[Phpmyadmin-devel] [Phpmyadmin-svn] SF.net SVN: phpmyadmin:[11562] trunk/phpMyAdmin
Luc Andre
landre3567 at gmail.com
Sun Sep 7 13:35:24 CEST 2008
On Sun, Sep 7, 2008 at 1:03 PM, Michal Čihař <michal at cihar.com> wrote:
> Hi
>
> Just few comments to recent changes to Swekey.
>
> Dne Sat, 06 Sep 2008 12:41:35 +0000
> lem9 at users.sourceforge.net napsal(a):
>
>> Revision: 11562
>> http://phpmyadmin.svn.sourceforge.net/phpmyadmin/?rev=11562&view=rev
>> Author: lem9
>> Date: 2008-09-06 12:41:34 +0000 (Sat, 06 Sep 2008)
>>
>> Log Message:
>> -----------
>> latest Swekey fixes
>
>> <!-- Login form -->
>> @@ -268,7 +243,7 @@
>> <?php } ?>
>> <div class="item">
>> <label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label>
>> - <input type="text" name="pma_username" id="input_username" value="<?php echo htmlspecialchars($default_user); ?>" size="24" class="textfield" <?php echo $user_input_disabled; ?>/>
>> + <input type="text" name="pma_username" id="input_username" value="" size="24" class="textfield"/>
>
> What is reason for dropping default_user here? It is used for user name
> recall from cookie.
>
Oops, my mistake, I wanted to remove only <?php echo $user_input_disabled; ?>
>> + Swekey_SetUnplugUrl(key, "pma_login", url + "/libraries/auth/swekey/unplugged.php?session_to_unset=<?php echo session_id();?>");
>
> This still won't work, if user has disable access to libraries, what is
> what we suggest.
I''m working on it.
>
>> + function open_swekey_site()
>> + {
>> + window.open("http://www.swekey.com?promo=pma");
>> + }
>
> Didn't we agree not to put any direct links to their website?
>
I didn't know about that decision, what is the link to your page ?
>> + var input_username = document.getElementById("<?php echo $input_name; ?>");
>> + var input_go = document.getElementById("<?php echo $input_go; ?>");
>> + var swekey_status = document.createElement('img');
>> + swekey_status.setAttribute('onClick', 'open_swekey_site()');
>> + swekey_status.setAttribute('style', 'width:8px; height:16px; border:0px; vspace:0px; hspace:0px; frameborder:no');
>> + if (user == null)
>> + {
>> + swekey_status.setAttribute('src', 'http://artwork.swekey.com/unplugged-8x16.png');
>> + //swekey_status.setAttribute('title', 'No swekey plugged');
>> + input_go.disabled = true;
>> + }
>> + else
>> + {
>> + swekey_status.setAttribute('src', 'http://artwork.swekey.com/plugged-8x16.png');
>
> Do we have to use external images?
We want to use the same images for all the apps that use swekey
authentication, for consistency reason.
>> * Version 1.0
>> *
>> * History:
>> + * 1.2 Use curl (widely installed) to query the server
>> + * Fixed a possible tempfile race attack
>> + * Random token cache can now be disabled
>
> Documentation should mention curl requirement.
>
We can leave without it, so it is not a requirement.
>> * 1.1 Added Swekey_HttpGet function that support faulty servers
>> * Support for custom servers
>> * 1.0 First release
>> @@ -54,6 +57,12 @@
>> if (! isset($gSwekeyStatusServer))
>> $gSwekeyStatusServer = 'http://auth-status.musbe.net';
>
> Why is default still http?
>
This file is shared across application and we don't want to set https
by default yet (mainly for perfoemances reasons)
For PMA https IS the default because we put the https server's url is
the conf file.
>> -define ("SWEKEY_STATUS_STOLLEN",4); // The key was stolen (typo kept for backward comp)
>> -define ("SWEKEY_STATUS_STOLEN",4); // The key was stolen
>> +define ("SWEKEY_STATUS_STOLLEN",4); // The key was stollen
>> +define ("SWEKEY_STATUS_STOLEN",4); // The key was stollen
>
> Why introducing a typo and removing explanation comment?
>
Sorry I'm not native english speaker and I receive a complain that
stolen took 2 'L's.
My spelling checker didn't complain so I beleived the guy.
After investigating STOLLEN is a famous german cake, that's why my
spelling checker didn't complain :(
I'll fix that too.
\
More information about the Developers
mailing list