Textpattern CMS support forum

You are not logged in. Register | Login | Help

#21 2012-01-27 17:16:21

Gocom
Plugin Author
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,530
Website

Re: mck_login

Thank you for the translation, Patrick and Marco. I’ve added both to the repo.

Pat64 wrote:

So, I know it’s a very difficult and complex work but do you think you could add that feature?

Not at least to the mck_login fork. To me this type of plugin is about managing log-ins and sessions. As editors go, they are kind of hard thing, especially editors that need to be integrated to the front-end layout. It’s difficult to please everyone, and there are things like backend plugins; custom-fields, section aware fields — none of those translates directly to the editor.

In my opinion, the best thing to build an article editor would be couple of Manfre’s projects; mem_public_article, mem_simple_form, and mem_form. Those tools may not be the easiest to use, but if I had to do an article editor (plugin), I would do it like Manfre did. Allows customization, free layout structure etc. And as there is an existing code-base, I don’t think I will be doing form plugins in a close future.

Offline

#22 2012-01-27 18:03:30

Pat64
Plugin Author
From: France
Registered: 2005-12-12
Posts: 1,256
Website

Re: mck_login

Ok. Jukka.

Just a little request. Could you add a way in order to display currently login users (as part of ign_password plugin). That will be useful.

Cheers,

Offline

#23 2012-01-27 19:55:08

Gocom
Plugin Author
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,530
Website

Re: mck_login

Pat64 wrote:

Just a little request. Could you add a way in order to display currently login users (as part of ign_password plugin).

Doesn’t that just go to the whole profile management side? Very limited profile management, which beg to question why there isn’t complete profile management. Which would increase the whole code by thousands of lines. One would think that there is a user profile plugin that can do that already (it’s just about sorting the user list according last_access time).

If none of the profile plugins (like smd_bio, which otherwise is a good plugin) can’t generate such list, then you could might be able to do with smd_query. E.g. something like:

<txp:smd_query column="name" table="txp_users" where="1=1 ORDER BY last_access desc">
	{name}
</txp:smd_query>

I do not personally use smd_query so I can not say whether the above snippet is secure. The above might have code-injection hole in it. It depends whether smd_query has the ability to escape curly-tags’ output. If it doesn’t, an user can exploit the site by adding code to their user-data. i.e. using <txp:php> /* bad code */ </txp:php> as their username. If the name isn’t escaped, the code in the username would be executed when the list is generated.

That will be useful.

Please, be careful. I don’t recommend using the fork on live. I would not. I haven’t even really tested the code, apart from very basic “login/logout/change password” tasks. And I know it has potential problem scenarios. If I remember correctly the list of issues include;

  • The self-register function should only allow normal alphabet be used in usernames. All core-data handling isn’t potentially multibyte safe.
  • As above, mails’ encoding is user-configurable. If mail’s encoding is set to something else than UTF-8 and username contains special characters, the received username will be incorrect.
  • As Textpattern’s own mailer is used, and the subject lines are user-configurable, using long message subject will make the mailing potentially fail. Headers shouldn’t be auto-wrapped.
  • The generated cookie isn’t most secure as it uses TXP’s own public-side cookie system, which (I believe) was designed to be very simple identification feature, not secure session manager. As far as I know, the cookie only uses 5-byte key + username. Technically as secure as using five-letter password.
  • Sending one of the forms marks all fields in that form as required, and the error reporting has no relation to the field that invoked the error.
  • Password reset key is identical to Textpattern’s reset functionality. Which may not be for the best. Let’s say that it’s not at least time-restricted, and the generated values are not as strong as login nonces.

Last edited by Gocom (2012-01-27 20:43:49)

Offline

#24 2012-01-28 08:05:51

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,245
Website

Re: mck_login

a couple corrections to the english translation here (apologies if it has been corrected already)

mck_user_already_exist  => User alredy exist

replace with

mck_user_already_exist  => User already exists

————————

mck_user_unknown => User unknow

replace with

mck_user_unknown => User unknown 

————————

Also here is a greek translation. hoping that somebody who’s better with translations will offer a better one.

