Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#781 2011-04-18 21:17:12

brunodario
Member
From: Belo Horizonte, Brasil
Registered: 2007-09-19
Posts: 75

Re: ign_password_protect

As a “non coder” I´m also interested on an update on this plugin so it works with the new 4.4 release, but we can´t demand nothing right now from Igner…

igner wrote:

A little cross-posting here:

http://forum.textpattern.com/viewtopic.php?pid=243641#p243641

Offline

#782 2011-04-18 21:59:41

skrishi
Member
From: russia federation
Registered: 2011-02-25
Posts: 52
Website

Re: ign_password_protect

brunodario wrote:

A little cross-posting here:
http://forum.textpattern.com/viewtopic.php?pid=243641#p243641

Thanks. I do not know what all it.
Of course, now all questions no place.

Offline

#783 2011-04-21 21:15:44

whaleen
Member
From: Portland
Registered: 2006-05-11
Posts: 373
Website

Re: ign_password_protect

Seems there is no way to login to the back-end using <txp:ign_show_login > on the front-end. I cannot.

I have users signing up using mem_self_register and this is great — they can be kept away from the /textpattern admin panel. But, I cannot have them login without going to /textpattern and really need to.

Anyone have a way around this?


txtstrap (Textpattern + Twitter Bootstrap + etc…)

Offline

#784 2011-04-21 21:26:23

johnstephens
Plugin Author
From: Woodbridge, VA
Registered: 2008-06-01
Posts: 999
Website

Re: ign_password_protect

I’m working on a solution to this right now using smd_tabber. Great success making it look like my front-end site so far, and I think I can hide the textpattern urls using an .htaccess Rewrite rule.

Offline

#785 2011-04-21 21:28:57

whaleen
Member
From: Portland
Registered: 2006-05-11
Posts: 373
Website

Re: ign_password_protect

using smd_tabber.

Ah, interesting. I’d love to see what you come up with or have already.


txtstrap (Textpattern + Twitter Bootstrap + etc…)

Offline

#786 2011-04-21 21:39:19

skrishi
Member
From: russia federation
Registered: 2011-02-25
Posts: 52
Website

Re: ign_password_protect

whaleen wrote:

Seems there is no way to login to the back-end using <txp:ign_show_login > on the front-end. I cannot.
I have users signing up using mem_self_register and this is great — they can be kept away from the /textpattern admin panel. But, I cannot have them login without going to /textpattern and really need to.
Anyone have a way around this?

If you use a 4.4 and went under my username in the admin panel, you can not authenticate via <txp:ign_show_login> . Now change the password hash when logging into the admin side automatically. A <txp:ign_show_login> uses the old method.
Do not go into the admin side that would not change a password hash.

These two plugins work fine with each other.

Offline

#787 2011-04-21 21:49:17

whaleen
Member
From: Portland
Registered: 2006-05-11
Posts: 373
Website

Re: ign_password_protect

skrishi wrote:

If you use a 4.4 and went under my username in the admin panel, you can not authenticate via <txp:ign_show_login> . Now change the password hash when logging into the admin side automatically. A <txp:ign_show_login> uses the old method.
Do not go into the admin side that would not change a password hash.

These two plugins work fine with each other.

In other words or in order of operation: If I register a user with mem_self_register and log them in to the front end with ign_show_login then they would have /textpattern access allowing for things like mem_self_edit to run on the front whereas if they logged in through /textpattern the hash would not be reconized as it was created by mem_self_register in a way that the core login cannot authenticate?

I’m not certain I understand but am going to try that method and see what comes of it.

Last edited by whaleen (2011-04-21 21:51:54)


txtstrap (Textpattern + Twitter Bootstrap + etc…)

Offline

#788 2011-04-21 22:19:43

skrishi
Member
From: russia federation
Registered: 2011-02-25
Posts: 52
Website

Re: ign_password_protect

whaleen wrote:

In other words or in order of operation: If I register a user with mem_self_register and log them in to the front end with ign_show_login then they would have /textpattern access allowing for things like mem_self_edit to run on the front whereas if they logged in through /textpattern the hash would not be reconized as it was created by mem_self_register in a way that the core login cannot authenticate?
I’m not certain I understand but am going to try that method and see what comes of it.

Only do that in a letter came after the registration address of your site without /tehtpattern/, then your users will not even guess that there is another entrance.
For example: http://yousite.com instead http://yousite.com/textpattern/
Pay attention to the letter that comes after registration for user.

Offline

#789 2011-04-28 04:01:19

Manfre
Plugin Author
From: North Carolina
Registered: 2004-05-22
Posts: 588
Website

Re: ign_password_protect

I updated ign_password_protect to use the new password scheme added in one of latest versions of Txp (v4.3 or v4.4?). It’s the bug reported by skrishi above that prevented logging in from the public side. There was also a bug that resulted in content being parsed twice when wrapped by <txp:ign_password_protect>.

Version is bumped to an unofficial 0.6 and this is provided as-is with no guarantees. I needed the plugin for a project and I’m sharing the wealth. Download available on github

Offline

#790 2011-04-28 04:33:13

skrishi
Member
From: russia federation
Registered: 2011-02-25
Posts: 52
Website

Re: ign_password_protect

Manfre wrote:

I updated ign_password_protect to use the new password scheme added in one of latest versions of Txp (v4.3 or v4.4?). It’s the bug reported by skrishi above that prevented logging in from the public side. There was also a bug that resulted in content being parsed twice when wrapped by <txp:ign_password_protect>.
Version is bumped to an unofficial 0.6 and this is provided as-is with no guarantees. I needed the plugin for a project and I’m sharing the wealth. Download available on github

if ($phpass->CheckPassword($password, $hash)) {
if ($log) {
$name = safe_field("name", $ign_user_db, "name = '$safe_user' and privs > 0");
} else {
$name = $user;
}

I do not think that checking the privileges for logging into the public side is needed, otherwise you’ll have to give higher privileges to users and the admin side, and this may affect.

Offline

#791 2011-04-29 14:32:50

johnstephens
Plugin Author
From: Woodbridge, VA
Registered: 2008-06-01
Posts: 999
Website

Re: ign_password_protect

Manfre wrote:

I updated ign_password_protect to use the new password scheme added in one of latest versions of Txp (v4.3 or v4.4?). It’s the bug reported by skrishi above that prevented logging in from the public side. There was also a bug that resulted in content being parsed twice when wrapped by <txp:ign_password_protect>.

Version is bumped to an unofficial 0.6 and this is provided as-is with no guarantees. I needed the plugin for a project and I’m sharing the wealth. Download available on github

Thank you, Manfre! You are a superhero!

One thing I’ve noticed about the upgrade: Just like logging into Textpattern, a privilege level of “None” no longer works for ign_password_protect. As a workaround, I upgraded all my users to Freelancers and installed bot_privs to disable Textpattern access for that privilege level.

Offline

#792 2011-04-29 22:54:28

igner
Plugin Author
Registered: 2004-06-03
Posts: 337

Re: ign_password_protect

The original release of ign_pass_protect leveraged the fact that TXP allowed users with effectively zero privileges to log in, but not actually access anything. it was up to the individual page / function calls to check that the user had the relevant privileges.

From a VERY cursory review of 4.4, that little bit of funkiness has been removed from TXP, hence the > 0 check in Manfre’s code above. The upshot is that it will likely be necessary to re-map user privileges somewhat, to use the common txp user database and limit users to front-end access. perhaps stef or one of the other core developers can enlighten a little bit.

btw – mad props to manfre for stepping in and making that update (and just as importantly, sharing it with the community).


And then my dog ate my badger, and the love was lost.

Offline

Board footer

Powered by FluxBB