Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#709 2009-07-06 06:37:28

Gocom
Developer Emeritus
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,533
Website

Re: ign_password_protect

damienbuckley wrote:

Hi – no security problem – i just meant I’d changed the email address etc in the example code so it wasnt showing the one I’m using.

Easiest way is probably to change your main email to the settings. But if you want to receive, for example comment notify emails, you could fix that issue by creating an second account to TXP that you use as the main account, where the old main publisher just handles emails.

damienbuckley wrote:

The headers would be fine except that they are visible – not hidden.

Shouldn’t be added by TXP neither ign_password_protect. Probably added by client, server or email server, if shown in the message.

Offline

#710 2009-07-06 06:42:39

damienbuckley
Member
From: Brisbane, QLD, AU
Registered: 2006-02-24
Posts: 138
Website

Re: ign_password_protect

I’ll have to try it on our hosting server. The regular admin account notifications don’t have the headers showing…

Offline

#711 2009-09-01 23:05:31

Gerich
Member
Registered: 2009-08-30
Posts: 35

Re: ign_password_protect

First question: where I can find and edit forms with login information and emails content? Or this forms does not exists?
I have a some problem:
At opening of the main page the form for name/password input is deduced, I login, then enter – automatically redirected to txp Write tab (it’s displayed in url), but TXP passes to the page of it’s authentication and requests to input a name and the password again.

How to make that at login through a plug-in, there was a login in TXP and on the contrary?

And another problem: I think that dp ign_users and txp_users are not connected together, because if I select “Use Alternate Database?” to “Yes”, users registering correctly and they have been added to Manage Users tab. But in this case these users can’t login to textpattern admin interface. They get a message “Wrong login or/and password”.
They can login to txp admin only if they have been added to Users tab (txp_users database).
How can I to eliminate this problem?

Last edited by Gerich (2009-09-02 14:13:23)

Offline

#712 2009-09-02 18:22:48

igner
Plugin Author
Registered: 2004-06-03
Posts: 337

Re: ign_password_protect

@Gerich – the plugin renders the default forms internally, you can create your own forms using the default names as specified in the documentation, or you can specify your own form name using the “form” attribute on those tags that accept it.

I’m not sure I understand the middle part of your post (I suspect it’s a translation issue)

Users in the alternate database (ign_users) cannot access the admin screens, this is by design. The whole reason for the alternate table is to segregate site users from admin users.


And then my dog ate my badger, and the love was lost.

Offline

#713 2009-09-02 23:34:45

Gerich
Member
Registered: 2009-08-30
Posts: 35

Re: ign_password_protect

igner wrote:

@Gerich – the plugin renders the default forms internally, you can create your own forms using the default names as specified in the documentation, or you can specify your own form name using the “form” attribute on those tags that accept it.

Where I can find the full documentation? I think that in the plugin’s help the documentation probably is not full or not correct.

I’m not sure I understand the middle part of your post (I suspect it’s a translation issue)

Yes, I’m a russian and I use translation service for support me. So, excuse me, please.
I will try to explain once again:
After login with <txp:ign_show_login /> on the main page of the site, the page had automatically redirected to “textpattern/index.php?event=article” url, but instead of “Write” tab I get textpattern authorization form, so I am compelled to enter the login and pass the second time.
I want to understand it’s a normal working mode of this plugin or not?

Users in the alternate database (ign_users) cannot access the admin screens, this is by design. The whole reason for the alternate table is to segregate site users from admin users.

Ok, I think I’m understand. This db (ign_users) is intended only for visitors which, for example, wish to leave the comment, but not for users with admin interface access. Correctly?
Could you explain to me for what this option is intended? “Also authenticate against txp_users?”

Offline

#714 2009-09-11 10:35:23

Gerich
Member
Registered: 2009-08-30
Posts: 35

Re: ign_password_protect

Gerich wrote:

After login with <txp:ign_show_login /> on the main page of the site, the page had automatically redirected to “textpattern/index.php?event=article” url, but instead of “Write” tab I get textpattern authorization form, so I am compelled to enter the login and pass the second time.
I want to understand it’s a normal working mode of this plugin or not?

