ign_password_protect

brunodario · 2011-04-18 21:17:12

As a “non coder” I´m also interested on an update on this plugin so it works with the new 4.4 release, but we can´t demand nothing right now from Igner…

igner wrote:

A little cross-posting here:

http://forum.textpattern.com/viewtopic.php?pid=243641#p243641

skrishi · 2011-04-18 21:59:41

brunodario wrote:

A little cross-posting here:
http://forum.textpattern.com/viewtopic.php?pid=243641#p243641

Thanks. I do not know what all it.
Of course, now all questions no place.

whaleen · 2011-04-21 21:15:44

Seems there is no way to login to the back-end using <txp:ign_show_login > on the front-end. I cannot.

I have users signing up using mem_self_register and this is great — they can be kept away from the /textpattern admin panel. But, I cannot have them login without going to /textpattern and really need to.

Anyone have a way around this?

johnstephens · 2011-04-21 21:26:23

I’m working on a solution to this right now using smd_tabber. Great success making it look like my front-end site so far, and I think I can hide the textpattern urls using an .htaccess Rewrite rule.

whaleen · 2011-04-21 21:28:57

using smd_tabber.

Ah, interesting. I’d love to see what you come up with or have already.

skrishi · 2011-04-21 21:39:19

whaleen wrote:

Seems there is no way to login to the back-end using <txp:ign_show_login > on the front-end. I cannot.
I have users signing up using mem_self_register and this is great — they can be kept away from the /textpattern admin panel. But, I cannot have them login without going to /textpattern and really need to.
Anyone have a way around this?

If you use a 4.4 and went under my username in the admin panel, you can not authenticate via <txp:ign_show_login> . Now change the password hash when logging into the admin side automatically. A <txp:ign_show_login> uses the old method.
Do not go into the admin side that would not change a password hash.

These two plugins work fine with each other.

whaleen · 2011-04-21 21:49:17

skrishi wrote:

If you use a 4.4 and went under my username in the admin panel, you can not authenticate via <txp:ign_show_login> . Now change the password hash when logging into the admin side automatically. A <txp:ign_show_login> uses the old method.
Do not go into the admin side that would not change a password hash.

These two plugins work fine with each other.

In other words or in order of operation: If I register a user with mem_self_register and log them in to the front end with ign_show_login then they would have /textpattern access allowing for things like mem_self_edit to run on the front whereas if they logged in through /textpattern the hash would not be reconized as it was created by mem_self_register in a way that the core login cannot authenticate?

I’m not certain I understand but am going to try that method and see what comes of it.

Last edited by whaleen (2011-04-21 21:51:54)

skrishi · 2011-04-21 22:19:43

whaleen wrote:

In other words or in order of operation: If I register a user with mem_self_register and log them in to the front end with ign_show_login then they would have /textpattern access allowing for things like mem_self_edit to run on the front whereas if they logged in through /textpattern the hash would not be reconized as it was created by mem_self_register in a way that the core login cannot authenticate?
I’m not certain I understand but am going to try that method and see what comes of it.

Only do that in a letter came after the registration address of your site without /tehtpattern/, then your users will not even guess that there is another entrance.
For example: http://yousite.com instead http://yousite.com/textpattern/
Pay attention to the letter that comes after registration for user.

Manfre · 2011-04-28 04:01:19

I updated ign_password_protect to use the new password scheme added in one of latest versions of Txp (v4.3 or v4.4?). It’s the bug reported by skrishi above that prevented logging in from the public side. There was also a bug that resulted in content being parsed twice when wrapped by <txp:ign_password_protect>.

Version is bumped to an unofficial 0.6 and this is provided as-is with no guarantees. I needed the plugin for a project and I’m sharing the wealth. Download available on github

skrishi · 2011-04-28 04:33:13

Manfre wrote:

I updated ign_password_protect to use the new password scheme added in one of latest versions of Txp (v4.3 or v4.4?). It’s the bug reported by skrishi above that prevented logging in from the public side. There was also a bug that resulted in content being parsed twice when wrapped by <txp:ign_password_protect>.
Version is bumped to an unofficial 0.6 and this is provided as-is with no guarantees. I needed the plugin for a project and I’m sharing the wealth. Download available on github

if ($phpass->CheckPassword($password, $hash)) {
if ($log) {
$name = safe_field("name", $ign_user_db, "name = '$safe_user' and privs > 0");
} else {
$name = $user;
}

I do not think that checking the privileges for logging into the public side is needed, otherwise you’ll have to give higher privileges to users and the admin side, and this may affect.

johnstephens · 2011-04-29 14:32:50

Manfre wrote:

I updated ign_password_protect to use the new password scheme added in one of latest versions of Txp (v4.3 or v4.4?). It’s the bug reported by skrishi above that prevented logging in from the public side. There was also a bug that resulted in content being parsed twice when wrapped by <txp:ign_password_protect>.

Version is bumped to an unofficial 0.6 and this is provided as-is with no guarantees. I needed the plugin for a project and I’m sharing the wealth. Download available on github

Thank you, Manfre! You are a superhero!

One thing I’ve noticed about the upgrade: Just like logging into Textpattern, a privilege level of “None” no longer works for ign_password_protect. As a workaround, I upgraded all my users to Freelancers and installed bot_privs to disable Textpattern access for that privilege level.

igner · 2011-04-29 22:54:28

The original release of ign_pass_protect leveraged the fact that TXP allowed users with effectively zero privileges to log in, but not actually access anything. it was up to the individual page / function calls to check that the user had the relevant privileges.

From a VERY cursory review of 4.4, that little bit of funkiness has been removed from TXP, hence the > 0 check in Manfre’s code above. The upshot is that it will likely be necessary to re-map user privileges somewhat, to use the common txp user database and limit users to front-end access. perhaps stef or one of the other core developers can enlighten a little bit.

btw – mad props to manfre for stepping in and making that update (and just as importantly, sharing it with the community).

Textpattern CMS

Textpattern CMS support forum

#781 2011-04-18 21:17:12

Re: ign_password_protect

#782 2011-04-18 21:59:41

Re: ign_password_protect

#783 2011-04-21 21:15:44

Re: ign_password_protect

#784 2011-04-21 21:26:23

Re: ign_password_protect

#785 2011-04-21 21:28:57

Re: ign_password_protect

#786 2011-04-21 21:39:19

Re: ign_password_protect

#787 2011-04-21 21:49:17

Re: ign_password_protect

#788 2011-04-21 22:19:43

Re: ign_password_protect

#789 2011-04-28 04:01:19

Re: ign_password_protect

#790 2011-04-28 04:33:13

Re: ign_password_protect

#791 2011-04-29 14:32:50

Re: ign_password_protect

#792 2011-04-29 22:54:28

Re: ign_password_protect

Board footer