ign_password_protect

igner · 2006-09-11 15:58:51

it’s reasonably secure, I know many are using similar techniques (for both sections and categories). make certain, though, to implement similiar logic on if_search – to prevent entries from showing up unintentionally in that context.

fmcdavid · 2006-09-12 19:50:08

Hadn’t thought about search. Thanks.

BTW, in ign_logged_user, the logout link didn’t work when not on the “home” page. Fixed code is below.

—Fred

<pre><code> function ign_logged_user($atts) { global $ign_user, $ign_err;

extract(lAtts(array( ‘logged_msg’ => IGN_NOT_LOGGED_IN, ‘display’ => ‘logout’, ‘alt’ => IGN_LOGOUT_LINK, ‘verbose’ => false, ‘greeting’ => gtxt(‘logged_in_as’), ‘logoutlink’ => true ), $atts)); if ( !$ign_err ) { list($c_userid,$c_privs,$c_realname,$cookie_hash) = split(‘,’,$_COOKIE[‘ign_login’]); // — determine what text needs to be displayed $u_display = “Log Out”; switch(strtolower($display)) { case ‘realname’: $u_display = $c_realname; break; case ‘name’: $u_display = $c_userid; break; } $user = $u_display; if ($logoutlink) { $url = $_SERVER[‘REQUEST_URI’]; if (preg_match(“/\?/”,$url)) { $url = preg_replace(“/\?.*$/”,”“,$url); } $user = “<”.“a href=’”.$url.”?logout=1’>$user<”.”/a>”; } if ($verbose) { $user = graf(gTxt(‘logged_in_as’).’ ‘.$user.br); } return $user; } else { return graf($logged_msg); } }</code></pre>

LeeUmm · 2006-10-22 20:43:39

I’m using the latest version of the plugin with txp 4.0.4 and noticed this warning when in debugging mode.

tag_error <txp:ign_password_protect login_msg="Access to this area of the website is restricted to members only. Please login below." remember="true"> -> Textpattern Notice: Unknown tag attribute: remember on line 582

The plugin still works fine though and displays the remember checkbox when I have the option set.

Last edited by LeeUmm (2006-10-22 20:45:28)

igner · 2006-10-23 01:33:02

yes, there are a few places where the plugin will throw unknown attribute warnings / errors in 4.0.4. Though these are merely notices, and only appear in the back end. I’ll be releasing an update in the next couple days to address this.

Last edited by igner (2006-10-23 01:44:29)

Ringu · 2006-10-23 14:11:43

I’m having the exact same problem creativesplash is (was?) experiencing! As stated, it does not matter whether or not messy URLs are used or not, the error persists: trying to log out results in a 404. The user is not logged out in the process either, so the problem is not merely cosmetic. I wonder what could be the cause for the error?

I’ve used this plugin with great success on two different installations of TXP (and two different hosts), and otherwise it has worked very well :)

creativesplash wrote:

I’m also using your plugin in <a href=“http://www.naamasankeerthana.com”>one of my sites</a>. Unfortunately, the logout link results in a 404 when using messy urls. Can you extend this plugin to support messy urls? Because my host does not support mod_rewrite.

CLIP!

Okie that’s not a problem .. the logout link is something like this >> http://naamasankeerthana.com/?s=login?logout=1 Just thought it might be useful to let you know that.

igner · 2006-10-23 20:08:45

@ringu – what’s the actual logout link that gets created? and what version of the plugin are you using?

saccade · 2006-10-28 22:26:28

When trying to activate alternate database I got the following message:

Warning: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ‘exists (select name, pass, RealName, email, privs, last_access, insert into plugin404_ign_users (name, pass, RealName, email, privs, last_access, nonce) select name, pass, RealName, email, privs, last_access, nonce from plugin404_txp_users where not exists (select name, pass, RealName, email, privs, last_access, nonce from plugin404_ign_users where 1) in /homepages/XXXXXXXXXXXXXX/textpattern/lib/txplib_db.php on line 84

I really don’t know what to do.
txp 4.0.4 is running,
I want to use ign_self_register.
The table ign_users obviously has been created.
ign_self_register doesn’t show a form yet.

EDIT:
After browsig to my (test-)site, I was asked for a new login (but obviously the former one doesn’t work. Of course: The db table ign_users was empty).
For none of the to date ones worked, I created manually a new user in ign_user_mgmt.
Now (after login) ign_self_register works.
So everything seems to be right so far.