I’m sorry, it was my my fault. There was a conflict with plugin boy_enduser_docs which automatically open his page “http://127.0.0.1/textpattern/index.php?event=boy_enduser_docs” after login in.
I have changed plug-in options, and now everything is all right. Your plug-in works normally, users can successfully login in front-end.

But is there a decision of this problem?:

igner wrote:

I understand the approach. The catch is that cookies are path specific – the admin side cookie gets set for www.domain.com/textpattern (or if txp is in a subdirectory, www.domain.com/subdirectory/textpattern). As such, the cookie can only be accessed from /textpattern and it’s subdirectories, and isn’t available from the domain root. One thought would be an admin-side plugin that copies the txp_login cookie to the site root, since you’ll really need the admin cookie in place for them to login anyway. Or alternatively modify the core to write the admin cookie to the root, rather than the /textpattern directory.

How to combine these cookies?

Offline

#715 2009-09-11 14:51:14

igner
Plugin Author
Registered: 2004-06-03
Posts: 337

Re: ign_password_protect

Gerich wrote:

How to combine these cookies?

Short answer- you can’t. Longer answer- it might be possible but it’s not anything I can look at soon.


And then my dog ate my badger, and the love was lost.

Offline

#716 2009-09-14 21:37:47

gomedia
Plugin Author
Registered: 2008-06-01
Posts: 1,373

Re: ign_password_protect

Don’t know if this has come up before but the name attribute in the <txp:ign_user_field /> tag doesn’t seem to be actioned – the name is hardcoded to “p_userid”.

Not really a problem but though I’d mention it – I’m using v0.5b9 on TXP 4.0.8.

Offline

#717 2009-09-19 14:08:31

jpdupont
Member
Registered: 2004-10-01
Posts: 752

Re: ign_password_protect

It’s the first time I use the plugin …
I use the standard login/change password form.

I have this problem : some time password chosen is not accepted and I get a connection problem message when login.
if the user create a new password like “AZER1234” : impossible to login. But OK if he create “azer1234”.

It seems I’m always allowed to use the password generated by TXP or the plugin, but in this site I want to set myself user names and passwords in the ign_users table. I use the “PASSWORD” mysql function to set the password. Users are correctly listed in the user list in textpattern. But passwords are not accepted – sometime.

If I create in phpmyadmin user “MAJ José” pass : ABCD1234 : impossible to login
But “MIN José” pass : abcd1234 : login OK !

If I create ABCD1234 in phpmydamin with the OLDPASSWORD mysql function : login is possible, but if I use the ing_selfedit function to modify the password with the same chars : ABCD1234, login is no more possible !

My login code :

<txp:ign_if_logged_in>
   <txp:ign_current_user/>
   <txp:ign_self_edit/>
<txp:else/>
   <txp:ign_show_login />
</txp:ign_if_logged_in>

Last edited by jpdupont (2009-09-19 15:24:44)

Offline

#718 2009-09-21 07:20:31

jpdupont
Member
Registered: 2004-10-01
Posts: 752

Re: ign_password_protect

I found the bug(s) :

1/ When I fill myself the ign_users table, I must uses PASSWORD(*LOWER*(…

2/ But there is a bug in the plugin at line 1000, in the self edit code ign_update_self function (missing lower):

$r = safe_update('ign_users',"pass = password('$new_pass')", "name = '$ign_user'"); 

Replace this line with this and it’s ok :

$r = safe_update('ign_users',"pass = password(lower('$new_pass'))", "name = '$ign_user'");

Offline

#719 2009-11-20 21:03:21

gomedia
Plugin Author
Registered: 2008-06-01
Posts: 1,373

Re: ign_password_protect

Me again. The id attribute in the <txp:ign_user_field /> tag doesn’t seem to be actioned. And looking at the source code, neither is onclick, size or tab (and id from a previous post).

Using v0.5b9 on TXP 4.2.0.

Offline

#720 2009-11-20 22:44:53

aslsw66
Member
From: Canberra, Australia
Registered: 2004-08-04
Posts: 342
Website

Re: ign_password_protect

Or size either. And when I tried to add it in the plugin code, it post the size attribute as the class!

Offline

Board footer

Powered by FluxBB