Menu
▾
▴
pagekit-users — Discussions among Page users.
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(2) |
Feb
(1) |
Mar
|
Apr
(18) |
May
(53) |
Jun
(76) |
Jul
(13) |
Aug
(11) |
Sep
(3) |
Oct
(26) |
Nov
(12) |
Dec
(14) |
| 2002 |
Jan
(5) |
Feb
(21) |
Mar
(34) |
Apr
(34) |
May
(11) |
Jun
(5) |
Jul
(4) |
Aug
(58) |
Sep
(50) |
Oct
(32) |
Nov
(56) |
Dec
(3) |
| 2003 |
Jan
(7) |
Feb
(21) |
Mar
(9) |
Apr
(2) |
May
(2) |
Jun
(29) |
Jul
(7) |
Aug
(5) |
Sep
(15) |
Oct
(18) |
Nov
(6) |
Dec
(10) |
| 2004 |
Jan
(14) |
Feb
(6) |
Mar
(17) |
Apr
(33) |
May
(13) |
Jun
(9) |
Jul
(22) |
Aug
(15) |
Sep
(9) |
Oct
(7) |
Nov
(19) |
Dec
(7) |
| 2005 |
Jan
(2) |
Feb
(4) |
Mar
(1) |
Apr
|
May
(3) |
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
(10) |
Dec
|
| 2006 |
Jan
(4) |
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
(4) |
Jul
(10) |
Aug
(1) |
Sep
(2) |
Oct
(2) |
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
(16) |
Sep
(6) |
Oct
(2) |
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2014 |
Jan
|
Feb
(2) |
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Boris Z. <bz...@2b...> - 2004-07-17 09:10:02
|
Hi Shimon, Am Samstag 17 Juli 2004 01:38 schrieb Shimon Rura: > Hi, > > I'm not sure if this is the place to ask this question, but perhaps you can > help (or point me somewhere more appropriate). I've got a pagekit site at > http://frassle.rura.org which runs on Apache2. The site has one page that > contains a form for posting or editing a message, called note_add_edit. > When you type your note and click the submit button, it submits to > note_add_edit_2. > Paul G. Weiss found already a bug in libapreq2, that might be the same as yours. It is discussed in the on the apr...@ht... mailinglist. Im short on time later I search for some pointers for you. In short the bug showup with ssl support and is not seen without it. Paul discribed the bug and provide a testcase. Paul and I develop a workaround for PageKit. More on this ( and the patch ) later. Have a nice day. PS: Wahoo, http://frassle.rura.org is a great application. -- Boris |
|
From: Shimon R. <sh...@ru...> - 2004-07-16 23:38:30
|
Hi, I'm not sure if this is the place to ask this question, but perhaps you can help (or point me somewhere more appropriate). I've got a pagekit site at http://frassle.rura.org which runs on Apache2. The site has one page that contains a form for posting or editing a message, called note_add_edit. When you type your note and click the submit button, it submits to note_add_edit_2. Sometimes, though not with any pattern I've been able to uncover, note_add_edit_2 does not get some of the form fields, such as the note body. An empty body is allowed, so it is unfortunately very easy to overwrite an existing note with a blank. To debug this, I've edited the pagekit subroutine for note_add_edit_2 so that it logs the names and values of all $model->input's as soon as note_add_edit_2 is called. When the buggy behavior occurs, the body field is not present. It's not even empty, it's simply not there. The title field and an ID field that occur before it in the form seem to always be there. This behavior seems slightly more common when the body is large, but I don't know if this has anything to do with it. To verify that it wasn't a browser malfunction, I just tried reproducing the bug with a packet sniffer listening. It looks like the POST request *does* contain all the fields, but they do not seem to be available to $model->input in pagekit. Any ideas what this might be? A bug in libapreq (had those before!)? A bug in apache? Perhaps in pagekit? This is very frustrating since I have only been able to reproduce it on my production server, and it's apparently unpredictable. If I had to guess, I'd say maybe it's the POST request parser going haywire, though I'd be at a loss for how to debug it. Any help is greatly appreciated. shimon. |
|
From: subs <su...@sn...> - 2004-07-13 20:53:08
|
Russell,
sub mypage {
my $model = shift;
my (@param_names) = $model->pkit_query();
...
}
Have a look at pkit_query in Apache::PageKit::Model,
and in http://search.cpan.org/~samtregar/HTML-Template-2.6/Template.pm
"Just like param(), query() with no arguements returns all the parameter
names in the template at the top level."
Ben
> Hey all,
>
> I know that PageKit is based upon HTML::Template.
> HTML::Template allows you retrieve a list of all TMPL_VAR
> (and TMPL_IF/UNLESS) elements as shown in the documentation:
>
> -----------------------------------------------------------
> 1) To return a list of parameters in the template :
> my @parameter_names = $self->param();
> -----------------------------------------------------------
>
> This works well. Is there any way to retrieve the element
> list under PageKit? If not, I assume it wouldn't be too hard
> to add in. I just wanted to see if a method like this
> existed (been using PageKit for quite a while and haven't
> seen it in the docs).
