Author: Lars Michelsen <[email protected]>
Date: Sun Nov 27 18:19:01 2011 +0100
Committer: Lars Michelsen <[email protected]>
Commit-Date: Sun Nov 27 18:19:01 2011 +0100
Made login possible via URL when using LogonDialog
---
.../server/core/classes/CoreLogonDialogHandler.php | 42 ++++++++++++++------
share/userfiles/templates/default.login.html | 4 +-
2 files changed, 32 insertions(+), 14 deletions(-)
diff --git a/share/server/core/classes/CoreLogonDialogHandler.php
b/share/server/core/classes/CoreLogonDialogHandler.php
index dc56c4d..e31ce53 100644
--- a/share/server/core/classes/CoreLogonDialogHandler.php
+++ b/share/server/core/classes/CoreLogonDialogHandler.php
@@ -59,24 +59,42 @@ class CoreLogonDialogHandler {
}
private function handleResponseAuth() {
- $attr = Array('username' => MATCH_USER_NAME,
- 'password' => null);
+ $attr = Array('_username' => MATCH_USER_NAME,
+ '_password' => null);
- $FHANDLER = new CoreRequestHandler($_POST);
+ $FHANDLER = new CoreRequestHandler(array_merge($_GET, $_POST));
- if(!$FHANDLER->issetAndNotEmpty('username') &&
!$FHANDLER->issetAndNotEmpty('password'))
+ // Don't try to auth if one of the vars is missing
+ if(!$FHANDLER->issetAndNotEmpty('_username')
+ || !$FHANDLER->issetAndNotEmpty('_password'))
return null;
- if(!$FHANDLER->match('username', MATCH_USER_NAME)
- || $FHANDLER->isLongerThan('username', AUTH_MAX_USERNAME_LENGTH))
- throw new FieldInputError('username', l('Invalid username.'));
+ if(!$FHANDLER->match('_username', MATCH_USER_NAME)
+ || $FHANDLER->isLongerThan('_username', AUTH_MAX_USERNAME_LENGTH))
+ throw new FieldInputError('_username', l('Invalid username.'));
- if(!$FHANDLER->issetAndNotEmpty('password')
- || $FHANDLER->isLongerThan('password', AUTH_MAX_PASSWORD_LENGTH))
- throw new FieldInputError('password', l('Invalid password.'));
+ if(!$FHANDLER->issetAndNotEmpty('_password')
+ || $FHANDLER->isLongerThan('_password', AUTH_MAX_PASSWORD_LENGTH))
+ throw new FieldInputError('_password', l('Invalid password.'));
+
+ $a = Array('user' => $FHANDLER->get('_username'),
+ 'password' => $FHANDLER->get('_password'));
+
+ // Remove authentication infos. Hide it from the following code
+ if(isset($_REQUEST['_username']))
+ unset($_REQUEST['_username']);
+ if(isset($_REQUEST['_password']))
+ unset($_REQUEST['_password']);
+ if(isset($_POST['_username']))
+ unset($_POST['_username']);
+ if(isset($_POST['_password']))
+ unset($_POST['_password']);
+ if(isset($_GET['_username']))
+ unset($_GET['_username']);
+ if(isset($_GET['_password']))
+ unset($_GET['_password']);
- return Array('user' => $FHANDLER->get('username'),
- 'password' => $FHANDLER->get('password'));
+ return $a;
}
}
?>
diff --git a/share/userfiles/templates/default.login.html
b/share/userfiles/templates/default.login.html
index 20c2ca2..ba1a881 100644
--- a/share/userfiles/templates/default.login.html
+++ b/share/userfiles/templates/default.login.html
@@ -40,11 +40,11 @@
</p>{/if}
<p>
<label>{$langName}<br />
- <input type="text" name="username" id="user_login" class="input"
value="" size="{$maxUsernameLength}" tabindex="10" /></label>
+ <input type="text" name="_username" id="user_login" class="input"
value="" size="{$maxUsernameLength}" tabindex="10" /></label>
</p>
<p>
<label>{$langPassword}<br />
- <input type="password" name="password" id="user_pass" class="input"
value="" size="{$maxPasswordLength}" tabindex="20" /></label>
+ <input type="password" name="_password" id="user_pass" class="input"
value="" size="{$maxPasswordLength}" tabindex="20" /></label>
</p>
<p class="submit">
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Nagvis-checkins mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nagvis-checkins
