[Phpmyadmin-devel] [Phpmyadmin-svn] SF.net SVN:

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Sun Sep 7 14:11:50 CEST 2008 

Luc Andre a écrit :
> On Sun, Sep 7, 2008 at 1:03 PM, Michal Čihař <michal at cihar.com> wrote:
>> Hi
>>
>> Just few comments to recent changes to Swekey.
>>
>> Dne Sat, 06 Sep 2008 12:41:35 +0000
>> lem9 at users.sourceforge.net napsal(a):
>>
>>> Revision: 11562
>>>           http://phpmyadmin.svn.sourceforge.net/phpmyadmin/?rev=11562&view=rev
>>> Author:   lem9
>>> Date:     2008-09-06 12:41:34 +0000 (Sat, 06 Sep 2008)
>>>
>>> Log Message:
>>> -----------
>>> latest Swekey fixes
>>>  <!-- Login form -->
>>> @@ -268,7 +243,7 @@
>>>  <?php } ?>
>>>          <div class="item">
>>>              <label for="input_username"><?php echo $GLOBALS['strLogUsername']; ?></label>
>>> -            <input type="text" name="pma_username" id="input_username" value="<?php echo htmlspecialchars($default_user); ?>" size="24" class="textfield" <?php echo $user_input_disabled; ?>/>
>>> +            <input type="text" name="pma_username" id="input_username" value="" size="24" class="textfield"/>
>> What is reason for dropping default_user here? It is used for user name
>> recall from cookie.
>>
> 
> Oops, my mistake, I wanted to remove only  <?php echo $user_input_disabled; ?>

Fixed.

> 
> 
>>> +             Swekey_SetUnplugUrl(key, "pma_login", url + "/libraries/auth/swekey/unplugged.php?session_to_unset=<?php echo session_id();?>");
>> This still won't work, if user has disable access to libraries, what is
>> what we suggest.
> 
> I''m working on it.
> 
>>> +            function open_swekey_site()
>>> +            {
>>> +                window.open("http://www.swekey.com?promo=pma");
>>> +            }
>> Didn't we agree not to put any direct links to their website?
>>
> I didn't know about that decision, what is the link to your page ?

See Documentation.html "If you want to purchase....".

> 
> 
>>> +            var input_username = document.getElementById("<?php echo $input_name; ?>");
>>> +            var input_go = document.getElementById("<?php echo $input_go; ?>");
>>> +             var swekey_status = document.createElement('img');
>>> +             swekey_status.setAttribute('onClick', 'open_swekey_site()');
>>> +             swekey_status.setAttribute('style', 'width:8px; height:16px; border:0px; vspace:0px; hspace:0px; frameborder:no');
>>> +            if (user == null)
>>> +                     {
>>> +                             swekey_status.setAttribute('src', 'http://artwork.swekey.com/unplugged-8x16.png');
>>> +                             //swekey_status.setAttribute('title', 'No swekey plugged');
>>> +                             input_go.disabled = true;
>>> +                     }
>>> +                     else
>>> +                     {
>>> +                             swekey_status.setAttribute('src', 'http://artwork.swekey.com/plugged-8x16.png');
>> Do we have to use external images?
> 
> We want to use the same images for all the apps that use swekey
> authentication, for consistency reason.

We can put your images in our code base, why not?

> 
>>>   * Version 1.0
>>>   *
>>>   * History:
>>> + * 1.2 Use curl (widely installed) to query the server
>>> + *     Fixed a possible tempfile race attack
>>> + *     Random token cache can now be disabled
>> Documentation should mention curl requirement.
>>
> 
> We can leave without it, so it is not a requirement.

https access can work without curl functions?

> 
> 
>>>   * 1.1 Added Swekey_HttpGet function that support faulty servers
>>>   *     Support for custom servers
>>>   * 1.0 First release
>>> @@ -54,6 +57,12 @@
>>>  if (! isset($gSwekeyStatusServer))
>>>      $gSwekeyStatusServer = 'http://auth-status.musbe.net';
>> Why is default still http?
>>
> This file is shared across application and we don't want to set https
> by default yet (mainly for perfoemances reasons)
> For PMA https IS the default because we put the https server's url is
> the conf file.
> 
>>> -define ("SWEKEY_STATUS_STOLLEN",4);     // The key was stolen (typo kept for backward comp)
>>> -define ("SWEKEY_STATUS_STOLEN",4);      // The key was stolen
>>> +define ("SWEKEY_STATUS_STOLLEN",4);     // The key was stollen
>>> +define ("SWEKEY_STATUS_STOLEN",4);      // The key was stollen
>> Why introducing a typo and removing explanation comment?
>>
> 
> Sorry I'm not native english speaker and I receive a complain that
> stolen took 2 'L's.
> My spelling checker didn't complain so I beleived the guy.
> After investigating STOLLEN is a famous german cake, that's why my
> spelling checker didn't complain :(
> I'll fix that too.

Michal meant that if you want to keep the typo, why remove the comment 
that explains why you want to keep the typo?

> 
> 
> \
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel

More information about the Developers mailing list