>
> Thanks,
> Russell
|
|
From: Russell D. W. <rw...@in...> - 2004-07-13 20:34:45
|
Hey all,
I know that PageKit is based upon HTML::Template. HTML::Template allows you
retrieve a list of all TMPL_VAR (and TMPL_IF/UNLESS) elements as shown in
the documentation:
-----------------------------------------------------------
1) To return a list of parameters in the template :
my @parameter_names = $self->param();
-----------------------------------------------------------
This works well. Is there any way to retrieve the element list under
PageKit? If not, I assume it wouldn't be too hard to add in. I just wanted
to see if a method like this existed (been using PageKit for quite a while
and haven't seen it in the docs).
Thanks,
Russell
|
|
From: Boris Z. <bz...@2b...> - 2004-07-13 14:32:29
|
Hi Sean,
Whops, I forgot the list ;-)
Sean Lee schrieb:
> Dear Boris,
>
> >Yes, it is security. For a user that is logged in, the user info is used
> > to
> >
> >validate the cookie. This is to protect you against guessed cookies. Or
> >Login
> >as someone else.
>
> If so, instead of making new session data in say, database, wouldn't it
> make more sense to store this hash of username and password in session,
> which was created already (and would be able to control expiration of, in
> config file)?
I think I did not really understand what expiration you mean, or even better
what function you miss. Since you get your session back whenever you login
again.
> And auth_session_key to check this value from session data?
Also here, what does it buy me? Where is the difference beside, that I
duplicate the data from the pkit_user table into the session?
> I mean, instead of making new session and when logged out falling back to
> new session,
I suppose you mean 'fallback to old session'. This can easy added as a config
option if you need that.
But think on this, you fill a shopping chart as a anon user. Then you log in.
The sessions are merged. You drop some items. Then you log out. And login
again. The dropped Items are back again.
> making one session at startup, if someone logs in, then in the
> session we already created, store new hash and tick to say that this user
> is logged in, and when they logout, simply remove this hash from the
> session? Better even, as a new column in session table, so it's easier to
> check if user is online or not and make list of logged in users and to
> search information within logged in users (eg: using only SQL)?
Nothing prevents you from adding a column to pkit_user ( or any other table ).
Just add a
$dbh->do(q{
UPDATE
pkit_user
SET
last_visite = ?
WHERE
user_id = ?
}, {}, time(), $user_id
);
near the end of 'pkit_auth_session_key'. And later search for all users, that
where active in the last time on a page of your choice ;-).
sub list_active_users {
my $model = shift;
# search all visitors in the last 30 min's
my $time = time() - 30 * 60;
$model->output( active_users =>
$model->dbh->selectall_arrayref(q{
SELECT name,email FROM pkit_user WHERE last_visite >= ? },
{ Slice => {} }, $time
)
);
}
>
> >Either you use apache2 with a broken libapreq2 or you did not use
> >pkit_remember just add it to your login as hidden parameter.
> >http://pagekit.org/guide/ch02s04.html
>
> Ohhh, I didn't know about pkit_remember :-) sorry.
>
> Thank you Boris,
> Sean
>
--
Boris
|
|
From: Sean L. <se...@ch...> - 2004-07-13 12:56:12
|
You are answer to all of my problems! Enlightenment!
-----Original Message-----
From: pag...@li...
[mailto:pag...@li...] On Behalf Of Boris
Zentner
Sent: Tuesday, July 13, 2004 1:16 AM
To: pag...@li...
Subject: Re: [Pagekit-users] using HTML in Content.xml
Hi Sean,
Am Dienstag 13 Juli 2004 08:54 schrieb Sean Lee:
> Hello All,
>
> ?
>
> First question is, is there any way to use HTML inside content xml =
file?
>
> ?
>
> Eg:
>
> <de xml:lang=3D"en"><strong>G</strong>erman</de>
>
> <en xml:lang=3D"en">E<strong>n</strong>glish</en>
>
Yes,=20
<de xml:lang=3D"en"><![CDATA[<strong>G</strong>erman]]></de>
<en xml:lang=3D"en"><![CDATA[E<strong>n</strong>glish]]></en>
> ?
>
> Second question is, is it possible to specify <MODEL_VAR name> in =
content
> xml file instead of in tmpl file?
>
Yes, just the same way was for html data.
> I needed this because in some languages, position of =
=A2=AE(r)name=A2=AE? might
change.
>
> ?
>
> Eg:
>
> ?
>
> <de xml:lang=3D=A2=AE=A1=BEen=A2=AE=A1=BE>My name is <MODEL_VAR =
name></de>
>
> <de xml:lang=3D=A2=AE=A1=BEzh=A2=AE=A1=BE><MODEL_VAR name> is my =
name</de>
>
> ?
Another way might be to use different tmpl files and chooce them by the=20
language. For example if your page is called "apage"
sub apage {
# do whatever
....
if ( $model->pkit_lang eq 'xy' ) {
$model->pkit_internal_redirect('extra_template_for_xy');
}
}
>
> Thanks!
