63 replies to this topic

[ruben]

I understood that this will be part of the core of the next version.
Please correct me if I'm wrong.

[Jelmer]

Whether it's basic to a CMS depends on your definition. It's definately standard in a portal, which Etomite is _not_.

But what you want can definately be achieved using the information in this topic. As a matter of fact, I'm using the same functionality!

[Jim Browski]

Hi there,

i made a fresh install of etomite 0.6.1.2 and followed the instructions ... mostly. I did not update the index.php (1) as mentioned because i supposed eto 0.6.1.2 already contains the one with the new permission API. All the other steps i followed word by word and added the authListMenu and the LogInOut-Snippet to my template.

First it seemed to work. I can login as a member, but then i still have no access to my so-called "member-area". And when i log in i got redirected to my "login-failed.html"-page, but the snippet on that page shows me that i have successfully logged in.

This behaviour can be seen at my eto testsite:
http://test.bildcontext.org/etomite2/
I generated two members, the first as "member1" with pwd "testme", the second as "member2" with pwd "member2".
The Login-Link is at the bottom right, and the Member Area is the last point at the menu. For testing purposes now the standard ListMenu is used again.

It would be nice if someone could take a look and give me some advice. If it's necessary i also could provide access to the manager.

Edited by Jim Browski, 23 October 2006 - 10:55 PM.

[Ralph]

Jim Browski, on Oct 23 2006, 06:46 PM, said:

I did not update the index.php (1) as mentioned because i supposed eto 0.6.1.2 already contains the one with the new permission API.

You really need to update the index.php file as that is the actual parser... If you don't update that file you may as well not update at all... The new parser should be virtually 100% backwards compatible with any snippets you currently have with the exception that visitor permissions now work as I had originally intended and no longer need additional work-arounds... Or did I misunderstand your post in that you didn't upload the old version of the parser that is present in the package...???

[Jim Browski]

Ralph (rad14701), on Oct 24 2006, 02:00 AM, said:

... Or did I misunderstand your post in that you didn't upload the old version of the parser that is present in the package...???

Thanks for the reply.
As i'm no english native speaker sometimes it's hard for me to say exactly what i'm thinking of
Sorry for that. I think there is some misunderstanding.

I do use the index.php file that is shipped with the download package of eto 0.6.1.2.
I do not use the modified index.php file Jelmer in the orginal post has linked to.

Is this wrong?

The rest of Jelmers posting i followed step by step ...

[Ralph]

Okay, Jim, I see the problem now... Not sure exactly why the authentication check isn't working but it's most likely just a minor fix to get things working... At this point Jelmer might be more up to speed on this particular issue and maybe he can shed some ligth on the subject... If not, feel free to PM me with login spec's and I'll see what I can resolve the problem...

[Jelmer]

I use visitor authentication with the latest Etomite PL2 release so it should work. Sounds like you haven't got your usergroups/docgroups etc set right. I'm willing to take a look as well. Let me know!

[Jim Browski]

Jelmer, on Oct 24 2006, 06:57 PM, said:

I use visitor authentication with the latest Etomite PL2 release so it should work. Sounds like you haven't got your usergroups/docgroups etc set right. I'm willing to take a look as well. Let me know!

Hi Jelmer, you're welcome! I will PM you my login specification for the testsite so that you can take a look. Thanks in advance.

[Jim Browski]

Hi, there ...

IT WORKS! :!:

The credits go to Jelmer. I PM'ed him my login details and he found this tiny little checkmark that caused the problem in just a minute.
I'm ashamed to say it but for all the users that may struggle with similar probs ...
i just did not put the members to the members group.

Ok, stop laughin' and get back to business.

[Psycho Mantis]

Thanks everybody for this great tutorial.

