You *can!!* overwrite username/password using an HTML form. Also, experts *please* see Q at end

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 34077
interpreted = N
texte = For the record... Brice Le Blevennec has been vindicated. You *can!!* overwrite username/password using a custom HTML form, rather than requiring your users who need to access protected pages to go thru the browser's authenticate dialog. Brice is using the technique on Mac/Webstar and now it is working for me on Linux/Redhat.Here's Brices instructions- ***** It takes 4 pages (1->4) but works decently. Here is my code.I assume that .tpl pages goes through WC without the tag. (I deleted all and tags)1) Login.tpl
2) step1.tpl (this force the WC var in http headers) [redirect http://[username]:[password]@http://www.adomain.com/step2.tpl]3) step2.tpl (this remove them from the URL) [include file=^protect.inc&groups=mygroup] 4) step3.tpl (this redirect to a protected page) [redirect http://www.adomain.com/anypage.tpl]5) anypage.tpl (can be any page protected by Authenticate). [include file=^protect.inc&groups=mygroup] Hello [username], [password]. *****I couldn't get it to work before because nowhere on MY test step2.tpl (see above) was there an [authenticate] or [protect] tag. One of those tags *must* be on the page where the [redirect] goes (the [redirect] you use to construct the URL with the 'username:password' in it - see step1.tpl above) I don't understand why it needs to be there, because even if you wrap it in a [showif] which will definately evaluate to false if *just* the username is valid (but the password doesn't have to be valid for the [showif] to evaluate false) and login with a proper username but invalid password (thus the [showif] skips over the [authenticate]) it somehow still gets the username and password that were input in the HTML form into the browsers's cache (at least that is where you guys tell me username and password live). But without that [authenticate] it will never get into the browser's cache - whether the username is valid or not, and whether the password is valid or not (ie- under no circumstances). I did tests using [elapsedtime] to see if webcat really does skip over things wrapped in a [showif] which evalutes to false and it does indeed seem to (as opposed to reading the code and then removing it 'after the fact') , so then**** !!! WHY DOES the [authenticate] have to be on step2.tpl even if the user inputs a proper username which would skip over the tag in the first place?? !!! ****can anyone explain this very bizarre (but in this case advanatgeous) behaviour?? ?? -John ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: You *can!!* overwrite username/password using an HTML form. Also, experts *please* see Q at end (Clement Ross 2000)
  2. Re: You *can!!* overwrite username/password using an HTML form. Also, experts *please* see Q at end (John Butler 2000)
  3. Re: You *can!!* overwrite username/password using an HTML form. Also, experts *please* see Q at end (John Peacock 2000)
  4. Re: You *can!!* overwrite username/password using an HTML form. Also, experts *please* see Q at end (Clement Ross 2000)
  5. You *can!!* overwrite username/password using an HTML form. Also, experts *please* see Q at end (John Butler 2000)
For the record... Brice Le Blevennec has been vindicated. You *can!!* overwrite username/password using a custom HTML form, rather than requiring your users who need to access protected pages to go thru the browser's authenticate dialog. Brice is using the technique on Mac/Webstar and now it is working for me on Linux/Redhat.Here's Brices instructions- ***** It takes 4 pages (1->4) but works decently. Here is my code.I assume that .tpl pages goes through WC without the tag. (I deleted all and tags)1) Login.tpl
2) step1.tpl (this force the WC var in http headers) [redirect http://[username]:[password]@http://www.adomain.com/step2.tpl]3) step2.tpl (this remove them from the URL) [include file=^protect.inc&groups=mygroup] 4) step3.tpl (this redirect to a protected page) [redirect http://www.adomain.com/anypage.tpl]5) anypage.tpl (can be any page protected by Authenticate). [include file=^protect.inc&groups=mygroup] Hello [username], [password]. *****I couldn't get it to work before because nowhere on MY test step2.tpl (see above) was there an [authenticate] or [protect] tag. One of those tags *must* be on the page where the [redirect] goes (the [redirect] you use to construct the URL with the 'username:password' in it - see step1.tpl above) I don't understand why it needs to be there, because even if you wrap it in a [showif] which will definately evaluate to false if *just* the username is valid (but the password doesn't have to be valid for the [showif] to evaluate false) and login with a proper username but invalid password (thus the [showif] skips over the [authenticate]) it somehow still gets the username and password that were input in the HTML form into the browsers's cache (at least that is where you guys tell me username and password live). But without that [authenticate] it will never get into the browser's cache - whether the username is valid or not, and whether the password is valid or not (ie- under no circumstances). I did tests using [elapsedtime] to see if webcat really does skip over things wrapped in a [showif] which evalutes to false and it does indeed seem to (as opposed to reading the code and then removing it 'after the fact') , so then**** !!! WHY DOES the [authenticate] have to be on step2.tpl even if the user inputs a proper username which would skip over the tag in the first place?? !!! ****can anyone explain this very bizarre (but in this case advanatgeous) behaviour?? ?? -John ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ John Butler

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Authenticate (1997) Help formatting search results w/ table (1997) Shopping cart now bad (1997) Can I invoke an ssi plugin from within a webcat page (1997) Runtime version ... (2003) Download Question (1997) emailer and bad addresses (1997) [/application] error? (1997) [WebDNA] Set UID/GID/Permissions (2009) WebCatalog 2.0.1 NT beta 1 released (1997) Reserved words - Enhancement request (2000) Counting LineItems (2000) [OT] Happy Turkey Day! (2003) For you expert WebDNA coders (was Interesting speed (2003) Running 2 two WebCatalog.acgi's (1996) WebCatalog for guestbook ? (1997) RE: WebCatalog2 for NT Beta Request (1997) Error Msg (1998) First postarg not taking in $Commands (1997) & in Lookups (1997)