Hi
Just few comments to recent changes to Swekey.
Dne Sat, 06 Sep 2008 12:41:35 +0000 lem9@users.sourceforge.net napsal(a):
Revision: 11562 http://phpmyadmin.svn.sourceforge.net/phpmyadmin/?rev=11562&view=rev Author: lem9 Date: 2008-09-06 12:41:34 +0000 (Sat, 06 Sep 2008)
Log Message:
latest Swekey fixes
<!-- Login form -->
@@ -268,7 +243,7 @@
<?php } ?>
<div class="item"> <label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label>
<input type="text" name="pma_username" id="input_username" value="<?php echo htmlspecialchars($default_user); ?>" size="24" class="textfield" <?php echo $user_input_disabled; ?>/>
<input type="text" name="pma_username" id="input_username" value="" size="24" class="textfield"/>
What is reason for dropping default_user here? It is used for user name recall from cookie.
Swekey_SetUnplugUrl(key, "pma_login", url + "/libraries/auth/swekey/unplugged.php?session_to_unset=<?php echo session_id();?>");
This still won't work, if user has disable access to libraries, what is what we suggest.
function open_swekey_site()
{
window.open("http://www.swekey.com?promo=pma");
}
Didn't we agree not to put any direct links to their website?
var input_username = document.getElementById("<?php echo $input_name; ?>");
var input_go = document.getElementById("<?php echo $input_go; ?>");
var swekey_status = document.createElement('img');
swekey_status.setAttribute('onClick', 'open_swekey_site()');
swekey_status.setAttribute('style', 'width:8px; height:16px; border:0px; vspace:0px; hspace:0px; frameborder:no');
if (user == null)
{
swekey_status.setAttribute('src', 'http://artwork.swekey.com/unplugged-8x16.png');
//swekey_status.setAttribute('title', 'No swekey plugged');
input_go.disabled = true;
}
else
{
swekey_status.setAttribute('src', 'http://artwork.swekey.com/plugged-8x16.png');
Do we have to use external images?
@@ -4,6 +4,9 @@
- Version 1.0
- History:
- 1.2 Use curl (widely installed) to query the server
Fixed a possible tempfile race attack
Random token cache can now be disabled
Documentation should mention curl requirement.
- 1.1 Added Swekey_HttpGet function that support faulty servers
Support for custom servers
- 1.0 First release
@@ -54,6 +57,12 @@ if (! isset($gSwekeyStatusServer)) $gSwekeyStatusServer = 'http://auth-status.musbe.net';
Why is default still http?
-define ("SWEKEY_STATUS_STOLLEN",4); // The key was stolen (typo kept for backward comp) -define ("SWEKEY_STATUS_STOLEN",4); // The key was stolen +define ("SWEKEY_STATUS_STOLLEN",4); // The key was stollen +define ("SWEKEY_STATUS_STOLEN",4); // The key was stollen
Why introducing a typo and removing explanation comment?
On Sun, Sep 7, 2008 at 1:03 PM, Michal Čihař michal@cihar.com wrote:
Hi
Just few comments to recent changes to Swekey.
Dne Sat, 06 Sep 2008 12:41:35 +0000 lem9@users.sourceforge.net napsal(a):
Revision: 11562 http://phpmyadmin.svn.sourceforge.net/phpmyadmin/?rev=11562&view=rev Author: lem9 Date: 2008-09-06 12:41:34 +0000 (Sat, 06 Sep 2008)
Log Message:
latest Swekey fixes
<!-- Login form -->
@@ -268,7 +243,7 @@
<?php } ?>
<div class="item"> <label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label>
<input type="text" name="pma_username" id="input_username" value="<?php echo htmlspecialchars($default_user); ?>" size="24" class="textfield" <?php echo $user_input_disabled; ?>/>
<input type="text" name="pma_username" id="input_username" value="" size="24" class="textfield"/>
What is reason for dropping default_user here? It is used for user name recall from cookie.
Oops, my mistake, I wanted to remove only <?php echo $user_input_disabled; ?>
Swekey_SetUnplugUrl(key, "pma_login", url + "/libraries/auth/swekey/unplugged.php?session_to_unset=<?php echo session_id();?>");
This still won't work, if user has disable access to libraries, what is what we suggest.
I''m working on it.
function open_swekey_site()
{
window.open("http://www.swekey.com?promo=pma");
}
Didn't we agree not to put any direct links to their website?
I didn't know about that decision, what is the link to your page ?
var input_username = document.getElementById("<?php echo $input_name; ?>");
var input_go = document.getElementById("<?php echo $input_go; ?>");
var swekey_status = document.createElement('img');
swekey_status.setAttribute('onClick', 'open_swekey_site()');
swekey_status.setAttribute('style', 'width:8px; height:16px; border:0px; vspace:0px; hspace:0px; frameborder:no');
if (user == null)
{
swekey_status.setAttribute('src', 'http://artwork.swekey.com/unplugged-8x16.png');
//swekey_status.setAttribute('title', 'No swekey plugged');
input_go.disabled = true;
}
else
{
swekey_status.setAttribute('src', 'http://artwork.swekey.com/plugged-8x16.png');
Do we have to use external images?
We want to use the same images for all the apps that use swekey authentication, for consistency reason.
