Textpattern CMS support forum

You are not logged in. Register | Login | Help

#721 2009-11-21 04:03:24

gomedia
Plugin Author
Registered: 2008-06-01
Posts: 1,226
Website

Re: ign_password_protect

aslsw66 wrote:

Or size either. And when I tried to add it in the plugin code, it post the size attribute as the class!

Try editing the code as follows. Find the ign_user_field function (it’s down towards the end).

Edit the line:

return fInput('text','p_userid', $value, $class);

& change it to:

return fInput('text','p_userid', $value, $class, $title, $onClick, $size, $tab, $id);

Offline

#722 2009-11-22 19:09:43

aslsw66
Member
From: Geneva, Switzerland
Registered: 2004-08-04
Posts: 338
Website

Re: ign_password_protect

I’ve just started using ign_password_protect on a development site sitting on XAMPP. The functionality works except for the fact that my login is not stored across pages. So, if I move between pages it acts like I’m logged out and I need to login again. This happens even if I use the ‘remember me’ checkbox.

Is this just because I’m running off a localhost for now? It makes it hard to test the comment functionality as every time I try to post I get told that I need to login first.

Last edited by aslsw66 (2009-11-22 20:12:39)

Offline

#723 2009-11-22 20:13:34

leafy_loader
Member
Registered: 2008-09-25
Posts: 96

Re: ign_password_protect

aslsw66 – I’m having the exact same issue. I’m also on localhost and wondered wether that was the issue too. I’m going to have to upload to the live server to test the theory

Offline

#724 2009-11-22 20:17:58

aslsw66
Member
From: Geneva, Switzerland
Registered: 2004-08-04
Posts: 338
Website

Re: ign_password_protect

OK, let us know how it goes.

However, digging into Firefox’s cookies I can’t see a cookie being set at all, so I wonder if the default is rellying on some sort of server-side sessions.

[EDIT]: Looking at a post about rah_comments, it seems that you do need to define a domain to get the cookies for ign_password_protect to work. Now I’m off to figure that out.

Last edited by aslsw66 (2009-11-22 20:26:14)

Offline

#725 2009-11-22 20:47:29

leafy_loader
Member
Registered: 2008-09-25
Posts: 96

Re: ign_password_protect

I uploaded to the live server and it’s doing the exact same thing :(

Let me know if you figure it out, my deadline is looming (gulp)

Offline

#726 2009-11-22 20:53:07

aslsw66
Member
From: Geneva, Switzerland
Registered: 2004-08-04
Posts: 338
Website

Re: ign_password_protect

Well, I can’t comment on your server issues because I am a long way off getting that far.

For local development, I followed the instructions here to set up a virtual host.

I’m working on a Vista laptop, so I had to open Notepad as an administrator to change my windows hosts files, and then go into my Texpattern preferences and update the site url, but it all works now. I think I may have hard coded some references to “localhost”“ somewhere in my navigation (yes, silly thing to do) so I need to track them down.

But that works for my local site. I realised it works when I got the familiar Firefox ‘remember passwords’ bar at the top.

Sorry, I’m not sure about your server issues.

[EDIT] Spoke too soon! Now there is an error message saying “There was a problem logging in”. Looks like some more work to figure this out.

Last edited by aslsw66 (2009-11-22 20:57:46)

Offline

#727 2009-11-22 21:00:14

leafy_loader
Member
Registered: 2008-09-25
Posts: 96

Re: ign_password_protect

OK, glad you got it sorted. I’ll have a look at what you’ve done and see if I can figure it out. cheers

Offline

#728 2010-02-08 19:28:41

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 3,488
Website

Re: ign_password_protect

I too am having problems with getting ign_password_protect (v0.5b11c from github) to work with txp 4.2. The login works fine and the cookie is created (I can see it with safari’s cookie manager) but the cookie doesn’t stick and is immediately deleted when one switches to another protected page returning you to the login.

