Re: [phpesp-dev] preliminary patch: respondent landing page

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 2008-01-15 at 08:17 -0500, Bishop Bettini wrote: 
> 
> We could just salt the password with the realm, making the <username,  
> password, realm> tuple unique and bingo, problem solved.
> 
I think this is the way to go, as long as it's done in a way that
doesn't effect existing data.
> 
> > Does this patch build on the previous patches you've sent?  I hope to
> > have time tomorrow to work on reviewing them.
> 
> Unfortunately, yes.  I'm doing all my patching to phpESP (that's  
> separate from client-specific coding) on a single branch, so I'm  
> building on the previous patches.  In this case, there's some overlap  
> in support files.
> 
> 
> Let me know about the salt approach.
> 
> bishop
> 
> > On Mon, 2008-01-14 at 20:39 -0500, Bishop Bettini wrote:
> >> All,
> >>
> >> Attached is a preliminary patch to support a "landing page" for
> >> respondents.  Here's how it works:  If use_landing = true in
> >> configuration, then public/landing.php opens up.  That pages shows a
> >> login box and any public surveys available in the system.
> >>
> >> A respondent enters their username and password, and if valid, goes to
> >> the landing page.  The landing page has three sections.  The first
> >> section lists the surveys the respondent can currently complete (based
> >> on the same availability logic found elsewhere in the app).  The
> >> second section lists the surveys the respondent has had access to, but
> >> does no longer.  For example, surveys that have moved to "done"
> >> status.  The third section are "tools", where the respondent can
> >> change their password, change their profile, get help, or log out.
> >>
> >> I am not quite done with this.  I need to test a little more,
> >> especially the LDAP part.  If anyone already has an LDAP environment
> >> configured, I'd appreciate a test of this against your server.  I also
> >> need to fill out the help pages.  Any review you can provide would be
> >> appreciated.
> >>
> >> I hope to have this patch finished in the next 24 hours.
> >>
> >> Based on how the system is set up, there is one caveat to using the
> >> landing page: <username,password> tuples must be unique throughout the
> >> system.  Currently, the database says <username,realm> is unique, so
> >> when entering a <username,password>, it's possible that the same
> >> username in two different realms has the same password, in which case,
> >> it's impossible to tell which user is which.  Right now, if the system
> >> detects that case, the user is not allowed to log in.
> >>
> >>
> >> Thoughts?
> >>
> >> bishop
> >>
> >> -------------------------------------------------------------------------
> >> Check out the new SourceForge.net Marketplace.
> >> It's the best place to buy or sell services for
> >> just about anything Open Source.
> >> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> >> _______________________________________________ phpESP-devel   
> >> mailing list php...@li...   
> >> https://lists.sourceforge.net/lists/listinfo/phpesp-devel
> >
> >
> > -------------------------------------------------------------------------
> > Check out the new SourceForge.net Marketplace.
> > It's the best place to buy or sell services for
> > just about anything Open Source.
> > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> > _______________________________________________
> > phpESP-devel mailing list
> > php...@li...
> > https://lists.sourceforge.net/lists/listinfo/phpesp-devel
> >
> 
> 
>