#@language el-el
mck_login_name  => Όνομα χρήστη
mck_name_surname  => Πραγματικό όνομα 
mck_user_already_exist  => Ο χρήστης είδει υπάρχει 
mck_register_now  => Δεν έχετε εγγραφεί; Εγγραφείτε τώρα.
mck_site_registration_successfully => Η εγγραφή σας ήταν επιτυχής
mck_can_login_at  => Μπορείτε να συνδεθείτε στο 
mck_your_login_name  => Το όνομα του χρήστη σας είναι: 
mck_your_password  => Ο κωδικός πρόσβασης σας είναι: 
mck_register  => Εγγραφείτε
mck_user_password_send => Εγγεγραμμένος χρήστης. Ο κωδικός πρόσβασης στάλθηκε στο ηλεκτρονικό σας ταχυδρομείο.
mck_user_unknown => Ο χρήστης δεν υπάρχει
mck_data_error => Σφάλμα. Ελέγξτε τα δεδομένα σας

Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | Respbublika! | NeMe @ github

Offline

#25 2013-03-26 19:28:53

mrdale
Moderator
From: Walla Walla
Registered: 2004-11-19
Posts: 2,202
Website

Re: mck_login

Wow, looking for an alternative to cbe_frontauth because it doesn’t handle errors, and last time I saw this plugin it was a first draft.

Now it appears to be mature and rock solid…

What is the likelihood of getting functionality similar to this…

<txp:cbe_frontauth_loginwith /> email address can be used to log in” it would be awesome to use either email address or username to login.

Thanks Guys.

Offline

#26 2013-09-12 17:57:00

photonomad
Member
Registered: 2005-09-10
Posts: 287
Website

Re: mck_login

Hi, I am trying out mck_login. Everything seems to be working well except for the change_password form. I’ve copied and pasted the form directly from the example on GitHub. When I’m logged in the change password form shows up. However, when I try to change my password and click Submit, it just refreshes the page and the login form is displayed. When I enter the new password it says it is wrong. The old password still works. I’m using the plugin on TXP v4.4.1. I’ve tried it on a Mac in both Chrome and Safari. Anyone else have this problem? Not sure if I’m doing something wrong or if there is a bug.

Edit: I am also finding that sometimes it throws this error after I click Submit:

New password and confirmation do not match.

I’ve taken to copying and pasting the new password into the new password and confirm password blanks just be sure I’m not mistyping in one or the other. However, it still throws the this error. I’ve cleared browser data and cookies in hopes that would help, but it didn’t. Ayn ideas?

Last edited by photonomad (2013-09-12 18:19:36)

Offline

#27 2013-09-12 18:51:50

MarcoK
Plugin Author
From: Como
Registered: 2006-10-17
Posts: 248
Website

Re: mck_login

Hi photonomad.
How version of plugin you have install?

Offline

#28 2013-09-12 19:44:06

photonomad
Member
Registered: 2005-09-10
Posts: 287
Website

Re: mck_login

I’ve got mck_login v2.0.1 running. Is this the latest?

I got it here:
http://www.kreatore.it/?rah_plugin_download=mck_login

I also have smd_user_manager installed and activated.

Last edited by photonomad (2013-09-12 19:48:57)

Offline

#29 2013-09-13 17:30:38

photonomad
Member
Registered: 2005-09-10
Posts: 287
Website

Re: mck_login

I just tried the plugin on different site that uses Textpattern v4.5.4 and I’m experiencing the same problems. Existing users can login and logout. However, they cannot change their password and new users cannot register. I’ve disabled smd_user_manager and that had no effect. I’m not sure what I’m doing wrong.

Offline

#30 2013-09-13 18:17:47

aslsw66
Member
From: Geneva, Switzerland
Registered: 2004-08-04
Posts: 338
Website

Re: mck_login

Personally, I’ve had more success with ign_password_protect for the login functionality and mem_self_register for password resets etc.

Offline

Board footer

Powered by FluxBB