>
> Sean
--=20
Boris
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -=20
digital self defense, top technical experts, no vendor pitches,=20
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Pagekit-users mailing list
Pag...@li...
https://lists.sourceforge.net/lists/listinfo/pagekit-users
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.719 / Virus Database: 475 - Release Date: 12/07/2004
=20
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.719 / Virus Database: 475 - Release Date: 12/07/2004
=20
|
|
From: Sean L. <se...@ch...> - 2004-07-13 12:55:23
|
Dear Boris, >Yes, it is security. For a user that is logged in, the user info is used to >validate the cookie. This is to protect you against guessed cookies. Or >Login >as someone else. If so, instead of making new session data in say, database, wouldn't it make more sense to store this hash of username and password in session, which was created already (and would be able to control expiration of, in config file)? And auth_session_key to check this value from session data? I mean, instead of making new session and when logged out falling back to new session, making one session at startup, if someone logs in, then in the session we already created, store new hash and tick to say that this user is logged in, and when they logout, simply remove this hash from the session? Better even, as a new column in session table, so it's easier to check if user is online or not and make list of logged in users and to search information within logged in users (eg: using only SQL)? >Either you use apache2 with a broken libapreq2 or you did not use >pkit_remember just add it to your login as hidden parameter. >http://pagekit.org/guide/ch02s04.html Ohhh, I didn't know about pkit_remember :-) sorry. Thank you Boris, Sean --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.719 / Virus Database: 475 - Release Date: 12/07/2004 |
|
From: Boris Z. <bz...@2b...> - 2004-07-13 10:50:26
|
Hi Sean, Am Dienstag 13 Juli 2004 08:28 schrieb Sean Lee: > Hello Group, > > I was wondering why pagekit maintains 2 different cookies and manage 2 > different session data (if I'm right about this). For users that are > logged in and that are not. Is there any reason let it be security, or any > other reason for this? Yes, it is security. For a user that is logged in, the user info is used to validate the cookie. This is to protect you against guessed cookies. Or Login as someone else. > > If I set not to expire cookie by putting (+100y) in config, visitor session > cookie will stay for that long, but when they login and logout they get > reset anyways to new session, so I don't know what is the good thing about > setting it long. And is there any way to have authenticate session to not > to expire? Either you use apache2 with a broken libapreq2 or you did not use pkit_remember just add it to your login as hidden parameter. http://pagekit.org/guide/ch02s04.html > > So much stuff about pagekit session management doesn't really make good > sense to me can someone explain why it was implemented that way > (maintaining 2 different sessions for logged in and not logged in) in > detail? Or is there good practical way to have only one session for > pagekit? Maybe you can modify pkit_auth_credential and pkit_auth_session_key to share the same cookie ( server side ) but you loose the validation, that this cookie is valid only for this user! Also note, that by default the session data from the anon session to the logged user's session is carrired over so there is no loose of data. Just the desired no way back to the anon session. > > Thank you > Sean -- Boris |
|
From: Boris Z. <bz...@2b...> - 2004-07-13 08:16:46
|
Hi Sean,
Am Dienstag 13 Juli 2004 08:54 schrieb Sean Lee:
> Hello All,
>
> ?
>
> First question is, is there any way to use HTML inside content xml file?
>
> ?
>
> Eg:
>
> <de xml:lang=3D"en"><strong>G</strong>erman</de>
>
> <en xml:lang=3D"en">E<strong>n</strong>glish</en>
>
Yes,=20
<de xml:lang=3D"en"><![CDATA[<strong>G</strong>erman]]></de>
<en xml:lang=3D"en"><![CDATA[E<strong>n</strong>glish]]></en>
> ?
>
> Second question is, is it possible to specify <MODEL_VAR name> in content
> xml file instead of in tmpl file?
>
Yes, just the same way was for html data.
> I needed this because in some languages, position of =A1=AEname=A1=AF mig=
ht change.
>
> ?
>
> Eg:
>
> ?
>
> <de xml:lang=3D=A1=B1en=A1=B1>My name is <MODEL_VAR name></de>
>
> <de xml:lang=3D=A1=B1zh=A1=B1><MODEL_VAR name> is my name</de>
>
> ?
Another way might be to use different tmpl files and chooce them by the=20
language. For example if your page is called "apage"
sub apage {
# do whatever
....
if ( $model->pkit_lang eq 'xy' ) {
$model->pkit_internal_redirect('extra_template_for_xy');
}
}
>
> Thanks!
