Re: M$loth messes with our sites (again)
This WebDNA talk-list message is from 2004
It keeps the original formatting.
numero = 55885
interpreted = N
texte = Clint,I use this scheme, but I'll be the first to admit that there's probably a better (more elegant/effective) way... that said, I've had it in use for about 5 months now, and as far as I can tell, it works pretty well.Your_login_page.html has a 2-field form on it ("USER_NAME" & "PASS_WORD"), and a few [showif]s to handle the errors.---------------------------------[!] -- ## Reject if referrer is not Login Page -- [/!] [hideif [referrer]^http://www.yoursite.com/your_login_page.html] [redirect your_login_page.html] [/hideif][!] -- ## END Reject if referrer is not Login Page -- [/!][showif [USER_NAME]=] [redirect your_login_page.html?error=USERNAME_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]][/showif][showif [PASS_WORD]=] [redirect your_login_page.html?error=PASSWORD_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]][/showif][text show=f]AUTHENTICATED_USERNAME=[lookup db=your_login.db&lookinfield=USER_NAME&value=[USER_NAME]&returnfield=USER_NAME¬Found=NOT_FOUND][/text][showif [AUTHENTICATED_USERNAME]=NOT_FOUND] [redirect your_login_page.html?error=USERNAME_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]][/showif][text show=f]AUTHENTICATED_PASSWORD=[lookup db=your_login.db&lookinfield=USER_NAME&value=[AUTHENTICATED_USERNAME]&returnfield=PASS_WORD¬Found=NOT_FOUND][/text][hideif [PASS_WORD]=[AUTHENTICATED_PASSWORD]] [redirect your_login_page.html?error=PASSWORD_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]][/hideif]---------------------------------HTH-Dan------------------------------------------------------------http://www.StrongGraphicDesign.comhttp://www.SearchBoise.com------------------------------------------------------------On Tue, 03 Feb 2004 13:55:41 -0600 Clint Davis
wrote:>This is going to f#@$ up at least 3 of my client's sites that use this>method of login.>>I have a form setup where users enter the username and password. The form>posts to the same page where the user/pass combo is checked against the>Users.db.>>If a match is found, the user redirected to a>http://username:password@domain.tld/home.tpl page so that IE caches the>information and prevents an authentication dialog.>>Does anyone else have cross-browser, cross-platform method of logging in>through a form? >>>>On 2/3/04 9:06 AM, "John Peacock" wrote:>>> I am aware that in the past there was discussion of people using>> >> http://username:password@domain.tld>> >> with their sites (for various purposes including Log Out from a secure site).>> However, M$loth has disable this feature in order to paper over other problems>> with their security model. Here are the details:>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489>> >> Note especially that this stupid regression can only be disable by editing the>> registry.>> >> Yet another reason to run Mozilla/Opera/etc...>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Clint,I use this scheme, but I'll be the first to admit that there's probably a better (more elegant/effective) way... that said, I've had it in use for about 5 months now, and as far as I can tell, it works pretty well.Your_login_page.html has a 2-field form on it ("USER_NAME" & "PASS_WORD"), and a few [showif]s to handle the errors.---------------------------------[!] -- ## Reject if referrer is not Login Page -- [/!] [hideif [referrer]^http://www.yoursite.com/your_login_page.html] [redirect your_login_page.html] [/hideif][!] -- ## END Reject if referrer is not Login Page -- [/!][showif [USER_NAME]=] [redirect your_login_page.html?error=USERNAME_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]][/showif][showif [PASS_WORD]=] [redirect your_login_page.html?error=PASSWORD_BLANK[hideif [user_name]=]&user_name=[user_name][/hideif]][/showif][text show=f]AUTHENTICATED_USERNAME=[lookup db=your_login.db&lookinfield=USER_NAME&value=[USER_NAME]&returnfield=USER_NAME¬Found=NOT_FOUND][/text][showif [AUTHENTICATED_USERNAME]=NOT_FOUND] [redirect your_login_page.html?error=USERNAME_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]][/showif][text show=f]AUTHENTICATED_PASSWORD=[lookup db=your_login.db&lookinfield=USER_NAME&value=[AUTHENTICATED_USERNAME]&returnfield=PASS_WORD¬Found=NOT_FOUND][/text][hideif [PASS_WORD]=[AUTHENTICATED_PASSWORD]] [redirect your_login_page.html?error=PASSWORD_NOTFOUND[hideif [user_name]=]&user_name=[user_name][/hideif]][/hideif]---------------------------------HTH-Dan------------------------------------------------------------http://www.StrongGraphicDesign.comhttp://www.SearchBoise.com------------------------------------------------------------On Tue, 03 Feb 2004 13:55:41 -0600 Clint Davis wrote:>This is going to f#@$ up at least 3 of my client's sites that use this>method of login.>>I have a form setup where users enter the username and password. The form>posts to the same page where the user/pass combo is checked against the>Users.db.>>If a match is found, the user redirected to a>http://username:password@domain.tld/home.tpl page so that IE caches the>information and prevents an authentication dialog.>>Does anyone else have cross-browser, cross-platform method of logging in>through a form? >>>>On 2/3/04 9:06 AM, "John Peacock" wrote:>>> I am aware that in the past there was discussion of people using>> >> http://username:password@domain.tld>> >> with their sites (for various purposes including Log Out from a secure site).>> However, M$loth has disable this feature in order to paper over other problems>> with their security model. Here are the details:>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;834489>> >> Note especially that this stupid regression can only be disable by editing the>> registry.>> >> Yet another reason to run Mozilla/Opera/etc...>>>------------------------------------------------------------->This message is sent to you because you are subscribed to> the mailing list .>To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
"Dan Strong"
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Secure server question (1997)
Running _every_ page through WebCat-error.html (1997)
Protect (1997)
ShippingCosts (1998)
Add a field to the error log? (1997)
problems with 2 tags shakur (1997)
Problems with [Applescript] (1997)
search context w shownext works! (1997)
Share cost of training videos! (1998)
Webmerch Error (1998)
WebCat2: Items xx to xx shown, etc. (1997)
Ok here is a question? (1997)
Announce: WebMerchant 3.0 for Mac shipping now (1998)
WebCat2b15MacPlugin - showing [math] (1997)
Ship Cost Not working (2000)
PCS Frames (1997)
Web Catalog vs. ICAT (1997)
Public beta 2 for WebCatalog 4.0 is now available. (2000)
trouble updating records in database (1998)
FAX orders (1996)