On Sun, Sep 7, 2008 at 1:03 PM, Michal Čihař <michal(a)cihar.com> wrote:
Hi
Just few comments to recent changes to Swekey.
Dne Sat, 06 Sep 2008 12:41:35 +0000
lem9(a)users.sourceforge.net napsal(a):
Revision: 11562
http://phpmyadmin.svn.sourceforge.net/phpmyadmin/?rev=11562&view=rev
Author: lem9
Date: 2008-09-06 12:41:34 +0000 (Sat, 06 Sep 2008)
Log Message:
-----------
latest Swekey fixes
<!-- Login form -->
@@ -268,7 +243,7 @@
<?php } ?>
<div class="item">
<label for="input_username"><?php echo
$GLOBALS['strLogUsername']; ?></label>
- <input type="text" name="pma_username"
id="input_username" value="<?php echo htmlspecialchars($default_user);
?>" size="24" class="textfield" <?php echo
$user_input_disabled; ?>/>
+ <input type="text" name="pma_username"
id="input_username" value="" size="24"
class="textfield"/>
What is reason for dropping default_user here? It is used for user name
recall from cookie.
Oops, my mistake, I wanted to remove only <?php echo $user_input_disabled; ?>
+
Swekey_SetUnplugUrl(key, "pma_login", url +
"/libraries/auth/swekey/unplugged.php?session_to_unset=<?php echo
session_id();?>");
This still won't work, if user has disable access to libraries, what is
what we suggest.
I''m working on it.
+ function open_swekey_site()
+ {
+ window.open("http://www.swekey.com?promo=pma");
+ }
Didn't we agree not to put any direct links to their website?
I didn't know about that decision, what is the link to your page ?
+
var input_username = document.getElementById("<?php echo $input_name;
?>");
+ var input_go = document.getElementById("<?php echo $input_go;
?>");
+ var swekey_status = document.createElement('img');
+ swekey_status.setAttribute('onClick',
'open_swekey_site()');
+ swekey_status.setAttribute('style', 'width:8px; height:16px;
border:0px; vspace:0px; hspace:0px; frameborder:no');
+ if (user == null)
+ {
+ swekey_status.setAttribute('src',
'http://artwork.swekey.com/unplugged-8x16.png');
+ //swekey_status.setAttribute('title', 'No
swekey plugged');
+ input_go.disabled = true;
+ }
+ else
+ {
+ swekey_status.setAttribute('src',
'http://artwork.swekey.com/plugged-8x16.png');
Do we have to use external images?
We want to use the same images for all the apps that use swekey
authentication, for consistency reason.
* Version
1.0
*
* History:
+ * 1.2 Use curl (widely installed) to query the server
+ * Fixed a possible tempfile race attack
+ * Random token cache can now be disabled
Documentation should mention curl requirement.
We can leave without it, so it is not a requirement.
* 1.1 Added
Swekey_HttpGet function that support faulty servers
* Support for custom servers
* 1.0 First release
@@ -54,6 +57,12 @@
if (! isset($gSwekeyStatusServer))
$gSwekeyStatusServer = 'http://auth-status.musbe.net';
Why is default still http?
This file is shared across application and we don't want to set https
by default yet (mainly for perfoemances reasons)
For PMA https IS the default because we put the https server's url is
the conf file.
-define
("SWEKEY_STATUS_STOLLEN",4); // The key was stolen (typo kept for backward
comp)
-define ("SWEKEY_STATUS_STOLEN",4); // The key was stolen
+define ("SWEKEY_STATUS_STOLLEN",4); // The key was stollen
+define ("SWEKEY_STATUS_STOLEN",4); // The key was stollen
Why introducing a typo and removing explanation comment?
Sorry I'm not native english speaker and I receive a complain that
stolen took 2 'L's.
My spelling checker didn't complain so I beleived the guy.
After investigating STOLLEN is a famous german cake, that's why my
spelling checker didn't complain :(
I'll fix that too.
\