ign_password_protect

Bloke · 2009-01-31 16:08:25

An update on my above post. I’m having trouble with your proposed idea, probably because I’m a bit dim. I added show_logged="true" to the <txp:ign_show_login /> tag and then displayed <txp:ign_current_user />. Doesn’t seem to make any difference and — curiously — it shows the user name+logout link for users with privs levels of 1 and 2, but nobody else :-S

I’ve also discovered that this doesn’t quite work as I originally thought:

<txp:ign_if_logged_in privs="0">
   <p>HAHAHA your account's suspended :-)</p>
</txp:ign_if_logged_in>

I see that message for all users, no matter which level they are. But this:

<txp:ign_if_logged_in privs="0,">
   <p>HAHAHA your account's suspended :-)</p>
</txp:ign_if_logged_in>

(with the extra comma in the privs) seems to work. I can only assume — and this is a guess — that it’s because ign_checkLogin() tests empty($privs) and, according to the PHP manual, a value of “0” causes empty() to return true, so it’s acting as if I’d written this:

<txp:ign_if_logged_in>
   <p>HAHAHA your account's suspended :-)</p>
</txp:ign_if_logged_in>

?

BTW, I’m using the built-in txp_users table not the ign_user table, if that has any bearing on things.

Last edited by Bloke (2009-01-31 16:09:36)

igner · 2009-01-31 18:02:18

I’m having trouble with your proposed idea, probably because I’m a bit dim
dim is not a characteristic i would ascribe to you :)

That’s a good catch on checkPrivs, I’ll have to rework that bit.

Let me scrape the cobwebs out of the brain, dust off the code, and give it a go.

johnstephens · 2009-02-02 18:54:56

Sorry, I must have forgot to subscribe to the topic, so I missed your response.

igner wrote:

So, to get the result you wanted, create a form, we’ll call it johns_current_user, and the contents should be

<h2>Hola, <txp:ign_user_info type="realname" /></h2>

Then in your page, form, or article, insert <txp:current_user form="johns_current_user" /> and you’ll get what you expected.

Okay, looks like I was trying to use ign_current_user for ign_user_info type="realname". Using user_info instead of current_user solved the problem. Thank you!

Bloke · 2009-02-02 22:44:10

Sorry to appear to be stalking you igner but one more thing I think I pinned down tonight. If you log in on both the client side via a <txp:ign_show_login /> and then login (perhaps in another browser tab) on the admin side with the same user/pass you get kicked out when you click some other link.

That’s understandable because — since TXP 4.06 (7?) — concurrent logins are prohibited. It causes a slight issue with this site I’m developing because they’ll primarily be logged in on the client side but for certain tasks (e.g. moderating comments) we’ve made a direct link to the admin side for certain users. They will then be shown a standard TXP login box and if they use their own login, they’ll be kicked off their client session.

We can work around that by giving them a different login to use on the Admin side, which is a tiny bit ungainly but it’ll work. Of course, the chances are they’ll forget and use their own login once in a while, and that’s where I found that if such a concurrent login is detected and you are kicked off the client side, you can’t log back in again. It just fails immediately with an Incorrect login/password message. If I delete the ign_cookie I can log back in again, but something is causing the cookie to stay around and it seems it’s always trying to use that instead of the credentials I supply in the login/pass boxes.

Any way round this? Can I lay the login form out any differently or use some plugin attributes to force the cookie to be killed or forgotten (or not used) if a concurrent login is detected?

For reference, these are the steps I can go through to replicate this:

Make sure I’m logged out of both sides
Log in on the client side as me via a standard ign_show_login form
Open a new browser tab to TXP’s admin side
Log in on the admin side as me
Click a link or two on the admin side
Return to the public-side and click another link, whereby…
1. I’m logged out of the client side
2. I cannot log back in to the client side again (‘incorrect user/pass’ message is triggered immediately)
3. Deleting ign_cookie allows me to log back in on the client side
4. I’m then kicked off the admin side if I try to navigate anywhere (which is fair enough)

Any pearls of wisdom on this one gratefully appreciated. Thanks in advance.

Last edited by Bloke (2009-02-02 22:46:21)

igner · 2009-02-03 01:06:31

@bloke – You don’t drive a Leyland RTL, circa 1962, do you? I swear I saw one following me to work this morning.

Hmm – you’re really making the old mental gears grind. I’ll poke around and look at tapping into the public cookie for comparison as well. that should solve the admin login issue…(not like that hasn’t been in the requested feature queue, since, well, around post 7 of this thread (give or take 637 posts).

On the other stuff – I did set out to work on that this weekend, but Git was being a GIT and not cooperating, and so instead I spent my time playing Wii with my kids. What can I say – technological frustration makes a solid basis for some Super Smash Brothers Brawling. (Sure it ended with my 5 year old in tears, but I give her about 3 years and the tables will be turned, so I’m enjoying the pyrrhic victories while I can :)

Bloke · 2009-02-03 09:08:33

igner wrote:

You don’t drive a Leyland RTL, circa 1962, do you? I swear I saw one following me to work this morning.

