Jan 20, 2000, 5:05 PM
Veteran (1311 posts)
Jan 20, 2000, 5:05 PM
Post #2 of 17
Views: 7233
ok, widgetz, i wanted to test this out more, so i thought if the cookie has one password in it and a certain user name, that if i change the username in the db it will give me an unauthorized screen or the login screen, but it just logged in. Should this be happening?
------------------
LookHard Search
lookhard.hypermart.net
Lavon Russell
------------------
LookHard Search
lookhard.hypermart.net
Lavon Russell
Jan 20, 2000, 5:29 PM
Veteran (2260 posts)
Jan 20, 2000, 5:29 PM
Post #3 of 17
Views: 7224
the cookies don't work that way..
you're not suppose to be able to edit them that easily so it's loaded in the browsers memory and dumped into the cookie cache until it's needed again..
also.. the code above is different then the one you tested.. i had installed Links 2.0 over again on my hypermart account and found a bunch of premature of script headers due to my different use of printing headers (with CGI.pm)
------------------
Jerry Su
Links SQL Licensed
------------------
you're not suppose to be able to edit them that easily so it's loaded in the browsers memory and dumped into the cookie cache until it's needed again..
also.. the code above is different then the one you tested.. i had installed Links 2.0 over again on my hypermart account and found a bunch of premature of script headers due to my different use of printing headers (with CGI.pm)
------------------
Jerry Su
Links SQL Licensed
------------------
Patricio,
Thanks for providing that option...HOWEVER, this Admin Protection Mod is for people who DO NOT have .htaccess, like Windows NT users and other servers that do not support .htaccess.
See the difference????????
Regards,
------------------
Eliot Lee
Anthro TECH,L.L.C
http://www.anthrotech.com
Be sure to visit the Resource Center for FAQ's, Modifications and Extra Goodies!!
----------------------
Thanks for providing that option...HOWEVER, this Admin Protection Mod is for people who DO NOT have .htaccess, like Windows NT users and other servers that do not support .htaccess.
See the difference????????
Regards,
------------------
Eliot Lee
Anthro TECH,L.L.C
http://www.anthrotech.com
Be sure to visit the Resource Center for FAQ's, Modifications and Extra Goodies!!
----------------------
Jan 21, 2000, 6:36 PM
Veteran (2260 posts)
Jan 21, 2000, 6:36 PM
Post #6 of 17
Views: 7290
here is the other mod.. you can see this mod in action when you look at this mod..
http://www.gossamer-threads.com/...um3/HTML/004702.html
i will post the code in my free time.. right now i'm looking for security holes and bugs
------------------
Jerry Su
Links SQL Licensed
------------------
http://www.gossamer-threads.com/...um3/HTML/004702.html
i will post the code in my free time.. right now i'm looking for security holes and bugs
------------------
Jerry Su
Links SQL Licensed
------------------
Jan 21, 2000, 6:42 PM
Veteran (2260 posts)
Jan 21, 2000, 6:42 PM
Post #7 of 17
Views: 7229
eliot..
i myself have no clue who doesn't have .htaccess .. even the Windows people should have it.. (well at least the ones using Apache).. the people using Windows NT IIS (internet information server) don't have .htaccess/.htpasswd.. but they do have .nsconfig which shows up the same password login thing in any browser..
the only people that aren't allowed to use it are people on services like geocities.. but they can't use cgi so it doesn't matter.. i wanted to make it because i've been making many perl authentication things with Links SQL that it's pretty much just "practice"
if you try the demo on the other thread.. you will notice how it's like htaccess.. however in htaccess you can't log out.. unless you type in a wrong password like
http://username:password@www.url.to/admin/
or something..
------------------
Jerry Su
Links SQL Licensed
------------------
i myself have no clue who doesn't have .htaccess .. even the Windows people should have it.. (well at least the ones using Apache).. the people using Windows NT IIS (internet information server) don't have .htaccess/.htpasswd.. but they do have .nsconfig which shows up the same password login thing in any browser..
the only people that aren't allowed to use it are people on services like geocities.. but they can't use cgi so it doesn't matter.. i wanted to make it because i've been making many perl authentication things with Links SQL that it's pretty much just "practice"
if you try the demo on the other thread.. you will notice how it's like htaccess.. however in htaccess you can't log out.. unless you type in a wrong password like
http://username:password@www.url.to/admin/
or something..
------------------
Jerry Su
Links SQL Licensed
------------------
Uh...widgetz...Many LINK Users have posted problems using .htaccess (and most NT users don't know how to correctly password protect their directories)...THAT is why I suggested the Mod in the first place.
If you look at the many password protection Threads..an internal admin password protection IS needed.
Regards,
------------------
Eliot Lee
Anthro TECH,L.L.C
http://www.anthrotech.com
Be sure to visit the Resource Center for FAQ's, Modifications and Extra Goodies!!
----------------------
If you look at the many password protection Threads..an internal admin password protection IS needed.
Regards,
------------------
Eliot Lee
Anthro TECH,L.L.C
http://www.anthrotech.com
Be sure to visit the Resource Center for FAQ's, Modifications and Extra Goodies!!
----------------------
Jan 22, 2000, 3:45 AM
Enthusiast (706 posts)
Jan 22, 2000, 3:45 AM
Post #9 of 17
Views: 7238
I came across this problem when I installed V2 of links.
My ISP only lets me run scripts from 'cgi-local' so adding .htaccess to the directory where the scripts are renders all the scripts useless to my visitors because it asks for a login and password every time some adds, searchs, modifies, etc.
I tried moving the admin.cgi script to a lower level 'cgi-local/adm' and adding .htacces there. This protected the admin.cgi script, but in moving it, it invalidated all the path names to files and made the admin script useless.
My final solution was to delete the admin.cgi script when not in use.
I would assume that many other people are in a similar situation after seeing the number of threads there are regarding password protection.
------------------
Shaun Hague
Webmaster - Qango.com
http://www.qango.com/central/
My ISP only lets me run scripts from 'cgi-local' so adding .htaccess to the directory where the scripts are renders all the scripts useless to my visitors because it asks for a login and password every time some adds, searchs, modifies, etc.
I tried moving the admin.cgi script to a lower level 'cgi-local/adm' and adding .htacces there. This protected the admin.cgi script, but in moving it, it invalidated all the path names to files and made the admin script useless.
My final solution was to delete the admin.cgi script when not in use.
I would assume that many other people are in a similar situation after seeing the number of threads there are regarding password protection.
------------------
Shaun Hague
Webmaster - Qango.com
http://www.qango.com/central/
Feb 22, 2000, 4:43 PM
Novice (7 posts)
Feb 22, 2000, 4:43 PM
Post #11 of 17
Views: 7222
>>i myself have no clue who doesn't have .htaccess ...
My ISP (PE.net) allows .htaccess and .htpasswd ... but NOT when I need it UNDER my cgi-bin DIRectory.
I paid a gentleman to install Links v2 for me (yes, I was chicken), and it works marvelously. But when HE told me that he was having trouble with .htaccess, I knew it wasn't his nor Links' fault.
- Clint Bradford
[This message has been edited by Clint Bradford (edited February 22, 2000).]
My ISP (PE.net) allows .htaccess and .htpasswd ... but NOT when I need it UNDER my cgi-bin DIRectory.
I paid a gentleman to install Links v2 for me (yes, I was chicken), and it works marvelously. But when HE told me that he was having trouble with .htaccess, I knew it wasn't his nor Links' fault.
- Clint Bradford
[This message has been edited by Clint Bradford (edited February 22, 2000).]
Feb 26, 2000, 12:08 PM
New User (3 posts)
Feb 26, 2000, 12:08 PM
Post #12 of 17
Views: 7249
remember to add .htaccess to your subdirectories in the admin folder..
/admin/backup
/admin/data
are the important ones..
.htaccess
additionally.. chmoding the library files like site_html.pl, site_html_templates.pl, links.def, category.def... ETC to 600 will prevent people from reading it..
------------------
b L u E iC e X
------------------
[This message has been edited by bLuEiCeX (edited February 26, 2000).]
/admin/backup
/admin/data
are the important ones..
.htaccess
Code:
deny from alladditionally.. chmoding the library files like site_html.pl, site_html_templates.pl, links.def, category.def... ETC to 600 will prevent people from reading it..
------------------
b L u E iC e X
------------------
[This message has been edited by bLuEiCeX (edited February 26, 2000).]
Mar 7, 2000, 6:35 AM
User (111 posts)
Mar 7, 2000, 6:35 AM
Post #14 of 17
Views: 7225
Hello,
does anyone get the admin-mod work ? I installed it and when I enter I get the frameset with three logins in the frames. But I should get the linkadmin
I think I has problems understanding this:
ADD this somewhere (pin the donkey.. you'll get this 5 out of 6 times.. i'll give you a hint.. put it in the middle of the html..)
<a href="$db_script_url?db=admin&view_search=1">View</a><br><a href="$db_script_url?db=admin&add_form=1">Add</a>
<br><a href="$db_script_url?db=admin&delete_search=1">Delete</a><br><a href="$db_script_url?db=admin&modify_search=1">Modify</a>
</p>~ if ($ADMIN[$ADMIN_username] eq "admin");print qq~<p>
<a href="$db_script_url?logout=1"><b>Logout</b></a>
</p>
Would be really cool if anyone can help me a little...
cya,
Nikolai
[This message has been edited by DigitalFusion (edited March 07, 2000).]
does anyone get the admin-mod work ? I installed it and when I enter I get the frameset with three logins in the frames. But I should get the linkadmin
I think I has problems understanding this:
ADD this somewhere (pin the donkey.. you'll get this 5 out of 6 times.. i'll give you a hint.. put it in the middle of the html..)
Code:
~;print qq~<p><b>Admin</b><br> <a href="$db_script_url?db=admin&view_search=1">View</a><br><a href="$db_script_url?db=admin&add_form=1">Add</a>
<br><a href="$db_script_url?db=admin&delete_search=1">Delete</a><br><a href="$db_script_url?db=admin&modify_search=1">Modify</a>
</p>~ if ($ADMIN[$ADMIN_username] eq "admin");print qq~<p>
<a href="$db_script_url?logout=1"><b>Logout</b></a>
</p>
Would be really cool if anyone can help me a little...
cya,
Nikolai
[This message has been edited by DigitalFusion (edited March 07, 2000).]
Mar 10, 2002, 11:32 AM
New User (1 post)
Mar 10, 2002, 11:32 AM
Post #16 of 17
Views: 6637
Please, help me !!! I'm realy need your help. I need this mod (ADMIN PASSWORD MOD), but I can't download it (bad link). Please, send it to my mail: alexx@mfk.net.ru or bombmfk@mail.ru
Thank you for this best Links Catalog !!!
----
Sorry for my bad English.
From Russia with thanks.
http://alexxmfk.net.ru
Tnanks !!!
Thank you for this best Links Catalog !!!
----
Sorry for my bad English.
From Russia with thanks.
http://alexxmfk.net.ru
Tnanks !!!