next »

[aNoble]

I have been working on a couple of snippets that work together to let you login to the manager without leaving the frontend of the site. They are mostly meant for use with the frontend editing hack.

The first is the actual login snippet and the second is a simple dynamic login/logout link that will either send you to the login page or log you out immediately. The LoginLogoutLink is of course not required to use ManagerLogin.

Give 'em a look and let me know what you think.

Note: The login form does not support Captcha codes. Also, for the LoginLogoutLink, make sure that you copy the properties from the comments into the properties field. You will also have to give the LoginLogoutLink snippet the document id of the login page via the login_doc_id variable.

Examples:
[[ManagerLogin]]
[[LoginLogoutLink?login_doc_id=1]]

[zi]

Hi aNoble !

Thanks for cool snippets

Best regards,

zi

[Dimmy]

Nice work wil implemenrt them on my modx test site

[rthrash]

Sorry to ask before installing, but does this support immediate redirection to site-start? Having a publicly published login to the manager could be considered a security risk by some.

[aNoble]

Sorry to ask before installing, but does this support immediate redirection to site-start?

Right now it will just keep you no the same page but having it throw you out to some page or anther is a good idea, I'll see if I can iplement that. I'm thinking it could spit you out either to the site_start, the referrer (if internal), or just choose the page.

Having a publicly published login to the manager could be considered a security risk by some.

I can understand that to a certain extent but it's a snippet. So if you don't like it, don't use it

Plus you could easily hide it from the menu and make it non-searchable so that people would have to go directly to /login the way they go directly to /manager now. Plus this is almost an exact clone of the login processor file blocking and other security measures are still in place. I haven't incorporated captcha codes but I will if anyone wants it.

Now that I think of it, Captcha would probably be a good candidate for a plugin. Does anyone really use it? It's a great security feature and I think it should be available but does it really belong in the core?

[rthrash]

Now that I think of it, Captcha would probably be a good candidate for a plugin. Does anyone really use it? It's a great security feature and I think it should be available but does it really belong in the core?

Good idea... that makes sense and is an area that could be re-used in multiple places... like for preventing comment spam on comments.

[sottwell]

Now that I think of it, Captcha would probably be a good candidate for a plugin. Does anyone really use it? It's a great security feature and I think it should be available but does it really belong in the core?

Good idea... that makes sense and is an area that could be re-used in multiple places... like for preventing comment spam on comments.

Or not...

http://www.videolan.org/pwntcha/

[zi]

 

OOPS !

We are developing and they are destroying !

[aNoble]

Or not...

http://www.videolan.org/pwntcha/

More reason to get it out of the core, right I thougt the image idea was pretty good though.

[rthrash]

yeah... pretty cool except for non-english speaking individuals:

Abejorros ... no bees
Lagartija ... no salamander
Zanahorias ... no carrots
Fresas ... no strawberries
Estrellas ... no stars


(sometimes it pays to have a 22 month old and bilingual childrens' board books laying around... Carter's favorite is Salamander: "Teeha!" lol )

[sottwell]

Or not...

http://www.videolan.org/pwntcha/

More reason to get it out of the core, right I thougt the image idea was pretty good though.

In general, for small sites it's probably fine.  The serious spammers usually only attack major sites.  However, it is also patented (by HP). 

http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1='6195698'.WKU.&OS=PN/6195698&RS=PN/6195698

[Robsta]

I've just found this thread. I was looking to do the same thing, but thought the functionality might already be in the system for this... my post is here.

I might assume that removing the ability to log into the manager (user manager option), but allowing the QuickEdit module run permissions for the user's group, this could be accomplished.

You mentioned in a thread linking to this (here) that it might be in the next release... ergo, this current release?

[aNoble]

Hello Robsta,

I'm sorry it's taken me so long to get back to you. I read your first post a while back and meant to look into it but it slipped my mind for a while.

I'm not sure of any way to allow a person to use QuickEdit without allowing them to use the manager at this point. You could change the QuickEdit toolbar so that they cannot see the Manager login, and if they don't know the url to get to the manager they'd probably never find it. But if you really want to prevent people form using the manager (not just discourage) that wouldn't work too well.

The problem is that the QuickEdit editor window is actually in the manager, you just don't know it because there are no frames. So if you revoke their access to the manager you revoke their access to QuickEdit.

If there is a way to do this it would have to be done with Plugins I'd think but I'm not exactly sure how. The trick would be allowing them to access the QuickEdit module and nothing else. You might want to ask Raymond (xwisdom), he's the plugin expert.

[Robsta]

It's a good idea in theory....  Thanks for the information.

[aNoble]

I updated these snippets just a bit. There was an error in the form action attribute that was causing problems with some urls and I fixed some code that was creating error notices.

I updated the original file attachment so you can download it from there.

[aNoble]

More fixes to the ManagerLogin snippet. It should be 0.9.1 ready now. I made it work with login_startup and applied some fixes to the plugin calls and some better use of new API fetures.

I've updated the attachments on the original post.

[Djamoer]

will there be an issue with enabling all the SEF option in MODx? I assume there is a bugs in MODx, which cause the login from a page inside a subfolder to be directed on the wrong document, will it be fixed in this new snippet version?

Thanks


Regards,
Wendy Novianto

[aNoble]

Should work fine with friendly urls and aliases I havn't tried it with friendly alias paths, I don't see why it wouldn't work though. If you are having problems please let me know what's happening and how you have things set up.

[Djamoer]

Ok, I will do, but I'm not sure when I can test it up. If somebody has the opportunity to test this pupy first before me, please do so and reply to this post on how things happen.

Thanks


Regards,
Wendy Novianto

[The Man Can!]

Should work fine with friendly urls and aliases I havn't tried it with friendly alias paths, I don't see why it wouldn't work though.

Works great with friendly urls but no go with alias paths.  I think this has to do with the same bug that's been reported before... http://modxcms.com/bugs/task/109 

I just noticed Jason's fix and tried it but it doesn't seem to correct the bug for manager users, only web users.