1. Don't use...

if ($submitted_password = "$adminpassword") { &main_admin_login_subroutine; } else { &error; }

...use....

if ($submitted_password eq $adminpassword) { &main_admin_login_subroutine; } else { &error; }

Secondly don't use any of it....lol....there is an easier way.

Open admin.cgi and change....

elsif ($in{'display'} eq 'top') { &html_top; } # Display HTML Top
else { &html_home; } # Display Frame Index page.

......to.......

elsif ($in{'display'} eq 'top') { &html_top; } # Display HTML Top
elsif ($in{'login'} eq 'login') { &html_home; } # Login HTML
else { &html_login; } # Display Frame Index page.

.......then create the new subs in site_html.pl



Paul Wilson.
new - http://www.wiredon.net

Are you going to post it in the Resources section, or are you still perfecting it?

Andy

http://www.ace-installer.com
webmaster@Ace-installer.com

Well I was giving you a few tips so you could do it seeing as you so desperately wanted to.

Paul Wilson.
new - http://www.wiredon.net

Still doesn't work though, just keeps looping back to the login sub routine...

Andy

http://www.ace-installer.com
webmaster@Ace-installer.com

Don't worry, got it working now...

Andy

http://www.ace-installer.com
webmaster@Ace-installer.com

I wasn't saying create the new subs using the code you already have......copy the code for html_home and edit it.

Paul Wilson.
new - http://www.wiredon.net

Hi just noticed this topic.
I'm installing a few things for someone and he wants an admin mod but can't use the .htaccess files on his server.

I've have created something that offers password protection to admin.cgi and other important files in the admin directory. However it has a few drawbacks.

So I'd like to install something which offers a better level of protection but don't have the time to look into it more.

So just interested to know what type/levels of protection these forth coming admin mods will offer?

Good Luck!

Glenn

http://findarom.emusanet.com/comments3/

Hi,

My mod forces the administrator to login each time they visit the admin page only...non of the other cgi files are protected. When they login a cookie is set so that they don't have to login again for the day. I have not yet finished the mod as I've be "trying" to make plugins.

Paul Wilson.
new - http://www.wiredon.net

youadds..

expression not assignment..
"eq" not "="

your mod looks like it'll keep asking for the password for every little thing.. and won't allow forms to work.. ie: at main page.. click to go to add Link.. enter password.. back to main page..

Paul..

session cookie.. the way i did it.. exactly how .htaccess/.htpasswd works..
make sure you make that cookie encrypted with a variable string.. otherwise someone could make a fake cookie like.. "isLoggedIn" = "true" and hack the dB..
don't forget you have to make some code that checks if user is logged in in nph-build.cgi, nph-verify.cgi, nph-email.cgi, and pretty much just make some standard code that will work for any plugins to protect those other admin files from being ran.. ie: send back to the browser Permission Denied/Forbidden status codes..
chmod backup, data, templates folders to not allow public viewing (return Forbidden)

just a few pointers..

Jerry Su
widgetz sucks

ok.. i want everyone that wants to know why to read this..

well.. to relieve myself of further load.. load as in work, stress, etc.
i also wanted to see you guys do the work.. rather than allowing you guys to use my code after i abadon it, i removed as much as i can to make you guys start from scratch or start from 'remnants' of my mod that you guys managed to obtain.

basically, deleting all my mods to allow the development of new/better mods that were created based on the knowledge of my mistakes and not the development of mods that were developed off of my mistakes.

the result should be better mods. I haven't been intact with the Links 2.0 community as I have moved to Java, but I'm sure there have been new mods coming out as always. What I wanted was mods that were created using no knowledge of my code, but knowledge of what my code had to offered.. so in return the creator was able to offer more without the trouble of making the same mistakes I made in offering the wrong things..

Frank8 wasn't the reason I wanted to do this. He was the reason that made me actually do it. Also other little things made me stop making mods for Links 2. Ie: RATHER work with Links SQL, do homework, go out with friends, go to sleep, etc :)

Jerry Su
widgetz sucks

and lastly..

I need to add this. For all the people (still a few) that still email me asking to buy my mods. If you wonder why I don't reply to your emails, here is why. I have deleted all my mods from my hard drive. I do not have the files on a webserver either. They are all gone! :) What's left is in my head.

Note: Head not for sale.

Jerry Su
widgetz sucks

Hi,

Yes I was using cookies for it but hadn't thought of some of the things you mentioned. Thanks.

It is a lot trickier than I first thought as you have to remember that all the other scripts in the admin directory need protecting too but they all have to be setup so that you don't have to login in each time. Therefore cookies are the way to go.

Paul Wilson.
new - http://www.wiredon.net