I’m not too familiar with exact workings of the plugin, so forgive me if I’ve got the wrong end of the stick, but I think I have tracked down the cause of the cookie being rejected to the nonce check. The function ign_doTxpValidate compares the $cookie_hash with the nonce value from the respective user table. The cookie_hash is generated anew from a random number every time the cookie is set (in ign_setCookie) but the nonce value in the ign_user table remains the same (at least when I check it in phpmyadmin it doesn’t change) so they can’t match, causing the cookie to be reset and the user to be returned to the login form. Could it be that the nonce needs also updating in the ign_user db-table (you have that for the txp_users but not for ign_users) in ign_setCookie? I tried it out and it seems to resolve the problem, but I hope I haven’t broken the security measure in the process…

One other thing: I tried to work out what difference Also authenticate against txp_users? makes, but the behaviour seems unchanged (also the checkbox doesn’t reflect the setting). Looking at ign_useCustomDbForm it is supposed to set the ign_fallback pref but I can’t see that pref in my txp_prefs table, only ign_user_db and igb_use_custom. I can see that ign_update_prefs tries to update it (though not based on the checkbox setting but on the ign_use_custom radio button) but as the pref is not there, it doesn’t get updated. That said, I don’t see where else ign_fallback is checked at all – in ign_validate there is a fallback check but it checks against ign_use_custom not ign_fallback. Is it perhaps a leftover and no longer needed, or are a few more tweaks necessary in ign_useCustomDbForm, ign_pp_install, ign_update_prefs and ign_validate?

If it helps, I can send you my tinkering so far with your plugin.


TXP Builders – finely-crafted code, design and txp

Offline

#729 2010-02-12 21:24:00

progre55
Member
Registered: 2006-05-02
Posts: 668

Re: ign_password_protect

I am not sure if someone has tackled this issue, but hopefully I can be given some guidance. I am currently using ign_password_protect with 4.2 as a part of a memeber login area. It is working fine. The way it is currently set is that their is only one username and password. This was done intentionally because their are a very limited number of members and it was easy very efficient to roll the site out.

I now want to assign individual usernames and passwords. I know that this will not be a problem. My proble lies in the fact that the client would like the memebers to be able to change their passwords and create new passwords? Has anyone tackled this and if so can I be given some hints on how to possible cretae this mechanism.

Thanks in advance.

progre55

Offline

#730 2010-02-13 01:12:03

igner
Plugin Author
Registered: 2004-06-03
Posts: 337

Re: ign_password_protect

jakob wrote:

I too am having problems with getting ign_password_protect (v0.5b11c from github) to work with txp 4.2. The login works fine and the cookie is created (I can see it with safari’s cookie manager) but the cookie doesn’t stick and is immediately deleted when one switches to another protected page returning you to the login.

I’m not too familiar with exact workings of the plugin, so forgive me if I’ve got the wrong end of the stick, but I think I have tracked down the cause of the cookie being rejected to the nonce check. The function ign_doTxpValidate compares the $cookie_hash with the nonce value from the respective user table. The cookie_hash is generated anew from a random number every time the cookie is set (in ign_setCookie) but the nonce value in the ign_user table remains the same (at least when I check it in phpmyadmin it doesn’t change) so they can’t match, causing the cookie to be reset and the user to be returned to the login form. Could it be that the nonce needs also updating in the ign_user db-table (you have that for the txp_users but not for ign_users) in ign_setCookie? I tried it out and it seems to resolve the problem, but I hope I haven’t broken the security measure in the process…

One other thing: I tried to work out what difference Also authenticate against txp_users? makes, but the behaviour seems unchanged (also the checkbox doesn’t reflect the setting). Looking at ign_useCustomDbForm it is supposed to set the ign_fallback pref but I can’t see that pref in my txp_prefs table, only ign_user_db and igb_use_custom. I can see that ign_update_prefs tries to update it (though not based on the checkbox setting but on the ign_use_custom radio button) but as the pref is not there, it doesn’t get updated. That said, I don’t see where else ign_fallback is checked at all – in ign_validate there is a fallback check but it checks against ign_use_custom not ign_fallback. Is it perhaps a leftover and no longer needed, or are a few more tweaks necessary in ign_useCustomDbForm, ign_pp_install, ign_update_prefs and ign_validate?

If it helps, I can send you my tinkering so far with your plugin.

jakob, there are some known bugs with this in 4.2. To be honest, my schedule of late has been such that I’ve not had any free time to revisit this – in fact, I’ve not even had time to look at the 4.2 release. But I’m gearing up for my first TXP project in a while, so I’ll be diving back into the core, so I can probably carve out some time to look at the issues mentioned here.

As for the authenticate – yeah, that’s a legacy checkbox that I keep forgetting to strip out…mainly because the UI code is such a mess I hate to touch it.

@progre55 – there’s a basic password reset function in the plugin, you just have to find a place to put it in your site structure.


And then my dog ate my badger, and the love was lost.

Offline

Board footer

Powered by FluxBB