>
> Sean
=2D-=20
Boris
|
|
From: Sean L. <se...@ch...> - 2004-07-13 06:55:38
|
Hello All, ? First question is, is there any way to use HTML inside content xml file? ? Eg: <de xml:lang=3D"en"><strong>G</strong>erman</de> <en xml:lang=3D"en">E<strong>n</strong>glish</en> ? Second question is, is it possible to specify <MODEL_VAR name> in = content xml file instead of in tmpl file? I needed this because in some languages, position of =A1=AEname=A1=AF = might change. ? Eg: ? <de xml:lang=3D=A1=B1en=A1=B1>My name is <MODEL_VAR name></de> <de xml:lang=3D=A1=B1zh=A1=B1><MODEL_VAR name> is my name</de> ? Thanks! Sean --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.719 / Virus Database: 475 - Release Date: 12/07/2004 =20 |
|
From: Sean L. <se...@ch...> - 2004-07-13 06:29:46
|
Hello Group, I was wondering why pagekit maintains 2 different cookies and manage 2 different session data (if I'm right about this). For users that are logged in and that are not. Is there any reason let it be security, or any other reason for this? If I set not to expire cookie by putting (+100y) in config, visitor session cookie will stay for that long, but when they login and logout they get reset anyways to new session, so I don't know what is the good thing about setting it long. And is there any way to have authenticate session to not to expire? So much stuff about pagekit session management doesn't really make good sense to me can someone explain why it was implemented that way (maintaining 2 different sessions for logged in and not logged in) in detail? Or is there good practical way to have only one session for pagekit? Thank you Sean --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.719 / Virus Database: 475 - Release Date: 12/07/2004 |
|
From: Sean L. <se...@ch...> - 2004-07-08 00:31:15
|
Ahha-ha, right I don't even need to pass session data! Thanks Boris! Sean -----Original Message----- From: pag...@li... [mailto:pag...@li...] On Behalf Of Boris Zentner Sent: Wednesday, July 07, 2004 6:21 PM To: pag...@li... Subject: Re: [Pagekit-users] sessions, one link login Hi Sean, Am Dienstag 06 Juli 2004 18:39 schrieb Sean Lee: > Dear Boris, > > Thank you for the reply! > Actually I had resolved this just today and the other problem > > For the saving username always wise, I just made new cookie and stored > independently, not in session. > > And for the one click login problem I have resolved much same method as you > described here. The reason why I needed that was because I have another > interface (not web) and when the link is clicked, I wanted to use web > without login screen because this user already authenticated thru other > interface and I have user-id or this user already. > > Method I used was, > > Display: http://www.somewhere.com/app?session=sad87das8d8a6d8ad to user > > sub app { > my $model = shift; > my $session = $model->input('session'); > > $model->pkit_redirect("/real_app?pkit_login=1&pkit_done=/real_app&session=$ >s ession"); > } I think you have sloved the problem very nice! Joining both ideas without errorchecking gives sub app { my $model = shift; # session is already ( or must/should be ) in our input bag $model->input( pkit_done => 'http://myhost/real_app', pkit_login => 1 ); $model->{pkit_pk}->login; $model->pkit_status_code(REDIRECT); } this saves one more turnaround from client <=> server and did not pass the session argument around between the two. But this is not so interesting since we pass it already ;-) > > This 'app' is just to show user nice link without pkit_login and other > stuff. > > 'real_app' is protected page that I require to open up > > After this, I have modified pkit_auth_credential sub to check of > input('session') and check if session (not real session, just unique hash > that I made and stored in users table when my different application wrote > the link, so that this is always changing) matches with hash that I > separately stored in db and return ses_key without requiring username and > password. -- Boris ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Pagekit-users mailing list Pag...@li... https://lists.sourceforge.net/lists/listinfo/pagekit-users --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.712 / Virus Database: 468 - Release Date: 27/06/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.712 / Virus Database: 468 - Release Date: 27/06/2004 |
|
From: Boris Z. <bz...@2b...> - 2004-07-07 16:48:49
|
Hi, Am Mittwoch 07 Juli 2004 18:03 schrieb Shimon Rura: > Hi, > > I've been running my site on Apache 2.0 + pagekit 2.14_06 for a few weeks > and find that it is much faster than my old apache 1.2 configuration. > However some users have complained that when they login with > pkit_remember=1, they are subsequently logged out after some time passes. > If they do not select that parameter, they can stay logged in for the > duration of their browser session. > > I couldn't replicate this on my development server (running apache 1.2). I > also had no problem using my own account on the 2.0 production server, > where my remembered cookie had kept me logged in for months. Testing on a > clean browser with the 2.0 server, I did experience the problem. > > Inspecting the cookies, I found that the ones issued from a 2.0 server were > set to expire 5 minutes after their issue, while the 1.2-originated cookies > would expire after 10 years. This seems to only affect permanent cookies > issued with pkit_remember set to true from the login form. > > Has the handling of pkit_remember-ed cookie changed between pagekit 1 and > 2? Could a default that is was relying upon in mod_perl have changed? > Ideas? > The handling have not changed between A::P 1 and A::P 2. But there was a error in every version of libapreq2 that discards the coockies 1000 times to early. Perhaps that is the error. You can try this package, where the error is not present: http://eg.2bz.de/httpd-apreq-2-19042004.tar.gz or in the new developer release it is also fixed. http://search.cpan.org/CPAN/authors/id/J/JO/JOESUF/libapreq2-2.03_04-dev.tar.gz any other version do not handle the cockies correct. > thanks, > shimon. > -- Boris |
|
From: Shimon R. <sh...@ru...> - 2004-07-07 16:03:30
|
Hi, I've been running my site on Apache 2.0 + pagekit 2.14_06 for a few weeks and find that it is much faster than my old apache 1.2 configuration. However some users have complained that when they login with pkit_remember=1, they are subsequently logged out after some time passes. If they do not select that parameter, they can stay logged in for the duration of their browser session. I couldn't replicate this on my development server (running apache 1.2). I also had no problem using my own account on the 2.0 production server, where my remembered cookie had kept me logged in for months. Testing on a clean browser with the 2.0 server, I did experience the problem. Inspecting the cookies, I found that the ones issued from a 2.0 server were set to expire 5 minutes after their issue, while the 1.2-originated cookies would expire after 10 years. This seems to only affect permanent cookies issued with pkit_remember set to true from the login form. Has the handling of pkit_remember-ed cookie changed between pagekit 1 and 2? Could a default that is was relying upon in mod_perl have changed? Ideas? thanks, shimon. |
|
From: Boris Z. <bz...@2b...> - 2004-07-07 09:40:13
|