Sadly no. It was probably the Feds; called by your 5-year old to pounce if you beat her at Wii next time ;-)

Thanks for your work on the plugin. It’s so darn useful I can’t put it down.

midmood · 2009-02-09 00:11:13

Hi, i have the issue descripted here:
http://forum.textpattern.com/viewtopic.php?id=19772&p=10

there is a strange interaction between ign_password_protect and upm_file plugin (this plugin allow to associate files to download with an article)

In my site there is a single page password protected, which contains file to download. The other pages are public and some of them contain file to download as well.
If i go in public pages and try to download files the site give me a 403 error – forbidden (you can try here: http://www.artre.coop/cooperativa/5/organizzazione). The error code (“Monkey”) is the same i read in the code of your plugin.

I can download files in public pages only if I go in the private one and log in as Admin, then i come back to the public page and start the downloading.

(sorry my poor english)
I’m not a programmer, but i think the code which generate the error is the following. I need the files in public pages to be public. Can you help me to fix it? it’s really important

 function ign_filter_downloads() //callback routine called by file_download
 {
	global $id, $file_error, $ign_user, $pretext, $s;

	 // test for file_error
	if(!$file_error) {
		// get file permission, if present
		$r = safe_field('permissions','txp_file','id');
		if($r) { // if permissions field exists, test against it, otherwise return
			if(!empty($ign_user) && ign_checkPrivs($r)) {
				//continue on to download
				return;
			} else {
				$s = '';
				$pretext['s']='';
				txp_die ( "Monkeys!", 403);
			}
		} else {
			return; // no file permissions, so just carry on.
		}

	} else {
		$s = '';
		$pretext['s']='';
		txp_die(gTxt('404_not_found'), 404);
	}


 }

Last edited by midmood (2009-02-09 00:12:41)

igner · 2009-02-09 19:28:30

@midmood – the quick fix, assuming you’re not trying to password protect individual files, is to comment out the line following line (around line number 127) in ign_password_protect:

register_callback('ign_filter_downloads', 'file_download');

That’ll prevent that chunk of code from being called at all.

midmood · 2009-02-10 00:21:01

yesssssss! It works!
Thank you very much! :-)

Simone

igner · 2009-02-10 01:39:12

@midmood – glad that worked. I’ll still need to dig into the underlying cause of the problem, so thanks for bringing it to my attention.

@bloke – i dinna forget about you, just trying to find time to dig into it.

visualpeople · 2009-02-16 07:46:12

Is there a way to (via a small hack) get the ‘Reset User Password’ drop-down list at the bottom of the Manage Users tab to be sorted by name rather than by id number?

We’re using this for a non-profit of mostly senior citizens who seem to very frequently forget their passwords and the executive director is complaining that it’s too hard to find the name(s) of the people who need a password reset.

I assume it should be somewhere in here, but I’m just not smart enough to figure it out.

// -------------------------------------------------------------
 function ign_resetUserPassForm()
 {
	 global $myprivs,$ign_user_db;
	 $them = safe_rows_start("*",$ign_user_db,"1");

	 while ($a = nextRow($them)) {
		 $names[$a['name']] = $a['RealName'].' ('.$a['name'].')';
	 }
	 if (!empty($names)) {
		 return '<div align="center" style="margin-top:3em">'.
		 form(
			 tag(ign_gTxt('reset_user_password'),'h3').
			 graf(gTxt('a_new_password_will_be_mailed')).
				 graf(selectInput("name", $names, '',1).
				 fInput('submit','ign_changePass',gTxt('submit'),'smallerbox').
				 // eInput('ign_user_mgmt').sInput('ign_user_change_pass')
				 eInput('ign_user_mgmt').sInput('ign_userChangePass')
			 ,' style="text-align:center"')
		 ).'</div>';
	 }
 }

// -------------------------------------------------------------

igner · 2009-02-16 17:08:42

Add an order by clause to the query – the end result should look like…

// -------------------------------------------------------------
 function ign_resetUserPassForm()
 {
	 global $myprivs,$ign_user_db;
	 $them = safe_rows_start("*",$ign_user_db,"1 ORDER BY RealName ASC");

Note that this is sorting on the entire string, so effectively it’ll be sorting on first name (assuming the real names are entered as “First Last”.

Textpattern CMS

Textpattern CMS support forum

#661 2009-01-31 16:08:25

Re: ign_password_protect

#662 2009-01-31 18:02:18

Re: ign_password_protect

#663 2009-02-02 18:54:56

Re: ign_password_protect

#664 2009-02-02 22:44:10

Re: ign_password_protect

#665 2009-02-03 01:06:31

Re: ign_password_protect

#666 2009-02-03 09:08:33

Re: ign_password_protect

#667 2009-02-09 00:11:13

Re: ign_password_protect

#668 2009-02-09 19:28:30

Re: ign_password_protect

#669 2009-02-10 00:21:01

Re: ign_password_protect

#670 2009-02-10 01:39:12

Re: ign_password_protect

#671 2009-02-16 07:46:12

Re: ign_password_protect

#672 2009-02-16 17:08:42

Re: ign_password_protect

Board footer