General Support2 sam2kb Aug 28, 2012 07:52
b2evolution CMS Support Forums- b2evolution Support
- General Support
- Update to 4.1.5… My URL which contain login and password…
1 petervv Aug 27, 2012 14:16
3 petervv Aug 30, 2012 09:02
Too bad.
If there are no bypass, I have to revert to the previous version then…
4 sam2kb Aug 30, 2012 18:24
See this http://manual.b2evolution.net/Crumbs
5 petervv Aug 31, 2012 12:44
I'm sorry, I don't see how implementing crumbs could help me!
6 sam2kb Aug 31, 2012 16:06
I just wanted to say that it's a very important security feature, you can't disable it and there's no workaround.
Where are you using that kind of links with passwords?
7 petervv Aug 31, 2012 18:22
Well, my blog is essentially for internal matters. No one is supposed to access from outside!
I've set all browsers in my company to open up with our blog, so everybody gets the fresher news as soon as they arrive. But as it is only internal, I don't really want them to connect using a login and a password, so I've just modified the homepage of the browsers to point to the blog. It was quite OK putting the login and password in the URL…
8 sam2kb Aug 31, 2012 21:51
You can easily autologin any visitor with a plugin.
I'll post you an example if you want.
9 petervv Sep 03, 2012 14:12
With pleasure !
10 sam2kb Sep 03, 2012 21:12
- save this code as _my.plugin.php
- change guest user login
- put the file in /plugins directory
- install new plugin and enjoy :)
Use this link to auto login
yourblog.tld/index.php?autologin=true<?php
/**
* My plugin description
*/
if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' );
class my_plugin extends Plugin
{
var $name = 'My first plugin';
var $code = 'myplugincode';
var $priority = 50;
var $version = '0.0.1';
function PluginInit( & $params )
{
$this->short_desc = $this->T_('My first plugin');
$this->long_desc = $this->T_('A longer description for my first plugin');
}
function SessionLoaded()
{
global $Session, $UserSettings;
if( param('autologin', 'boolean') )
{ // Proceed only if requested [ /index.php?autologin=true ]
if( ! $Session->has_User() )
{
load_class( 'users/model/_usersettings.class.php', 'UserSettings' );
$UserSettings = new UserSettings();
// Authenticate the visitor as user with login "admin"
// WARNING: You should create a basic user and use its login here instead!!!
$UserCache = & get_UserCache();
if( $guest_User = & $UserCache->get_by_login('admin') )
{
$Session->set_User( $guest_User );
$this->msg('You have been authenticated as user "admin"!');
}
}
}
}
}
?>
You can't use direct links to login any more. It's a new security feature. You must submit the login form each time.