Am Mittwoch 07 Juli 2004 11:21 schrieb Boris Zentner: Hi Sean, > [..] > > Method I used was, > > > > Display: http://www.somewhere.com/app?session=sad87das8d8a6d8ad to user > > > > sub app { > > my $model = shift; > > my $session = $model->input('session'); > > > > $model->pkit_redirect("/real_app?pkit_login=1&pkit_done=/real_app&session > >=$ s ession"); > > } > > I think you have sloved the problem very nice! Joining both ideas without > errorchecking gives > > sub app { > my $model = shift; > # session is already ( or must/should be ) in our input bag > $model->input( > pkit_done => 'http://myhost/real_app', > pkit_login => 1 > ); > $model->{pkit_pk}->login; > $model->pkit_status_code(REDIRECT); > } > > this saves one more turnaround from client <=> server and did not pass the > session argument around between the two. But this is not so interesting > since we pass it already ;-) One more hint, if you can design the link as you like, we can remove sub app completely if your link looks like this: http://www.somewhere.com/app?session=sad87das8d8a6d8ad&pkit_login=1&pkit_done=http% 3A%2F%2Fwww.somewhere.com%2Freal_app -- Boris |
|
From: Boris Z. <bz...@2b...> - 2004-07-07 09:21:14
|
Hi Sean, Am Dienstag 06 Juli 2004 18:39 schrieb Sean Lee: > Dear Boris, > > Thank you for the reply! > Actually I had resolved this just today and the other problem > > For the saving username always wise, I just made new cookie and stored > independently, not in session. > > And for the one click login problem I have resolved much same method as you > described here. The reason why I needed that was because I have another > interface (not web) and when the link is clicked, I wanted to use web > without login screen because this user already authenticated thru other > interface and I have user-id or this user already. > > Method I used was, > > Display: http://www.somewhere.com/app?session=sad87das8d8a6d8ad to user > > sub app { > my $model = shift; > my $session = $model->input('session'); > > $model->pkit_redirect("/real_app?pkit_login=1&pkit_done=/real_app&session=$ >s ession"); > } I think you have sloved the problem very nice! Joining both ideas without errorchecking gives sub app { my $model = shift; # session is already ( or must/should be ) in our input bag $model->input( pkit_done => 'http://myhost/real_app', pkit_login => 1 ); $model->{pkit_pk}->login; $model->pkit_status_code(REDIRECT); } this saves one more turnaround from client <=> server and did not pass the session argument around between the two. But this is not so interesting since we pass it already ;-) > > This 'app' is just to show user nice link without pkit_login and other > stuff. > > 'real_app' is protected page that I require to open up > > After this, I have modified pkit_auth_credential sub to check of > input('session') and check if session (not real session, just unique hash > that I made and stored in users table when my different application wrote > the link, so that this is always changing) matches with hash that I > separately stored in db and return ses_key without requiring username and > password. -- Boris |
|
From: Sean L. <se...@ch...> - 2004-07-07 08:40:42
|
Dear Boris, Thank you for the reply! Actually I had resolved this just today and the other problem For the saving username always wise, I just made new cookie and stored independently, not in session. And for the one click login problem I have resolved much same method as you described here. The reason why I needed that was because I have another interface (not web) and when the link is clicked, I wanted to use web without login screen because this user already authenticated thru other interface and I have user-id or this user already. Method I used was, Display: http://www.somewhere.com/app?session=sad87das8d8a6d8ad to user sub app { my $model = shift; my $session = $model->input('session'); $model->pkit_redirect("/real_app?pkit_login=1&pkit_done=/real_app&session=$s ession"); } This 'app' is just to show user nice link without pkit_login and other stuff. 'real_app' is protected page that I require to open up After this, I have modified pkit_auth_credential sub to check of input('session') and check if session (not real session, just unique hash that I made and stored in users table when my different application wrote the link, so that this is always changing) matches with hash that I separately stored in db and return ses_key without requiring username and password. I tested this and works perfectly :-) I will also try your method and see if I can use that also, again, thank you very much Boris for so much help! Thank you, Sean -----Original Message----- From: pag...@li... [mailto:pag...@li...] On Behalf Of Boris Zentner Sent: Wednesday, July 07, 2004 4:41 PM To: pag...@li... Subject: Re: [Pagekit-users] sessions, one link login HI Sean, Am Montag 05 Juli 2004 18:56 schrieb Sean Lee: > 2. I'm trying to make hash that looks like (asd78f98asdd78a87s..) and apply > on page that I want to view which is protected by pagekit.? Ok, I'm not > making myself clear :-)? What I want to do is... > > 1) email user with HYPERLINK > "http://somewhere/protected_page_that_requires_login?sess=asd78f98asdd78a87 >s " in content > 2) user clicks above > 3) although it's protected page where by default will forward to login > page, it will just show the page > 4) if I go anywhere from here to other protected pages, I want it possible > to do so without login (I'm already logged in by using that > asd78f98asdd78a87s; practically, by using hash I want to login) Here is a possible solutions, but why do you protect the pages and supply the key with the other hand? I simplified the solution a bit to http://somewhere/check_your_key?sess=asd78f98asdd78a87s;pkit_done=protected_ page_that_requires_login which you can write as http://somewhere/locked/protected_page_that_requires_login?sess=asd78f98asdd 78a87s where the done part is extracted from your url and the above page needs not to exist at all. But thats to much at once ;-) Here is the code. use Apache::Const qw(OK REDIRECT DECLINED); sub check_your_key { my $model = shift; my $sess = $model->input('sess'); if ( $model->output('pkit_login') ) { # we are already logged in. $model->pkit_redirect('http://target.xy/page'); return; } if ( $sess ) { # assuming sess ( your hash ) is valid map it to a user $model->input( login => 'qwert', passwd => 'sectret', pkit_done => 'http://target.xy/page', pkit_login => 1 ); if ( $model->{pkit_pk}->login ) { $model->pkit_status_code(REDIRECT); return; } } # something went wrong. $model->pkit_redirect( '/' . $model->pkit_get_default_page ); } Now this solution must be modified to your needs. One thing to watch for is that the mapping from your hash to a real user maps also all the same users into the same session. This might be not what you have in mind. If you want fresh different sessions whenever the same user logs in without a valid session cockie modify pkit_auth_session_key and pkit_auth_credential for your needs. Otherwise perhaps every user gets a different mail and the above preoblem did not show up. -- Boris ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Pagekit-users mailing list Pag...@li... https://lists.sourceforge.net/lists/listinfo/pagekit-users --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.712 / Virus Database: 468 - Release Date: 27/06/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.712 / Virus Database: 468 - Release Date: 27/06/2004 |
|
From: Boris Z. <bz...@2b...> - 2004-07-07 07:41:42
|
HI Sean,
Am Montag 05 Juli 2004 18:56 schrieb Sean Lee:
> 2. I'm trying to make hash that looks like (asd78f98asdd78a87s..) and apply
> on page that I want to view which is protected by pagekit.? Ok, I'm not
> making myself clear :-)? What I want to do is...
