every page on your site where you want the link to appear. If your pages are .shtml pages, then use this line:

Or, if your pages are .php pages, use this line instead:

<?PHP virtual("/cgi-bin/userbase.cgi?format=justlink"); ?>

(See here if you're using .php pages but your server doesn't support the PHP virtual function.)

To adjust the text of these two links, adjust the $PREF{login_logout_link_template___login} and $PREF{login_logout_link_template___logout} settings in your userbase_prefs.cgi file.

(Note that this is in addition to the call to userbase.cgi which you already have in your site's login page.)

Can I get the logged-in username or other user info from PHP?

Yes; the ubinfo.php file from the userbase.zip file shows how to do it. Or you can call UserBase and pass ?action=chklogin if you want to parse the raw variables yourself, or from something other than PHP.

How do I password-protect my web pages?

The main page contains the password protection instructions.

I forgot my admin password or can't access my admin account.

As the webmaster, with FTP/SSH access to the server, you can tell UserBase to create a new admin account. Edit your userbase_prefs.cgi file and add this new line to the bottom of the file:

$PREF{allow_random_admin_account_creation} = 'yes';

Then visit yoursite.com/cgi-bin/userbase.cgi?createrandomadmin which will cause UserBase to create a new admin account with a randomly-chosen username and password. The user/pass will be stored in a new text file on your server in your /cgi-bin/encdata/userbase/ directory. Use those to login, then change the password on your original admin account (or create a new one). Then delete the random admin account, and remove that new pref from your prefs file.

How does UserBase store passwords?

It doesn't. For security purposes, UserBase only stores password hashes. A hash function is a one-way operation that turns a block of text (a password in this case) into a specific corresponding fixed-length string, known as a hash. A given password will always produce the same hash, but it is (for practical purposes) impossible to "decrypt" a hash back into the original password. Instead, UserBase always hashes passwords as soon as it receives them, so when a user tries to log in, UserBase compares the hash from the entered password with the hash stored in the database for the account in question, and if they match then the login is allowed.

UserBase (sometimes) says I'm not logged in, when I really am!

When this happens, it's often in response to having clicked on a link within a notification email. It's usually caused by the URL either having, or not having, the "www." in front of your domain name. Try adding or removing the "www." and see if that fixes things.

The root cause of this problem is the way that web browsers handle cookies. A cookie set by http://yoursite.com/ cannot be read by http://www.yoursite.com/ and vice-versa, because technically those are different domains for security purposes. There's no way for an application like UserBase to override this security setting and read the other domain's cookies.

Instead, to fix the problem, you need to configure your website itself to pick one form and stick to it: either always use http://yoursite.com/ without the "www.", or else always use http://www.yoursite.com/ with the "www." Then if someone visits the "wrong" one, the website will automatically and transparently send the visitor to the "right" one. To do this, check with your hosting company's control panel; Dreamhost for example has a simple setting for this that you can toggle. If your hosting company doesn't, and your website runs Apache, then you can add a few lines to your main .htaccess file to make it happen:

# Use this to automatically redirect www.you.com to just you.com:
#
RewriteEngine On
RewriteCond %{HTTP_HOST}   ^www\.you\.com [NC]
RewriteRule (.*)           http://you.com/$1 [L,R]

# Or, use this to automatically redirect you.com to www.you.com:
#
RewriteEngine On
RewriteCond %{HTTP_HOST}   ^you\.com [NC]
RewriteRule (.*)           http://www.you.com/$1 [L,R]

If you use this code, you don't need to go back into your individual pages and update your links to add/remove the "www." on each one. The .htaccess code will automatically do that for you, whenever someone visits the wrong domain. And it will keep the rest of the request intact, so even if the link is a long URL to some page deep within your site, that's no problem: it'll just add or remove the "www." and leave the rest of the URL unchanged.

Products

Web Design

Information

Visitors

Search