But I still need to know something about the error message above.

Last edited by saccade (2006-10-28 22:40:54)

igner · 2006-10-28 23:20:20

saccade wrote:

Warning: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ‘exists (select name, pass, RealName, email, privs, last_access, insert into plugin404_ign_users (name, pass, RealName, email, privs, last_access, nonce) select name, pass, RealName, email, privs, last_access, nonce from plugin404_txp_users where not exists (select name, pass, RealName, email, privs, last_access, nonce from plugin404_ign_users where 1) in /homepages/XXXXXXXXXXXXXX/textpattern/lib/txplib_db.php on line 84

glad it’s working for you now. I’m going to have to some digging to figure out why that error occurred – basically what’s supposed to happen at that step is that the existing users in the TXP user table get copied over to the ign_users table. What looks to be happening in your case is that an error occurred in the generation of the SQL (I assume you are not using “plugin404” as a table prefix, correct?

saccade · 2006-10-29 09:00:12

I assume you are not using “plugin404” as a table prefix, correct?

No. I’m exactly using that prefix (it is a plugin-test-site for me) and the corresponding table has been generated correctly as plugin404_ign_user (sorry I wrote it abbreviated without the prefix above).

saccade · 2006-10-29 18:41:32

Now for a project I need a scenario that has synchronized users between password protected access and txps backend (write).
If I understand correctly this is only possible with NOT using alternate db.

On the other hand it would be a great improvement if my users could change their passwords themselves (ign_self_edit).

Both demands don’t fit together as I understand so far.
Would mem_self_register he? But I DON’T want users to be able to register themselves.
I only want confirmed (by me) users to be able to change their own password.

What is the best solution?

igner · 2006-10-30 15:06:02

saccade wrote:

No. I’m exactly using that prefix (it is a plugin-test-site for me) and the corresponding table has been generated correctly as plugin404_ign_user (sorry I wrote it abbreviated without the prefix above).

Ah, that threw me. What version of mysql is running on the server?

Now for a project I need a scenario that has synchronized users between password protected access and txps backend (write).
If I understand correctly this is only possible with NOT using alternate db.

There’s no reason to try and synchronize two tables in this case. As far as changing passwords, in 4.0.4 the admin tab is visible and staff writers / etc. have access to the relevant piece(s), so there’s no need for front-end password changing if you’re using the txp_users table. (and if memory serves, the tab isn’t visible in earlier releases, but you can still provide a link to domain.com/textpattern/?event=admin, and they’ll be able to change their email address / password).

saccade · 2006-10-30 16:40:23

What version of mysql is running on the server?

Diagnosis reports:
PHP-Version: 4.4.4
MySQL: 4.0.27-standard-log

As far as changing passwords …

Thank you, I didn’t notice that change yet. I have to try out.
Thank you.

EDIT
Tried out. Indeed it is working.
As far as my users are staff wirters/authors and so on, they can change their password.

But one more question: Users without privileges (“none”) are not allowed to log into the admin tab.
So users that have only reading access to my site (=privilege “none”) aren’t privileged to change their password.
I think I can live with this restriction, but of course it would be much easier for instructions/manuals and so on, if users with access to tha page but no privilege to write would also be able to change their password.
But I think that is a restriction resulting from txps structure (which correctly interpretes privilege “none” as really none).
Anyway: Is there a possible way to add this feature by ign_password_protect ?

Last edited by saccade (2006-10-30 16:52:21)

Textpattern CMS

Textpattern CMS support forum

#253 2006-09-11 15:58:51

Re: ign_password_protect

#254 2006-09-12 19:50:08

Re: ign_password_protect

#255 2006-10-22 20:43:39

Re: ign_password_protect

#256 2006-10-23 01:33:02

Re: ign_password_protect

#257 2006-10-23 14:11:43

Re: ign_password_protect

#258 2006-10-23 20:08:45

Re: ign_password_protect

#259 2006-10-28 22:26:28

Re: ign_password_protect

#260 2006-10-28 23:20:20

Re: ign_password_protect

#261 2006-10-29 09:00:12

Re: ign_password_protect

#262 2006-10-29 18:41:32

Re: ign_password_protect

#263 2006-10-30 15:06:02

Re: ign_password_protect

#264 2006-10-30 16:40:23

Re: ign_password_protect

Board footer