>
> 1) email user with HYPERLINK
> "http://somewhere/protected_page_that_requires_login?sess=asd78f98asdd78a87
>s " in content
> 2) user clicks above
> 3) although it's protected page where by default will forward to login
> page, it will just show the page
> 4) if I go anywhere from here to other protected pages, I want it possible
> to do so without login (I'm already logged in by using that
> asd78f98asdd78a87s; practically, by using hash I want to login)
Here is a possible solutions, but why do you protect the pages and supply the
key with the other hand?
I simplified the solution a bit to
http://somewhere/check_your_key?sess=asd78f98asdd78a87s;pkit_done=protected_page_that_requires_login
which you can write as
http://somewhere/locked/protected_page_that_requires_login?sess=asd78f98asdd78a87s
where the done part is extracted from your url and the above page needs not to
exist at all. But thats to much at once ;-)
Here is the code.
use Apache::Const qw(OK REDIRECT DECLINED);
sub check_your_key {
my $model = shift;
my $sess = $model->input('sess');
if ( $model->output('pkit_login') ) {
# we are already logged in.
$model->pkit_redirect('http://target.xy/page');
return;
}
if ( $sess ) {
# assuming sess ( your hash ) is valid map it to a user
$model->input(
login => 'qwert',
passwd => 'sectret',
pkit_done => 'http://target.xy/page',
pkit_login => 1
);
if ( $model->{pkit_pk}->login ) {
$model->pkit_status_code(REDIRECT);
return;
}
}
# something went wrong.
$model->pkit_redirect( '/' . $model->pkit_get_default_page );
}
Now this solution must be modified to your needs. One thing to watch for is
that the mapping from your hash to a real user maps also all the same users
into the same session. This might be not what you have in mind. If you want
fresh different sessions whenever the same user logs in without a valid
session cockie modify pkit_auth_session_key and pkit_auth_credential for your
needs. Otherwise perhaps every user gets a different mail and the above
preoblem did not show up.
--
Boris
|
|
From: Boris Z. <bz...@2b...> - 2004-07-06 13:44:54
|
Hi Sean,
Am Montag 05 Juli 2004 18:56 schrieb Sean Lee:
> 3. I'm trying to see if I can set pkit_lang from database. So when user
> logs in, I want to 'force' certain content to be used, maybe without
> rewriting first page with hostname?pkit_lang="xx" and relocate. Is this
> possible?
Sure the best is to do it ASAP. If you do not need a session for that,
pkit_fixup_uri is a nice place:
sub pkit_fixup_uri {
my ( $model, $uri ) = @_;
my @lang = qw/ de en hv ja /;
$model->input( pkit_lang => $lang[int(rand(@lang))] );
$uri;
}
Or somewhat later in you model code do:
$model->input(pkit_lang => 'de');
Or force the user to a new language forever with
$model->session->{pkit_lang} = 'de';
or perhaps
$model->input( pkit_lang => $model->session->{pkit_lang} = 'de' );
But every user sends his favorite language already with the 'Accept-Language'
header.