I have one little problem though. When I use the LoginOut snippet and click on the "Logout" link, I get following SQL error:

« Error »

Etomite encountered the following error while attempting to parse the requested resource:
« Row count error in template query result. »
	  SQL: SELECT * FROM `isr7`.etomite_site_templates WHERE `isr7`.etomite_site_templates.id = ''; 
	  [Copy SQL to ClipBoard]
 
Parser timing
  MySQL:	 0.0079 s s	(2 Requests)
  PHP:	 0.0229 s s	 
  Total:	 0.0307 s s

Logout via submit button (authenticate_visitor snippet) works fine.

What's wrong?

Thanks in advance!

[Ralph]

Psycho Mantis, on Nov 24 2006, 08:23 AM, said:

Thanks everybody for this great tutorial.

I have one little problem though. When I use the LoginOut snippet and click on the "Logout" link, I get following SQL error:

« Error »

Etomite encountered the following error while attempting to parse the requested resource:
« Row count error in template query result. »
	  SQL: SELECT * FROM `isr7`.etomite_site_templates WHERE `isr7`.etomite_site_templates.id = ''; 
	  [Copy SQL to ClipBoard]
 
Parser timing
  MySQL:	 0.0079 s s	(2 Requests)
  PHP:	 0.0229 s s	 
  Total:	 0.0307 s s

Logout via submit button (authenticate_visitor snippet) works fine.

What's wrong?

Thanks in advance!

Without seeing the actual page in question it is difficult to give an answer... I'm wondering if it might be possible that one snippet is throwing an error because of the previous actions of another snippet... It does seem odd that you are getting a template error, however, and this sounds vaguely familiar to me for some reason... Which Etomite release are you using...???

[Psycho Mantis]

I'm using 0.6.1.2

The site URL is http://www.isr.tu-berlin.de/guilan

[Ralph]

Psycho Mantis, on Nov 26 2006, 07:03 AM, said:

I'm using 0.6.1.2

The site URL is http://www.isr.tu-berlin.de/guilan

Here is a copy of the PM that I sent to Psycho Mantis after taking a hands-on look at the site in question... I'm posting this here just in case it might help someone else with a similar problem in the future... I will also give more of an explanation on why this problem was encountered in the first place afterwards...

Quote

Your site is fixed... The problem was in the LoginOut snippet... It was a minor issue that went undetected but was fully visible in the browser status bar...

I changed:
CODE
if($_SESSION['validated']) { $output = '<a href="[~1~]?logout=1">Logout ('.$_SESSION['shortname'].')</a>'; }

To:
CODE
if($_SESSION['validated']) { $output = '<a href="[~1~]&amp;logout=1">Logout ('.$_SESSION['shortname'].')</a>'; }

The problem is that you can only have one ? in your URL's GET arguments... Changing the second one to &amp; assures XHTML compliance but it could have just as easily been left as &...

This issue arose because Psycho Mantis apparently forgot, or was unaware, that when using [~1~] etomite uses the makeUrl() API function call to determine what type of link needs to be returned, FURL or non-FURL, based on Etomite configuration and the possible presence of a document alias... This is something that needs to be taken into consideration along with the fact that you can only have one ? in your URL... The minor error in his snippet code was causing his Logout link to be constructed as http://<full_domain_name>/index.php?id=1?logout=1 which, as you can see, has two ?'s...

[cathode]

Is this still the preferred method of limiting parts of the site to certain frontend users in Etomite 0614?

[Ralph]

cathode, on Jul 13 2007, 01:47 PM, said:

Is this still the preferred method of limiting parts of the site to certain frontend users in Etomite 0614?

When working with internal URL's within snippets it's probably good practice to use makeUrl() for URL construction as it does more error checking... This would be coded as follows... The resulting code will return the proper code whether Friendly URL's and Friendly Aliases are enabled or not...

if($_SESSION['validated'])
{
  $output = '<a href="'.$etomite->makeUrl($id=1, $alias=$etomite->aliases[1], $args="?logout=1").'">Logout ('.$_SESSION['shortname'].')</a>';
}

[Cris D.]

