Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length

Search

 
Advanced search

8043 Posts in 1856 Topics- by 2099 Members - Latest Member: roi
« previous next »
Pages: [1]   Go Down
Print
Author Topic: Modify username login  (Read 402 times)
0 Members and 1 Guest are viewing this topic.
SarahM
New Member
*

Karma: 0
Offline Offline

Posts: 2


WWW
« on: December 03, 2004, 04:55:00 PM »
I would like to modify login.html to show instead of a text box for username, a select box that is populated by all users (except Administrator) in the database.  Then the user could select his username (which is his organization's name), enter his password, and be ready to enter events.  These folks will only be posting to the calendar a few times a year, and this would allow them to only have to remember a password, not a username, too.

I'm not very Perl-literate, but am quite comfortable changing things in the code.

Is it possible to replace the text box with a populated select box?  If so, is doing that going to open huge security holes?

Thanks for any thoughts,
Sarah
Logged
DanO
Moderator
Full Member
*****

Karma: 13
Offline Offline

Posts: 230

Please don't PM me. Post in the open forum.


WWW
« Reply #1 on: December 03, 2004, 06:52:00 PM »
** Is it possible to replace the text box with a populated select box? **

Maybe... but probably not easily.

** the user could select his username (which is his organization's name)  **

Only 1 user per organization? I don't think you can have more than a single user per user name.

** is doing that going to open huge security holes? **

Having multiple people use the same user account will allow them to edit/delete each other's events. It will also negate the possibility of being able to keep track of who posted what events.

JMO

Dan O.

------------------
Logged
SarahM
New Member
*

Karma: 0
Offline Offline

Posts: 2


WWW
« Reply #2 on: December 03, 2004, 10:17:00 PM »
Thanks for your quick reply.  Please see my reponses to your questions below.

**Maybe... but probably not easily.

I was afraid of that.  HOW hard?

**Only 1 user per organization? I don't think you can have more than a single user per user name.

Yes, there will only be one user per organization.  One of the reasons for wanting to make this change is that whenever the designated person leaves the organization, we only have to change the password, and the new designee can pick right up where the other one left off.


**Having multiple people use the same user account will allow them to edit/delete each other's events. It will also negate the possibility of being able to keep track of who posted what events.

Yes, I can see that; however, there truly will only be one user per organization.

------------------
Logged
DanO
Moderator
Full Member
*****

Karma: 13
Offline Offline

Posts: 230

Please don't PM me. Post in the open forum.


WWW
« Reply #3 on: December 04, 2004, 09:44:00 PM »
** I was afraid of that. HOW hard?  **

It is already done on one of the administration templates (maybe the set user permissions page?). See if you can duplicate the code used to create the dropdown from that page and use it is the template you want.

JFYI

Dan O.

------------------
Logged
SarahM
New Member
*

Karma: 0
Offline Offline

Posts: 2


WWW
« Reply #4 on: December 08, 2004, 03:40:00 PM »
Hi DanO and all,

Using the code on the permissions.html page, I was able to successfully create a dynamically generated list menu, populated wtih the usernames.  I documented the changes I made for my own records, and wanted to share the "how to" with the forum in the hopes it'll help somebody some day.  Thanks for pointing me in the right direction.

If you see anything TERRIBLY wrong with the changes I made, please let me know; I've been testing for a couple of days with no ill effects.  

Here's what I did:

Find login.html, and make a backup copy before you start playing with the code.

Replace this:

<% $screenTitle = "Login"; %>

With This:

<% $screenTitle = "Login";
$user = $main::User;
$user_db = new DBFile($main::users_db);
$users = $user_db->getRecords( {} );
$calendars = &main::GetAllCalendars();
%>


Next, replace this:

<BODY BGCOLOR="<%=$AdminConfig->get("page-background-color")%>" onLoad="document.forms[0].username.focus()">
<!--#include file="_header.html"-->

With this:

<BODY BGCOLOR="<%=$AdminConfig->get("page-background-color")%>">
<!--#include file="_header.html"-->
<!--#include file="_command_list.html" -->


Replace this:

<FORM ACTION="<%= $CGI_URL %>" METHOD="POST">
<INPUT TYPE="hidden" NAME="fromTemplate" VALUE="<%=$thisTemplate%>">
<INPUT TYPE="hidden" NAME="template" VALUE="select_calendar.html">
<INPUT TYPE="hidden" NAME="command" VALUE="login">

With this (you're just adding a 4th hidden field):

<FORM ACTION="<%= $CGI_URL %>" METHOD="POST">
<INPUT TYPE="hidden" NAME="fromTemplate" VALUE="<%=$thisTemplate%>">
<INPUT TYPE="hidden" NAME="template" VALUE="select_calendar.html">
<INPUT TYPE="hidden" NAME="command" VALUE="login">
<INPUT TYPE="hidden" NAME="username" VALUE="<%= $selected_user %>">

Replace the following table row:

<TR>
<TD ALIGN="right"><B>Username:</B></TD>
<TD><INPUT TYPE="text" NAME="username" SIZE="15" VALUE="<%= $main::in{username} %>"></TD>
</TR>

With this one:

<TR>
<TD ALIGN="right"><b>Username:</b></TD>
<TD><SELECT NAME="username">
      <% $ol = new HTML:  ptionList();
      foreach (sort {$a->{'username'} cmp $b->{'username'}} @$users) {
         $ol->addOption($_->{'username'},$_->{'username'});
         $ol->setSelectedValue($selected_user);
      } %>
      <%= $ol->toString() %>
      </SELECT>
</TD>
</TR>


A couple of other considerations:
*****************
You may want to change some of the files to reflect username instead of name. For example, one of the accounts has a username of "American Cancer Society" and a name of "Susan Jones" (because Susan is their representative who will enter events into the calendar.)  Susan goes to calendar admin, selects "American Cancer Society" from the list menu and enters her password to log in.  The screens that follow will all contain messages like "Susan Jones successfully logged in".   If you want the screen to say "American Cancer Society" successfully logged in, you will need to edit those files accordingly.  (In this case, I may not change this, since if Susan Jones is no longer the agent for that account, we are more likely to be notified if the new agent, John Smith, has to look at a window welcoming Susan Jones! ;-)
*******************

The method above will list ALL the usernames, including Administrator, in the list menu.  For this incidence of calendarscript, I wanted to include all the names EXCEPT Administrator, but then there was no way for the Administrator to log in.

So...I made the changes listed above and saved the page as both login.html and login2.html, with the first file being the "public" administration page (the one the organizations will see) and the second file being the one the administrator(s) will use.)   Then, I opened login.html, the public administration page, and changed it thusly (the change is the "next if" statement):

<TD><SELECT NAME="username">
      <% $ol = new HTML:  ptionList();
      foreach (sort {$a->{'name'} cmp $b->{'name'}} @$users) {
next if ($_->{'username'} eq "Administrator");   $ol->addOption($_->{'username'},$_->{'name'});
$ol->setSelectedValue($selected_user);
   } %>
      <%= $ol->toString() %>
      </SELECT>
</TD>

After this change, the page the organizations view will not list Administrator as username in the list menu.

But how will the Administrator log in? Locate calendar_admin.pl and save it as calendar_admin2.pl.  Open calendar_admin2.pl and change the 4 references to login.html to login2.html, as shown in the code below.

Give the public a link to calendar_admin.pl.  Give administrators a link to calendar_admin2.pl

Change this (approximately line 352):

$in{template} | |= "login.html";
$in{template} =~ s|[^\w\d\._]| |g;
$in{command} =~ s|[^\w\d\._]| |g;

to this:
$in{template} | |= "login2.html";
$in{template} =~ s|[^\w\d\._]| |g;
$in{command} =~ s|[^\w\d\._]| |g;


Change this (approximately line 429):

   elsif ($in{template} eq "login.html") {
      $in{template} = "main.html";
      }
   if ($force_login) {
      $in{template} = "login.html";
      undef $Template::Session;
      &showScreen();
      }


to this:
   elsif ($in{template} eq "login2.html") {
      $in{template} = "main.html";
      }
   if ($force_login) {
      $in{template} = "login2.html";
      undef $Template::Session;
      &showScreen();
      }

Change this (approximately line 487)
elsif ($in{'command'} eq "logout") {
   unless(&handleCustomFunction("before_logout")) {
      $Session->ExpireNow();
      $Session->cleanupExpiredSessions();
      undef $Session;
      undef $Template::Session;
      $in{template} = "login.html";
      $Template::CALENDAR_LINK = $AdminConfig->get("calendar_url")."?calendar=$calendar";
      &handleCustomFunction("after_logout");
      }
   }   

To this:

elsif ($in{'command'} eq "logout") {
   unless(&handleCustomFunction("before_logout")) {
      $Session->ExpireNow();
      $Session->cleanupExpiredSessions();
      undef $Session;
      undef $Template::Session;
      $in{template} = "login2.html";
      $Template::CALENDAR_LINK = $AdminConfig->get("calendar_url")."?calendar=$calendar";
      &handleCustomFunction("after_logout");
      }
   }   


   if ($force_login) {
      $in{template} = "login2.html";
      undef $Template::Session;
      &showScreen();
      }


------------------

[This message has been edited by SarahM (edited December 08, 2004).]
Logged
DanO
Moderator
Full Member
*****

Karma: 13
Offline Offline

Posts: 230

Please don't PM me. Post in the open forum.


WWW
« Reply #5 on: December 20, 2004, 02:06:00 PM »
** I was able to successfully create a dynamically generated list menu **

Glad to hear it. Thanks for posting the details.

Dan O.

------------------
Logged
Pages: [1]   Go Up
Print
« previous next »
Jump to: