Hello
I use CMSimple_XH 1.56 and I log in using "page". I tried to switch to javascript, but then I got an errorpage (403) when trying to log in (using /index.php?login). I have tried a couple of times, and have also changed password, but I always get this 403-page. What could be the problem?
Long time ago I read something about the different login methodes, but I can't find that page now. What is the advantages of the two login methodes?
Javascript login in CMSimple_XH 1.56
-
lianergoist
- Posts: 20
- Joined: Sun Mar 18, 2012 5:34 pm
- Location: Denmark
- Contact:
Javascript login in CMSimple_XH 1.56
--
Thomas Jensen, Denmark
Thomas Jensen, Denmark
Re: Javascript login in CMSimple_XH 1.56
Hello Thomas,
when you want to use the "javascript" login, you can't simply call the URL (http://www.example.com/?login). You have to put the function loginlink() into the template, then call the site without login parameter, click the login link and then enter your password in the dialog window.
The only advantage of "javascript" is, that one page request from the server can be saved for the login procedure. But it has the disadvantage, that the login page can't be requested directly, and so it's probably going to be removed for CMSimple_XH 1.6.
The page, you didn't find was perhaps http://cmsimple.org/archives/cmsimple_o ... ity_issues, or maybe a discussion in the old forum, which is now available in a "simplified" version on http://forum.cmsimple-xh.dk/.
Christoph
when you want to use the "javascript" login, you can't simply call the URL (http://www.example.com/?login). You have to put the function loginlink() into the template, then call the site without login parameter, click the login link and then enter your password in the dialog window.
The different login methods are historically motivated: in the beginning of CMSimple there was "wwwaut" and "javascript". "wwwaut" was the preferred one, but as that doesn't work on all servers "javascript" was offered as a fallback. "wwwaut" was a little bit more secure, as no cookie had to be stored on the client. Later the login type "page" was added (probably as this is the most common way to login to a web application; or just because with the explizit login page one could avoid placing the login link in the template, which was necessary with "wwwaut" too). When CMSimple_XH 1.5.4 introduced the hashing of passwords, "wwwaut" was dropped, as it would have be necessary to store the clear-text password in config.php.lianergoist wrote:Long time ago I read something about the different login methodes, but I can't find that page now. What is the advantages of the two login methodes?
The only advantage of "javascript" is, that one page request from the server can be saved for the login procedure. But it has the disadvantage, that the login page can't be requested directly, and so it's probably going to be removed for CMSimple_XH 1.6.
The page, you didn't find was perhaps http://cmsimple.org/archives/cmsimple_o ... ity_issues, or maybe a discussion in the old forum, which is now available in a "simplified" version on http://forum.cmsimple-xh.dk/.
Christoph
Christoph M. Becker – Plugins for CMSimple_XH
-
lianergoist
- Posts: 20
- Joined: Sun Mar 18, 2012 5:34 pm
- Location: Denmark
- Contact:
