Hi
Just few comments to recent changes to Swekey.
Dne Sat, 06 Sep 2008 12:41:35 +0000
lem9(a)users.sourceforge.net napsal(a):
Revision: 11562
http://phpmyadmin.svn.sourceforge.net/phpmyadmin/?rev=11562&view=rev
Author: lem9
Date: 2008-09-06 12:41:34 +0000 (Sat, 06 Sep 2008)
Log Message:
-----------
latest Swekey fixes
<!-- Login form -->
@@ -268,7 +243,7 @@
<?php } ?>
<div class="item">
<label for="input_username"><?php echo
$GLOBALS['strLogUsername']; ?></label>
- <input type="text" name="pma_username"
id="input_username" value="<?php echo htmlspecialchars($default_user);
?>" size="24" class="textfield" <?php echo
$user_input_disabled; ?>/>
+ <input type="text" name="pma_username"
id="input_username" value="" size="24"
class="textfield"/>
What is reason for dropping default_user here? It is used for user name
recall from cookie.
+ Swekey_SetUnplugUrl(key,
"pma_login", url +
"/libraries/auth/swekey/unplugged.php?session_to_unset=<?php echo
session_id();?>");
This still won't work, if user has disable access to libraries, what is
what we suggest.
+ function open_swekey_site()
+ {
+ window.open("http://www.swekey.com?promo=pma");
+ }
Didn't we agree not to put any direct links to their website?
+ var input_username =
document.getElementById("<?php echo $input_name; ?>");
+ var input_go = document.getElementById("<?php echo $input_go;
?>");
+ var swekey_status = document.createElement('img');
+ swekey_status.setAttribute('onClick', 'open_swekey_site()');
+ swekey_status.setAttribute('style', 'width:8px; height:16px;
border:0px; vspace:0px; hspace:0px; frameborder:no');
+ if (user == null)
+ {
+ swekey_status.setAttribute('src',
'http://artwork.swekey.com/unplugged-8x16.png');
+ //swekey_status.setAttribute('title', 'No swekey plugged');
+ input_go.disabled = true;
+ }
+ else
+ {
+ swekey_status.setAttribute('src',
'http://artwork.swekey.com/plugged-8x16.png');
Do we have to use external images?
@@ -4,6 +4,9 @@
* Version 1.0
*
* History:
+ * 1.2 Use curl (widely installed) to query the server
+ * Fixed a possible tempfile race attack
+ * Random token cache can now be disabled
Documentation should mention curl requirement.
* 1.1 Added Swekey_HttpGet function that support
faulty servers
* Support for custom servers
* 1.0 First release
@@ -54,6 +57,12 @@
if (! isset($gSwekeyStatusServer))
$gSwekeyStatusServer = 'http://auth-status.musbe.net';
Why is default still http?
-define ("SWEKEY_STATUS_STOLLEN",4); //
The key was stolen (typo kept for backward comp)
-define ("SWEKEY_STATUS_STOLEN",4); // The key was stolen
+define ("SWEKEY_STATUS_STOLLEN",4); // The key was stollen
+define ("SWEKEY_STATUS_STOLEN",4); // The key was stollen
Why introducing a typo and removing explanation comment?
--
Michal Čihař |
http://cihar.com |
http://phpmyadmin.cz