ok, widgetz, i wanted to test this out more, so i thought if the cookie has one password in it and a certain user name, that if i change the username in the db it will give me an unauthorized screen or the login screen, but it just logged in. Should this be happening?

------------------
LookHard Search
lookhard.hypermart.net
Lavon Russell

the cookies don't work that way..

you're not suppose to be able to edit them that easily so it's loaded in the browsers memory and dumped into the cookie cache until it's needed again..

also.. the code above is different then the one you tested.. i had installed Links 2.0 over again on my hypermart account and found a bunch of premature of script headers due to my different use of printing headers (with CGI.pm)



------------------
Jerry Su
Links SQL Licensed
------------------

Just wanted to offer an option... check this topic. It's how I password protected my directory.
Considering that I'm pretty new at this, once I figured it out it was easy and it worked.

http://www.gossamer-threads.com/scripts/forum/resources/Forum3/HTML/004630.html

Patricio,

Thanks for providing that option...HOWEVER, this Admin Protection Mod is for people who DO NOT have .htaccess, like Windows NT users and other servers that do not support .htaccess.

See the difference????????



Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
http://www.anthrotech.com
Be sure to visit the Resource Center for FAQ's, Modifications and Extra Goodies!!
----------------------

here is the other mod.. you can see this mod in action when you look at this mod..

http://www.gossamer-threads.com/...um3/HTML/004702.html

i will post the code in my free time.. right now i'm looking for security holes and bugs


------------------
Jerry Su
Links SQL Licensed
------------------

eliot..

i myself have no clue who doesn't have .htaccess .. even the Windows people should have it.. (well at least the ones using Apache).. the people using Windows NT IIS (internet information server) don't have .htaccess/.htpasswd.. but they do have .nsconfig which shows up the same password login thing in any browser..

the only people that aren't allowed to use it are people on services like geocities.. but they can't use cgi so it doesn't matter.. i wanted to make it because i've been making many perl authentication things with Links SQL that it's pretty much just "practice"

if you try the demo on the other thread.. you will notice how it's like htaccess.. however in htaccess you can't log out.. unless you type in a wrong password like

http://username:password@www.url.to/admin/

or something..

------------------
Jerry Su
Links SQL Licensed
------------------

Uh...widgetz...Many LINK Users have posted problems using .htaccess (and most NT users don't know how to correctly password protect their directories)...THAT is why I suggested the Mod in the first place.

If you look at the many password protection Threads..an internal admin password protection IS needed.



Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
http://www.anthrotech.com
Be sure to visit the Resource Center for FAQ's, Modifications and Extra Goodies!!
----------------------

I came across this problem when I installed V2 of links.

My ISP only lets me run scripts from 'cgi-local' so adding .htaccess to the directory where the scripts are renders all the scripts useless to my visitors because it asks for a login and password every time some adds, searchs, modifies, etc.

I tried moving the admin.cgi script to a lower level 'cgi-local/adm' and adding .htacces there. This protected the admin.cgi script, but in moving it, it invalidated all the path names to files and made the admin script useless.

My final solution was to delete the admin.cgi script when not in use.

I would assume that many other people are in a similar situation after seeing the number of threads there are regarding password protection.

------------------
Shaun Hague
Webmaster - Qango.com
http://www.qango.com/central/

admin.cgi is suppose to be in a subdirectory..

admin/



------------------
Jerry Su
Links SQL Licensed
------------------

>>i myself have no clue who doesn't have .htaccess ...

My ISP (PE.net) allows .htaccess and .htpasswd ... but NOT when I need it UNDER my cgi-bin DIRectory.

I paid a gentleman to install Links v2 for me (yes, I was chicken), and it works marvelously. But when HE told me that he was having trouble with .htaccess, I knew it wasn't his nor Links' fault.

- Clint Bradford

[This message has been edited by Clint Bradford (edited February 22, 2000).]

remember to add .htaccess to your subdirectories in the admin folder..

/admin/backup
/admin/data

are the important ones..

.htaccess

additionally.. chmoding the library files like site_html.pl, site_html_templates.pl, links.def, category.def... ETC to 600 will prevent people from reading it..

------------------
b L u E iC e X
------------------

[This message has been edited by bLuEiCeX (edited February 26, 2000).]

widgetz....
In /admin/admin.cgi

close DB; $found or &html_login ("Invalid Username!");
}
del }

and other files (nph-build.cgi, nph-verify.cgi, nph-email.cgi)

your require "$db_lib_path/admin.def";is error...
del it and use $ADMIN[1] $ADMIN[2] to test name and password.

Hello,

does anyone get the admin-mod work ? I installed it and when I enter I get the frameset with three logins in the frames. But I should get the linkadmin
I think I has problems understanding this:

ADD this somewhere (pin the donkey.. you'll get this 5 out of 6 times.. i'll give you a hint.. put it in the middle of the html..)




Would be really cool if anyone can help me a little...
cya,

Nikolai


[This message has been edited by DigitalFusion (edited March 07, 2000).]

ARGH!!

someone help me with this mod please... When i enter that code into my admin.cgi it comes out with 500 error... when i remove it it works fine... aRGH!! any ideas?

ty

Please, help me !!! I'm realy need your help. I need this mod (ADMIN PASSWORD MOD), but I can't download it (bad link). Please, send it to my mail: alexx@mfk.net.ru or bombmfk@mail.ru

Thank you for this best Links Catalog !!!

----

Sorry for my bad English.

From Russia with thanks.

http://alexxmfk.net.ru

Tnanks !!!

Im not sure Jerry wants to distribute it any more unless you pay him of course