- Version 1.0
- History:
- 1.2 Use curl (widely installed) to query the server
Fixed a possible tempfile race attack
Random token cache can now be disabled
Documentation should mention curl requirement.
We can leave without it, so it is not a requirement.
- 1.1 Added Swekey_HttpGet function that support faulty servers
Support for custom servers
- 1.0 First release
@@ -54,6 +57,12 @@ if (! isset($gSwekeyStatusServer)) $gSwekeyStatusServer = 'http://auth-status.musbe.net';
Why is default still http?
This file is shared across application and we don't want to set https by default yet (mainly for perfoemances reasons) For PMA https IS the default because we put the https server's url is the conf file.
-define ("SWEKEY_STATUS_STOLLEN",4); // The key was stolen (typo kept for backward comp) -define ("SWEKEY_STATUS_STOLEN",4); // The key was stolen +define ("SWEKEY_STATUS_STOLLEN",4); // The key was stollen +define ("SWEKEY_STATUS_STOLEN",4); // The key was stollen
Why introducing a typo and removing explanation comment?
Sorry I'm not native english speaker and I receive a complain that stolen took 2 'L's. My spelling checker didn't complain so I beleived the guy. After investigating STOLLEN is a famous german cake, that's why my spelling checker didn't complain :( I'll fix that too.
\
Luc Andre a écrit :
On Sun, Sep 7, 2008 at 1:03 PM, Michal Čihař michal@cihar.com wrote:
Hi
Just few comments to recent changes to Swekey.
Dne Sat, 06 Sep 2008 12:41:35 +0000 lem9@users.sourceforge.net napsal(a):
Revision: 11562 http://phpmyadmin.svn.sourceforge.net/phpmyadmin/?rev=11562&view=rev Author: lem9 Date: 2008-09-06 12:41:34 +0000 (Sat, 06 Sep 2008)
Log Message:
latest Swekey fixes
<!-- Login form -->
@@ -268,7 +243,7 @@
<?php } ?>
<div class="item"> <label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label>
<input type="text" name="pma_username" id="input_username" value="<?php echo htmlspecialchars($default_user); ?>" size="24" class="textfield" <?php echo $user_input_disabled; ?>/>
<input type="text" name="pma_username" id="input_username" value="" size="24" class="textfield"/>
What is reason for dropping default_user here? It is used for user name recall from cookie.
Oops, my mistake, I wanted to remove only <?php echo $user_input_disabled; ?>
Fixed.
Swekey_SetUnplugUrl(key, "pma_login", url + "/libraries/auth/swekey/unplugged.php?session_to_unset=<?php echo session_id();?>");
This still won't work, if user has disable access to libraries, what is what we suggest.
I''m working on it.
function open_swekey_site()
{
window.open("http://www.swekey.com?promo=pma");
}
Didn't we agree not to put any direct links to their website?
I didn't know about that decision, what is the link to your page ?
See Documentation.html "If you want to purchase....".
var input_username = document.getElementById("<?php echo $input_name; ?>");
var input_go = document.getElementById("<?php echo $input_go; ?>");
var swekey_status = document.createElement('img');
swekey_status.setAttribute('onClick', 'open_swekey_site()');
swekey_status.setAttribute('style', 'width:8px; height:16px; border:0px; vspace:0px; hspace:0px; frameborder:no');
if (user == null)
{
swekey_status.setAttribute('src', 'http://artwork.swekey.com/unplugged-8x16.png');
//swekey_status.setAttribute('title', 'No swekey plugged');
input_go.disabled = true;
}
else
{
swekey_status.setAttribute('src', 'http://artwork.swekey.com/plugged-8x16.png');
Do we have to use external images?
We want to use the same images for all the apps that use swekey authentication, for consistency reason.
We can put your images in our code base, why not?
- Version 1.0
- History:
- 1.2 Use curl (widely installed) to query the server
Fixed a possible tempfile race attack
Random token cache can now be disabled
Documentation should mention curl requirement.
We can leave without it, so it is not a requirement.
https access can work without curl functions?
- 1.1 Added Swekey_HttpGet function that support faulty servers
Support for custom servers
- 1.0 First release
@@ -54,6 +57,12 @@ if (! isset($gSwekeyStatusServer)) $gSwekeyStatusServer = 'http://auth-status.musbe.net';
Why is default still http?
This file is shared across application and we don't want to set https by default yet (mainly for perfoemances reasons) For PMA https IS the default because we put the https server's url is the conf file.
-define ("SWEKEY_STATUS_STOLLEN",4); // The key was stolen (typo kept for backward comp) -define ("SWEKEY_STATUS_STOLEN",4); // The key was stolen +define ("SWEKEY_STATUS_STOLLEN",4); // The key was stollen +define ("SWEKEY_STATUS_STOLEN",4); // The key was stollen
Why introducing a typo and removing explanation comment?
Sorry I'm not native english speaker and I receive a complain that stolen took 2 'L's. My spelling checker didn't complain so I beleived the guy. After investigating STOLLEN is a famous german cake, that's why my spelling checker didn't complain :( I'll fix that too.
Michal meant that if you want to keep the typo, why remove the comment that explains why you want to keep the typo?
\
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel