Javascript login in CMSimple_XH 1.56

Questions about how to install and problems installing - please read the documentation first!
Post Reply
lianergoist
Posts: 20
Joined: Sun Mar 18, 2012 5:34 pm
Location: Denmark
Contact:

Javascript login in CMSimple_XH 1.56

Post by lianergoist » Thu Apr 11, 2013 3:07 pm

Hello

I use CMSimple_XH 1.56 and I log in using "page". I tried to switch to javascript, but then I got an errorpage (403) when trying to log in (using /index.php?login). I have tried a couple of times, and have also changed password, but I always get this 403-page. What could be the problem?

Long time ago I read something about the different login methodes, but I can't find that page now. What is the advantages of the two login methodes?
--
Thomas Jensen, Denmark

cmb
Posts: 13342
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Javascript login in CMSimple_XH 1.56

Post by cmb » Thu Apr 11, 2013 3:40 pm

Hello Thomas,

when you want to use the "javascript" login, you can't simply call the URL (http://www.example.com/?login). You have to put the function loginlink() into the template, then call the site without login parameter, click the login link and then enter your password in the dialog window.
lianergoist wrote:Long time ago I read something about the different login methodes, but I can't find that page now. What is the advantages of the two login methodes?
The different login methods are historically motivated: in the beginning of CMSimple there was "wwwaut" and "javascript". "wwwaut" was the preferred one, but as that doesn't work on all servers "javascript" was offered as a fallback. "wwwaut" was a little bit more secure, as no cookie had to be stored on the client. Later the login type "page" was added (probably as this is the most common way to login to a web application; or just because with the explizit login page one could avoid placing the login link in the template, which was necessary with "wwwaut" too). When CMSimple_XH 1.5.4 introduced the hashing of passwords, "wwwaut" was dropped, as it would have be necessary to store the clear-text password in config.php.

The only advantage of "javascript" is, that one page request from the server can be saved for the login procedure. But it has the disadvantage, that the login page can't be requested directly, and so it's probably going to be removed for CMSimple_XH 1.6.

The page, you didn't find was perhaps http://cmsimple.org/archives/cmsimple_o ... ity_issues, or maybe a discussion in the old forum, which is now available in a "simplified" version on http://forum.cmsimple-xh.dk/.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

lianergoist
Posts: 20
Joined: Sun Mar 18, 2012 5:34 pm
Location: Denmark
Contact:

Re: Javascript login in CMSimple_XH 1.56

Post by lianergoist » Thu Apr 11, 2013 3:57 pm

Perfect. Thanks... :)
--
Thomas Jensen, Denmark

Post Reply