73 replies to this topic

[Ralph]

mikef, on Jun 18 2006, 03:55 PM, said:

Unlikely.

I have what I believe is the current latest index.php, and it has the error in the code for generating the protocol. I don't recall there being any advice that any of the patches needed to be applied before installation, so none would have corrected the error in config.inc.php.

I'm not a believer in replacing code with patched versions that solve unknown problems in the hope that they won't break anything else and might just happen to address this problem. patches generally get tested for the problems they aim to solve, rather than full regression testing.

I have no idea what the current set of patched files are, because they aren't gathered together in a coherent fashion, with what they fix.

I'll look at the code in the relevant routines later, and see if I can find anything, but the will probably not be before tomorrow evening.

Just use the patched files... They solve problems... Period... If I wasn't entirely confident that the files are better than the files they replace they never would have been posted for use... Changelog or no changelog, the newest files are the ones to use if you are having any problems...

[mikef]

Ralph (rad14701), on Jun 18 2006, 09:45 PM, said:

Just use the patched files... They solve problems... Period... If I wasn't entirely confident that the files are better than the files they replace they never would have been posted for use... Changelog or no changelog, the newest files are the ones to use if you are having any problems...

OK, I've used them. Corrected the protocol bug in index.php again. no change.

calling authenticate_visitor with no params, either using [[ or [!

with the correct password, the necessary session variables aren't set when the page is refreshed, the full set being:

<!-- session :_logging_first_hit:1: -->
<!-- session :visitorLogged:1: -->
<!-- session :userAgentLogged:1: -->
<!-- session :operatingSystemLogged:1: -->
<!-- session :hostNameLogged:1: -->

with an incorrect password, I get an error message
with the correct password, and an id set for the target page, it goes to the target page; the required session variables are still missing.

[Ralph]

mikef, I wasn't able to get to the phpinfo via the link... This one's got me intrigued...

[mikef]

Ralph (rad14701), on Jun 19 2006, 03:01 AM, said:

mikef, I wasn't able to get to the phpinfo via the link... This one's got me intrigued...

Works for me ... http://test.artgocollective.co.uk/phpinfo.php ... maybe the server or something was offline? The site is on http://test.artgocollective.co.uk/example/

[jkn]

Hi,

Can anyone help me with sessions and authenticate_visitor?
I have this snippet and user can successfuly login (for gallery managment), but I want to give him oportunity to log into Etomite manager with current session. Simple redirection through link <a href="manager/index.php"> cause starting of new session and user have to log-in again.
I'm not a professional webmaster, please, forgive me if the question is simple

regards,
Jakub

[mikef]

I think its unlikely that will be possible. Front end and manager logins were deliberately split in Etomite 0.6.1.

[Psycho Mantis]

Hi.

I would like to check the permissions of the documents in the ListSiteMap snippet in order to display only the public documents.

What's the best way to do this?

Thanks a lot in advance!

[Ralph]

Psycho Mantis, on Jul 14 2006, 09:22 AM, said:

Hi.

I would like to check the permissions of the documents in the ListSiteMap snippet in order to display only the public documents.

What's the best way to do this?

Thanks a lot in advance!

You may need to wait for the modified code that I am currently testing in order to properly perform such checks... I have a working version of ListMenu that only displays menu options that visitors/users have permissions to access and if they attempt to bypass the menu and call documents directly they are denied access...

[sysco Brosinozky]

Hello Ralph, I suggest for module snippet authenticate_visitor modification for front end in your web like this:
Before:
--------
// create the complete captchaCode HTML code block for optional insertion
$captcha =
' <tr>
<td>
'.$captcha_lbl.'
</td>
<td>
'.$_captcha.'
</td>
</tr>
<tr>
<td colspan="2" style="text-align:center;">
'.$etomite->getCaptchaCode().'
</td>
</tr>';

After modifications:
-----------------------
// create the complete captchaCode HTML code block for optional insertion
$captcha = '
<span class="alignCenter">'.$etomite->getCaptchaCode($alt='CaptchaCode', $title='Security Code', $width="120", $height="40").'</span>';
================================================