I've been using this method in some of my snippets. Is there any security issues in doing it this way for showing data on the same page (not a URL re-direction)?

$doc=$etomite->documentIdentifier;
$show=$etomite->checkPermissions($doc);
if($show==1){
run code for logged in, validated user with permissions to edit this page;
}else{
run code for non-logged in visitors or logged in users without permissions for editing this page;
}

EDITED:
1st of all, I just noticed in the checkPermissions() code, that the documentIdentifier is set to $this->documentIdentifier by default, which makes the $doc call obselete.

2nd: If I have read the API code correctly user roles MUST be enabled for this work, otherwise if document permissions aren't in use, everyone will have access to the logged in code because the function returns true by default in this case. Therefore, it looks like I have answered my own question again. No, this is NOT OK (unless the site has document permissions enabled).

Therefore, to write snippets for users who may or may not have document permissions enabled I should be using something like...

$show=0;
$permission=0;
$permission=$etomite->checkPermissions();
if($_SESSION['validated'] && $permissions==1){$show=1;}
if($show==1){
run secure code;
}else{
run unsecure code;
}

Please correct me if I am wrong.

Edited by Cris D., 14 July 2007 - 10:03 AM.

[Ralph]

@Cris D.

Your method should work with simple authentications as well... When visitor permissions are not enabled checkPermissions() should check against the documents authenticate flag... Hence, simple authentication... The method I use is displayed below...If you are only checking the current document you can omit $id but I generally keep it in place because most of the time I am using this for conditional menu item generation and I use whatever variable suits my needs in place of $id... Because checkPermissions() always returns TRUE or FALSE, any additional code is just wasting server clock cycles...

if($etomite->checkPermissions($id))
{
  ...do something...
}
else
}
  ...do whatever needs to be done on failure, or omit this part...
}

[darren]

Ok here's a nub question. I've read this and the authenticate_visitor thread over and over and can't log in sucessfully
using 0.6.1 Final (PL:4) (Prelude) both IE/FF, PHP Version 5.1.3, IIS
have user groups, doc groups and user/doc links set up
I have a role created, and a user with that role and permissions for the doc group checked.
I have a document, with Authenticate checked and document group checked under 'permissions'
When I log in with authenticate_visitor nothing happens. it is checking the user/password and captcha correctly, just doesn't give me permission to view the document.

I know this is something easy but I'm missing it.and open for sugestions. willing to pm my login, even. It's just a testing/development site but do want to include this on a site next month. thx

[Ralph]

darren, on Sep 5 2007, 05:35 PM, said:

Ok here's a nub question. I've read this and the authenticate_visitor thread over and over and can't log in sucessfully
using 0.6.1 Final (PL:4) (Prelude) both IE/FF, PHP Version 5.1.3, IIS
have user groups, doc groups and user/doc links set up
I have a role created, and a user with that role and permissions for the doc group checked.
I have a document, with Authenticate checked and document group checked under 'permissions'
When I log in with authenticate_visitor nothing happens. it is checking the user/password and captcha correctly, just doesn't give me permission to view the document.

I know this is something easy but I'm missing it.and open for sugestions. willing to pm my login, even. It's just a testing/development site but do want to include this on a site next month. thx

How about taking baby steps... See if simple authentication works first - then move on to full-blown visitor permissions... Although I haven't written a tutorial on how to work your way through this, it probably wouldn't be a bad idea... But that doesn't mean I have necessarily time to write one this evening either...

First, simple authentication... Do you know if the login is working...??? If so, move on to checking for simple authentication which is based on whether or not a visitor is logged in (authenticated)... Do you get any errors to this point...???

Post back with your results and we can go form there... Worst case scenario, PM me login spec's and I'll take a hands-on look at your install...

[darren]

I just threw the welcomeguest snippit on the page since it performs the simple authentication and it will not recognize me as logged in. also tried with loginout just for fun, without success