--
Boris
|
|
From: Sean L. <se...@ch...> - 2004-07-06 08:57:21
|
Sorry I forgot to add subject ;-) And I had some encoding breakup so I'm sending same message again. -----Original Message----- From: Sean Lee [mailto:se...@ch...] Sent: Tuesday, July 06, 2004 1:47 AM To: 'pag...@li...' Subject: Hello all, ? I have trouble with session, and some more questions, probably I don't understand something though, if anyone can help or give their 2 cents, it will be very appreciated. ? 1. I am trying to make my first page and the login page, to remember the username that they had put in before with little checkbox called 'remember username' checked on. It looks that session data gets reset and that it uses two different sessions or cookies which erases each other out and I'm having hard time saving data that should always, logged in or not to stay. 2. I'm trying to make hash that looks like (asd78f98asdd78a87s..) and apply on page that I want to view which is protected by pagekit.? Ok, I'm not making myself clear :-)? What I want to do is... 1) email user with HYPERLINK "http://somewhere/protected_page_that_requires_login?sess=asd78f98asdd78a87s " in content 2) user clicks above 3) although it's protected page where by default will forward to login page, it will just show the page 4) if I go anywhere from here to other protected pages, I want it possible to do so without login (I'm already logged in by using that asd78f98asdd78a87s; practically, by using hash I want to login) 3. I'm trying to see if I can set pkit_lang from database. So when user logs in, I want to 'force' certain content to be used, maybe without rewriting first page with hostname?pkit_lang="xx" and relocate. Is this possible? Thank you, Sean --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.712 / Virus Database: 468 - Release Date: 27/06/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.712 / Virus Database: 468 - Release Date: 27/06/2004 |
|
From: Sean L. <se...@ch...> - 2004-07-06 08:48:20
|
Hello all, ? I have trouble with session, and some more questions, probably I = don=A1=AFt understand something though, if anyone can help or give their 2 cents, it will be very appreciated. ? 1. I am trying to make my first page and the login page, to remember the username that they had put in before with little checkbox called = =A1=AEremember username=A1=AF checked on.? It looks that session data gets reset and = that it uses two different sessions or cookies which erases each other out and = I=A1=AFm having hard time saving data that should always, logged in or not to = stay. ? 2. I=A1=AFm trying to make hash that looks like (asd78f98asdd78a87s..) = and apply on page that I want to view which is protected by pagekit.? Ok, I=A1=AFm = not making myself clear :-)? What I want to do is=A1=A6 ? 1)????? email user with HYPERLINK "http://somewhere/protected_page_that_requires_login?sess=3Dasd78f98asdd7= 8a87s "http://somewhere/protected_page_that_requires_login?sess=3Dasd78f98asdd7= 8a87s in content 2)????? user clicks above 3)????? although it=A1=AFs protected page where by default will forward = to login page, it will just show the page 4)????? if I go anywhere from here to other protected pages, I want it possible to do so without login (I=A1=AFm already logged in by using = that asd78f98asdd78a87s) ? 3. I=A1=AFm trying to see if I can set pkit_lang from database. ?So when = user logs in, I want to =A1=AEforce=A1=AF certain content to be used. ? Thank you, Sean --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.712 / Virus Database: 468 - Release Date: 27/06/2004 =20 |
|
From: Sean L. <se...@ch...> - 2004-06-25 09:39:56
|
Thank you Boris!! I'll investigate more and if I find any 'specific' things that I can't understand I'll refer back to you :-) I feel sorry topic being broad. Thanks millions! Sean -----Original Message----- From: Boris Zentner [mailto:bz...@2b...] Sent: Friday, June 25, 2004 3:44 PM To: Sean Lee Cc: pag...@li... Subject: Re: [Pagekit-users] RE: PageKit Hi Sean, Am Donnerstag 24 Juni 2004 11:23 schrieb Sean Lee: > Nice, it works!! Tin-q Boris!! > I have tried editing file with editor and save it and it works with all of > 3 languages correctly. (HZ KO JA from internet explorer languages > preferences) > > Now, let me have MySQL setup and testing along with Content .xml and MySQL > data together, if they consistently display characters fine. > > Some questions, > > - Like you said, textarea doesn't display correctly, is there anyway to get > this field to do it correctly? (like for say, if I need to make file editor > on web to modify content.xml files online?) > Textarea should work fine, but at least on the display side. The problem is basicly you send data to the client with some encoding, and the client send it back in another encoding. Unfortunely Mozilla and IE do it different. So you need some action to parse the input. I investigate the textarea thing. Often it is a lost UTF8 flag. > - Is there any way to NOT to use UTF-8 encoding setting on 'browser' and > display language correctly on web with choosing 'Japanese (Auto-detect)'? > Currently I must choose UTF-8, while this will help other charsets (KO,HZ) > to display correctly, but is there way to have browser on 'Japanese > (Auto-detect)' encoding mode and just display Japanese correctly and have > other two (KO,HZ) broken? And vise versa? (While I'm on KO encoding for > Korean, Japanese and Chinese characters break?) I do not understand all this, but what is broken, if you look at the page in UTF8? Then all three languages should be ok. Otherwise the encoding is broken somewhere. And there should be no need to force the browser to use utf8 encoding, the browser should chooce the right encoding if you allow it ( autoencoding ). > > - If I remember it correctly, using these charsets had some weird problems > with fillinform, but I'll find more on this before I ask > > Anyways, Thank you so much Boris! > !!!!! [...] -- Boris |
|
From: Boris Z. <bz...@2b...> - 2004-06-25 06:40:09
|
