rejetto forum

logout suggestion

zhenhai · 11 · 22953

0 Members and 1 Guest are viewing this topic.

Offline zhenhai

  • Occasional poster
  • *
    • Posts: 7
    • View Profile
Advice on ~Login and ~logout
I study the source text: newuserpassDlg.pss, I found how to solve the HFS Logout/quit question. I mean since the HFS has a select properties on Anonmous, why we add a choice when userBox.text = '' ? when a blank user try to login, we can log HFS with a hidden default user: @anonmous (of course the "@" is still kept in characters check list!), it means to logout/quit your user account.

The source text said:

procedure TnewuserpassFrm.okBtnClick(Sender: TObject);
var
  error: string;
begin
userBox.text:=trim(userBox.text);
pwdBox.text:=trim(pwdBox.text);
error:='';
if (userBox.text > '') and not validUsername(userBox.Text)
or (pwdBox.text > '') and not validUsername(pwdBox.text) then
  error:='The characters below are not allowed'#13'/\:?*"<>|;&&@'
else if (pwdBox.text > '') and (userBox.text = '') then
  error:='User is mandatory'
else if pwdBox.text <> pwd2Box.text then
  error:='The two passwords you entered don''t match';

//add by zhenhai
if (userBox.text = '') then
userBox.text ="@anonmous";
error = ''
//


if error = '' then ModalResult:=mrOk
else msgDlg(error, MB_ICONERROR);
end;



Offline zhenhai

  • Occasional poster
  • *
    • Posts: 7
    • View Profile
another question is Why hfs.tpl donnt have a section [login]?
to quit a user accout , I adviced to use a public section [login]

in my hfs.tpl ,I add the section [logout](of course I cannot quit in true!),such as:

<div class="menu">
    <ul>
    <li class='last'><a href="#"><span style='position:relative; top:5px;'><img src="/~img27">{.!user.}:{.if | %user%|%user%|@anonmous/if.}</span><!--[if IE 7]><!--></a><!--<![endif]-->
       <!--[if lte IE 6]><table><tr><td><![endif]-->
       <ul>
{.if not| %user%          | <li><a href="~login"><img src="/~img27"> Login</a></li> .}
{.if    | %user%          | <li><a href="~logout"><img src="/~img27"> Logout</a></li> .}
{.if| {.get|can upload.}  | <li><a href="~upload"><img src="/~img32"> Upload</a></li> .}
       <li class="last"><a href="{.get|url|tpl=list|folders-filter=\|recursive.}">Files of List</a></li>
       </ul>
       <!--[if lte IE 6]></td></tr></table></a><![endif]-->
    </li>
    </ul>
    </div>

[logout]
{.add to log|.}
<br />A Bug has not be solved, please back to<a href="/"><b>Home</b></a>


Offline Kremlin

  • Tireless poster
  • ****
    • Posts: 137
    • View Profile
logout is not currently supported the HFS auth system, I believe it is in the todo list.


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
Advice on ~Login and ~logout
I study the source text: newuserpassDlg.pss, I found how to solve the HFS Logout/quit question.

that is NOT the place where the user logs in.
it's the dialog used by the admin to create a new account.
i'm sorry but your suggestion won't work.


Offline MajorSeven

  • Occasional poster
  • *
    • Posts: 2
    • View Profile
It may be another stupid suggestion...

Would it be possible to delete the cookie with a logout button and return to the previous hfs-page? Then the user should be able to login again - hope so...


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2063
    • View Profile
Unfortunately, this will not be the last time a solution like this is impossible. As long as the login will be used by the browser, it will be impossible to have a true logout The day a miracle will happen that will be a joy for all  ;)


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
i'm not sure that with the current tools we are not ready to change system.
Time has passed and i don't remember clearly.
I should make an experiment.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2063
    • View Profile
I do not know what method is used for the forum but is made more complex using multiple cookies

SMFCookie   ......    /   www.rejetto.com   28/05/2022 à 22:55:34
rejetto_db_wiki_UserID   .......    /   www.rejetto.com   26/11/2016 à 19:20:39
rejetto_db_wiki_UserName   ........   /   www.rejetto.com   26/11/2016 à 19:20:39
rejetto_db_wiki_Token   .......    /   www.rejetto.com   26/11/2016 à 19:20:39
PHPSESSID      ........ /   www.rejetto.com   End Of Session

we could consider increasing the amount of informations (as Token and ConnectTimeOut) in each user account and use them wisely


Offline Ad-Man-Gamer

  • Occasional poster
  • *
    • Posts: 1
    • View Profile
There is a way to trick HFS to log you out that I use.

1. Type "@*NULLACCOUNT*@*HFSADRESS*/~login" into your URL E.G: @LOGOUT@localhost/~login
2. when it prompts you to log in, click Cancel
3. You will get a 401 error and your basic auth credentials should have been ejected from your browser.
4. Go to your HFS domain again. (DO NOT USE THE BACK BUTTON! Just type out the URL or use a link.)

You should now see the login button again.

If there is a way to script this and plug it in as a diff HTML template so all you need to do is push a button, that would be good.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2063
    • View Profile
Unless you purge the cache of the browser or close it, there is always a url link somewhere containing the identifiers when they have been used at least once, that is why it is not possible to implement a Logout in hfs


Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 859
  • Status: On hiatus       (sporadically here)
    • View Profile
    • twitter.com/LeoNeeson
Unfortunately, this will not be the last time a solution like this is impossible. As long as the login will be used by the browser, it will be impossible to have a true logout The day a miracle will happen that will be a joy for all  ;)
That day has come... ::) If you apply THIS fix, and follow my instructions, HFS could have by default a fully functional login and logout (using a form based login, along with a modified template to avoid direct /~login access). Of course if Rejetto is interested on adding this to v2.4, HFS could have this by default, for all the users. I can't believe there is almost zero interest on this (although, like I've discussed here, I think my fix is not perfect and could be further enhanced)...

At least, if there is no interest on enhancing or adding this, please say it, and I will stop bothering you all with this issue. But please, don't ignore my post, and make questions if something is not clear... :-\
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
» Currently taking a break, until HFS v2.4 get his stable version.