Before:
----------
<div class="loginForm">
<table class="loginTable">
<tr>
<th colspan="2">Visitor Login</th>
</tr>
<tr>
<td>$username_lbl</td>
<td>$_username</td>
</tr>
<tr>
<td>$password_lbl</td>
<td>$_password</td>
</tr>
$captcha
<tr>
<td colspan="2" class="alignCenter">
$_submit
$_reset
</td>
</tr>
</table>
</div>

After Modification:
--------------------
<div class="loginForm">
<!-- <h6 class="alignCenter">User Login</h6>-->
<div class="alignRight">
<table width="16%" border="0">
<tr>
<td width="42%" align="right">$username_lbl</td>
<td width="58%">$_username</td>
</tr>
<tr>
<td align="right">$password_lbl</td>
<td>$_password</td>
</tr>
<tr>
<td align="right">$captcha_lbl</td>
<td>$_captcha</td>
</tr>
<tr>
<td colspan="2" align="center">$captcha</td>
</tr>
<tr>
<td colspan="2"><span class="alignCenter">$_submit $_reset</span></td>
</tr>
</table>
</div>
=============================================

Very nice for Front template snippet...

[Psycho Mantis]

One issue I just noticed with the authenticate snippet is, that when you have more than one Etomite-based website running on the same server, logins get confused.

I have three websites - all with individual databases - running on the same server. When I login on - say page A - and then open a new tab/window and check my page B, I can access the restricted pages on page B, although I didn't log on and the login (password/username) is different (page A was Testuser, page B the admin).

Don‘t know what can be done about it, just thought I'd let you know.

[Ralph]

Psycho Mantis, on Nov 26 2006, 08:18 AM, said:

One issue I just noticed with the authenticate snippet is, that when you have more than one Etomite-based website running on the same server, logins get confused.

Yes, this is a known issue which will be addressed in future releases... Just getting visitor permissions to work in conjunction with the manager proved to be quite a task with the existing code base and time did not allow for further refinements... The entire multi-site and multi-install dilema will be considered from the beginning of the development cycle so as to avoid such grief as development progresses...

[Bjarne]

First I think is a brilliant feature. Kudos to all of you struggling to make Etomite my favourite CMS, and I have tried A LOT!

I plan to use the authenticate_visitor for the first time now, and it works fine. But I have a problem with the captcha code. When I enable, it becomes impossible to log in. As long as they are disabled, no problem, but once I turn them on, I only get an error message. On the manager log in, captcha works fine, but not with this snippet. Any clous?

[Ralph]

Bjarne, on Feb 24 2007, 12:12 PM, said:

First I think is a brilliant feature. Kudos to all of you struggling to make Etomite my favourite CMS, and I have tried A LOT!

I plan to use the authenticate_visitor for the first time now, and it works fine. But I have a problem with the captcha code. When I enable, it becomes impossible to log in. As long as they are disabled, no problem, but once I turn them on, I only get an error message. On the manager log in, captcha works fine, but not with this snippet. Any clous?

If enabled, you must include code which checks to assure that the proper captcha code has been entered... This means that when you attempt to process your form you need to call $etomite->validCaptchaCode($captchaCode) unless you are using $etomite->userLogin($username,$password,$rememberme=0,$url="",$id="",$alias="",$use_captcha=0,$captcha_code="")... The authenticate_visitor snippet uses the second method... I'm not sure, without doing some checking, whether the snippet I'm using is any different than what is posted here or not... The code displayed in the tutorial on my site is the exact snippet that I am using...

[Bjarne]

Strange. I replaced the snippet code form the library here, with the one you use, but it only resulted in a parse error, saying there was "an unexpecteds TS_L in Line 245". So I return to the one from the library. Have tried various ways to set the snippet call, but no matter what I do, it won't validate the security code. For now I run without captcha, wich is OK I guess, but I like the captcha-idea, and think it looks good, besides it's security perks.

I don't understand very much of what you try to tell me, Ralph, but I guess this is the code you are mentioning. It is from the snippet in the library, the same as I use:

// perform the user login attempt
  $etomite->userLogin($username,$password,$rememberme,$url,$id,$alias,$use_captcha,$captcha_code=$captcha);

You are using the exact same in your "tutorial".

Edited by Bjarne, 24 February 2007 - 09:45 PM.

[johnCarlson]

I have a new question that I haven't found on the forums yet but here it is.

I have the authenticate user snippet in my template so that it is on all pages. (maybe this is the first problem)

but then I am making another snippet for a newsletter and I have a form for the visitor to fill out and then submit to subscribe to the newsletter, but when you submit the form it returns the alert for the login form. I'm not sure what is going on.

Any help would be greatly appreciated.

INFO:
Server: Linux, Apache, PHP 4, MYSQL 4.1*
Etomite: 6.1.3 prelude
URL to the newsletter form: http://www.ffeic.org/index.php?id=86

thanks in advance,
John

P.S. Still loving the system

EDIT: this only happens when there is no user logged in!

EDIT: Well I figured this one out on my own . OK here is the issue, the snippet looks for $_POST['submit'] which is the submit button. , well I fixed my newsletter form by just changing the name of the submit button to nsubmit, so that when I submit that form it doesn't find the $_POST['submit'] variable

Edited by johnCarlson, 05 March 2007 - 07:55 PM.

[Ralph]

johnCarlson, on Mar 5 2007, 02:42 PM, said:

I have a new question that I haven't found on the forums yet but here it is.

I have the authenticate user snippet in my template so that it is on all pages. (maybe this is the first problem)

but then I am making another snippet for a newsletter and I have a form for the visitor to fill out and then submit to subscribe to the newsletter, but when you submit the form it returns the alert for the login form. I'm not sure what is going on.

<<< SNIP >>>
EDIT: this only happens when there is no user logged in!

EDIT: Well I figured this one out on my own . OK here is the issue, the snippet looks for $_POST['submit'] which is the submit button. , well I fixed my newsletter form by just changing the name of the submit button to nsubmit, so that when I submit that form it doesn't find the $_POST['submit'] variable

Yep, you found the reason behind the problem... A better fix would be to edit the authenticate_visitor snippet to use an alternate name for the submit, like auth_submit, as you will most likely have the same issue with other forms unless you make every one of them different than the standard submit...

[Bjarne]

I have played a little with the opportunities the if($_SESSION['validated']) make, and have integrated a link to the login page in my main menu, that switches from "log in" to "log out" when $validated == true. This looks good, but I think it is on click to much as long as you have to go to the page where the autenticate_visitor snippet resides to click the logout button. How can I make the user logged out simply by clicking the "log out" in the main menu, no matter wich page he is reading? Do I have to call the snippet in the template, and remove the output? Something like <a href="#" onClick="logout.submit()">Log out</a> should do the trick, but how?

Edited by Bjarne, 20 March 2007 - 05:46 PM.

[Jelmer]

Luckely "someone" already created a snippet for this

It's attached at the bottom of this post: http://www.etomite.com/index.php?sh...d&pid=39232

[Bjarne]

Jelmer, on Mar 20 2007, 06:59 PM, said:

Luckely "someone" already created a snippet for this

It's attached at the bottom of this post: http://www.etomite.com/index.php?sh...d&pid=39232

Excellent. Just what I needed. I only had to make a small adjustment, so the user stays put if it is an unprotected page, and to the loginpage if it is an protected one.

[Cris D.]

I am studting this snippet in an attempt to understand how forms are submitted. I'm a little confused with the line 95.

  // create the <form> element
  $_openform = $form->openform(array(
	'id'=>'authenticate_visitor',
	'action'=>'',
	'method'=>'post',
   Line 95... 'onsubmit'=>'return v.exec()'
	)
  );

Where is this function v.exec(), defined? Is it part of the closing tage of the
//$form->openform() ? It doesnt look like it, as it is part of the array. This also is not mentioned in the New formclass page on Ralph's site. I also can't find it referred to else where in the snippett. And I cant find reference to it in the php site. Hmmmm.
[EDITED 6/5/07] Anyone?
EDIT 8/7/07 Found it: part of the Tigra Validation calling to execute the script.

Edited by Cris D., 08 July 2007 - 12:18 PM.