Hi Sean, Am Donnerstag 24 Juni 2004 11:23 schrieb Sean Lee: > Nice, it works!! Tin-q Boris!! > I have tried editing file with editor and save it and it works with all of > 3 languages correctly. (HZ KO JA from internet explorer languages > preferences) > > Now, let me have MySQL setup and testing along with Content .xml and MySQL > data together, if they consistently display characters fine. > > Some questions, > > - Like you said, textarea doesn't display correctly, is there anyway to get > this field to do it correctly? (like for say, if I need to make file editor > on web to modify content.xml files online?) > Textarea should work fine, but at least on the display side. The problem is basicly you send data to the client with some encoding, and the client send it back in another encoding. Unfortunely Mozilla and IE do it different. So you need some action to parse the input. I investigate the textarea thing. Often it is a lost UTF8 flag. > - Is there any way to NOT to use UTF-8 encoding setting on 'browser' and > display language correctly on web with choosing 'Japanese (Auto-detect)'? > Currently I must choose UTF-8, while this will help other charsets (KO,HZ) > to display correctly, but is there way to have browser on 'Japanese > (Auto-detect)' encoding mode and just display Japanese correctly and have > other two (KO,HZ) broken? And vise versa? (While I'm on KO encoding for > Korean, Japanese and Chinese characters break?) I do not understand all this, but what is broken, if you look at the page in UTF8? Then all three languages should be ok. Otherwise the encoding is broken somewhere. And there should be no need to force the browser to use utf8 encoding, the browser should chooce the right encoding if you allow it ( autoencoding ). > > - If I remember it correctly, using these charsets had some weird problems > with fillinform, but I'll find more on this before I ask > > Anyways, Thank you so much Boris! > !!!!! [...] -- Boris |
|
From: Sean L. <se...@ch...> - 2004-06-25 01:23:55
|
Nice, it works!! Tin-q Boris!! I have tried editing file with editor and save it and it works with all of 3 languages correctly. (HZ KO JA from internet explorer languages preferences) Now, let me have MySQL setup and testing along with Content .xml and MySQL data together, if they consistently display characters fine. Some questions, - Like you said, textarea doesn't display correctly, is there anyway to get this field to do it correctly? (like for say, if I need to make file editor on web to modify content.xml files online?) - Is there any way to NOT to use UTF-8 encoding setting on 'browser' and display language correctly on web with choosing 'Japanese (Auto-detect)'? Currently I must choose UTF-8, while this will help other charsets (KO,HZ) to display correctly, but is there way to have browser on 'Japanese (Auto-detect)' encoding mode and just display Japanese correctly and have other two (KO,HZ) broken? And vise versa? (While I'm on KO encoding for Korean, Japanese and Chinese characters break?) - If I remember it correctly, using these charsets had some weird problems with fillinform, but I'll find more on this before I ask Anyways, Thank you so much Boris! !!!!! -----Original Message----- From: pag...@li... [mailto:pag...@li...] On Behalf Of Boris Zentner Sent: Friday, June 25, 2004 8:47 AM To: pag...@li... Subject: Re: [Pagekit-users] RE: PageKit Hi Sean, Am Donnerstag 24 Juni 2004 07:38 schrieb Sean Lee: > Hello All, > > I am wondering if pagekit supports, or if it's not the pagekit, how to make > general system to support CJK charset in Content model. I need to have Just to be sure, by content you mean <PKIT_CONTENT sommething> right? > Content XML file to have Chinese, Korean, Japanese characters and switch I think it should work, but these charsets are unknown to me. Lets try it out. - First I do not know the charsets, how are the names for the three? - Is it possible to express all three in one common charset (UTF8 perhaps?)? my favorite charset is ISO-8859-1 or nowdays ISO-8859-15. > between them with pkit_lang. > a quick test looks good to me. See the attached files: jap.xml jap.tmpl Copy jap.xml into your Content directory. Copy jap.tmpl into View/Default. Then call http://your_site/jap and you get either the japan version if your favorite lang is ja or the default en version. To force a special version set pkit_lang either with pkit_lang in the url ( http://your_site/jap?pkit_lang=ja ) or from your modelcode. Perhaps you need to change default_input_charset and default_output_charset in your Config.xml to UTF8. There are some more pitfalls that you may encount later, while uploading someting to your server via areatext and serialize data to a database or XS ( C ). If you lose the UTF8 flag you need to restore it yourself. But this is another story. Let me know how it works so far. If you have any difficulty, I try to help on the charset issue. > Thank you, > Sean > -- Boris |
|
From: Boris Z. <bz...@2b...> - 2004-06-24 23:43:20
|
Hi Sean, Am Donnerstag 24 Juni 2004 07:38 schrieb Sean Lee: > Hello All, > > I am wondering if pagekit supports, or if it's not the pagekit, how to make > general system to support CJK charset in Content model. I need to have Just to be sure, by content you mean <PKIT_CONTENT sommething> right? > Content XML file to have Chinese, Korean, Japanese characters and switch I think it should work, but these charsets are unknown to me. Lets try it out. - First I do not know the charsets, how are the names for the three? - Is it possible to express all three in one common charset (UTF8 perhaps?)? my favorite charset is ISO-8859-1 or nowdays ISO-8859-15. > between them with pkit_lang. > a quick test looks good to me. See the attached files: jap.xml jap.tmpl Copy jap.xml into your Content directory. Copy jap.tmpl into View/Default. Then call http://your_site/jap and you get either the japan version if your favorite lang is ja or the default en version. To force a special version set pkit_lang either with pkit_lang in the url ( http://your_site/jap?pkit_lang=ja ) or from your modelcode. Perhaps you need to change default_input_charset and default_output_charset in your Config.xml to UTF8. There are some more pitfalls that you may encount later, while uploading someting to your server via areatext and serialize data to a database or XS ( C ). If you lose the UTF8 flag you need to restore it yourself. But this is another story. Let me know how it works so far. If you have any difficulty, I try to help on the charset issue. > Thank you, > Sean > -- Boris |
13 messages has been excluded from this view by a project administrator.
