[sork] Passwd backends

- Fredde - nagash303 at hotmail.com
Fri Jan 28 13:37:48 PST 2005 

>Quoting - Fredde - <nagash303 at hotmail.com>:
>
> > >Quoting Fred Ho <fkho at fredho.net>:
> > >
> > > >     For a quick hack, you can modify the HTML text by adding the
> > > > "readonly" attribute in the file horde/passwd/templates/main as in
> > > > the line here:
> > >
> > >Why, and in what version?  In the current versions (e.g. HEAD) there
> > >should be a configuration item which reads:
> >
> > I use, 2.2.1, current enough? Horde is 2.2.7.
>
>Not if you want to not allow the username to be displayed, no.  2.2.1
>does not have this option.  But since that is the latest release version,
>then I guess you have a problem there.


Here is the "patch" i got by mail from Peter: (tnx again Peter)
(he used HEAD, not 2.2.1, I tried it too on my test server with H3)

- - -

However, as a quick workaround, edit the file passwd/main.php and search for
the line:

        $userid = Auth::getBareAuth();

(on my system it's line 231)

Change this line to read:

        $userid = Auth::getAuth();

- - -




So, in 2.2.1 I did this insted: (I use Horde 2.2.7 passwd 2.2.1 on my 
production server)

227,231c227,228
< //        $splitted  = split("@", Auth::getAuth());
< //        $userid = @$splitted[0];
<
<           $userid = Auth::getAuth();
<
---
>         $splitted  = split("@", Auth::getAuth());
>         $userid = @$splitted[0];



At this point, I get the full username in the username field, great!
However, even if stupid A left his computer hacker B need the oldpassword
to be able to change the password, ok? Cant see any security issue, ok?
This also work great with multiple virtual domains. Now its up to you to 
deside
the best way to code this into next version.




Then I got the quick hack for look username from Fred Ho (mention at the 
top)
(here its same code for 2.2.1 and H3 (head) version)

- - -

For a quick hack, you can modify the HTML text by adding the
"readonly" attribute in the file horde/passwd/templates/main/main.inc as in
the line here:

40c40
<   <td><input type="text" name="userid" value="<?php echo 
htmlspecialchars($userid) ?>" readonly></td>
---
>   <td><input type="text" name="userid" value="<?php echo $userid ?>"></td>

- - -

This way the username is looked, readonly does the job
(yes you can still see the username,but cant edit/change it).
Mabe you have some way of using this for develop some config params 
enable/dissable this.



>
>In 2.2.1 you configure adding the domain via the hook that is provided, as
>per my previous e-mail to the list.

Yes, you can, but it dosent work if you use multiple domains.
I do, and thats the reason im screaming about this 
full-username-back-on-track-support! :)

>However, you can not in 2.2.1 disable
>the username field (stop the user from editing it).  This is wrong, and 
>should
>be fixed (e.g. release a 2.2.2 release with the change backported from HEAD
>to support this).

Yes, mabe my diff abow can help. (thx to Fred Ho!)

>Now do you see why it is important to mention the version you use when 
>asking
>questions?  Otherwise, I'm going to assume that since it is working in
>my version, and is working in other versions, it should work for you.  When
>you tell me what version, I can check that version and see if it is there
>or not, instead of leading you down the wrong road.

Yes, you 100% right about that!

Regards,

Fredde

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

More information about the sork mailing list