Password protect extension

Discuss PivotX 2.0.x extensions here, and view extensions that are available for download.

Re: Password protect extension

Postby hansfn » Mon Sep 23, 2013 8:58 pm

I guess it's related to the server configuration - which is different on the two servers. It can be many things. (How PHP is run on the server for example.) Ask your hoster.
hansfn
Developer
 
Posts: 3280
Joined: Sun Nov 25, 2007 7:48 pm
Location: Molde, Norway

Re: Password protect extension

Postby scoude » Tue Oct 29, 2013 8:23 am

Hi all,

I'm a french user of PivotX and my host compagny OVH had defined some security rules for its apache servers on shared environment (Apache seems running in CGI mode).

So, when I installed Password protect extension and configured it to protect all my site, it did not work.
Why ? Because $_SERVER["PHP_AUTH_USER"] and $_SERVER["PHP_AUTH_USER"] variables are not set (for some security reasons) in CGI mode.

After a litle search with google, I found the solution in two steps :

First step : if there is no .htaccess file in root of your site, create this and/or add this content into it :

Code: Select all
SetEnv PHP_VER 5_3
<IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization},L]
</IfModule>


The RewriteRule set the $_SERVER["REMOTE_USER"] variable with the couple login:password encoded in base64, a variable always sent in any running mode of Apache

Second step : insert in the file pivotx/extensions/passwordprotect/admin_passwordprotect.php the instructions in red code block in the function passwordcheck_login

Code: Select all
.
.
.
/**
 * Helper function, checks for login..
 *
 */
function passwordcheck_login($page) {
    global $PIVOTX;

    if (trim($PIVOTX['config']->get('passwordprotect_allaccessip')) != '') {
        $allaccessip = trim($PIVOTX['config']->get('passwordprotect_allaccessip'));
        $ipnumbers = explode(',',$allaccessip);

        $granted = false;
        foreach($ipnumbers as $ipnumber) {
            $ipnumber = trim($ipnumber);

            if (substr($ipnumber,-1) == '.') {
                // simple pattern
                if (strpos($_SERVER['REMOTE_ADDR'],$ipnumber) !== false) {
                    $granted = true;
                }
            }
            else if ($ipnumber == $_SERVER['REMOTE_ADDR']) {
                $granted = true;
            }
        }

        if ($granted === true) {
            return true;
        }
    }

Code to be added at that position :
Code: Select all
if((!$_SERVER['PHP_AUTH_USER'] || !$_SERVER['PHP_AUTH_USER'])
       && preg_match('/Basic\s+(.*)$/i',$_SERVER['REMOTE_USER'], $matches)) {
        list($name, $password) = explode(':', base64_decode($matches[1]));
        $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
        $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
    }

Code: Select all
    $user = $_SERVER['PHP_AUTH_USER'];
    $passed_password = $_SERVER['PHP_AUTH_PW'];

    $default_password = $PIVOTX['config']->get('passwordprotect_default');
    .
    .
    .
   


These instructions set the two "classical" variables with the values passed by the browser via a variable always sent to PHP by Apache.

After that, Password Protect work on OVH environment !

Best regards
scoude
 
Posts: 2
Joined: Mon Oct 10, 2011 8:11 am

Re: Password protect extension

Postby hansfn » Tue Oct 29, 2013 10:45 pm

Thx for the suggestion. I'll see if we can add the code (and update the documentation).
hansfn
Developer
 
Posts: 3280
Joined: Sun Nov 25, 2007 7:48 pm
Location: Molde, Norway

Re: Password protect extension

Postby Sanzine » Thu Jan 08, 2015 6:28 pm

I have installed Password protect extension 1.3 to PivotX 2.3.10. Put a password on a specific entry, believe I put all settings correctly (as I already used this extension several times before), when going to that entry the pop-up with the request for the password appears, but when I enter the correct password, it keeps asking for a password.

Why?
Sanzine
 
Posts: 75
Joined: Tue Jan 20, 2009 10:15 am

Re: Password protect extension

Postby hansfn » Fri Jan 09, 2015 9:33 am

Maybe you have the same problem as scoude above?

I see that you have used the extension before. On the same server? If so, this is strange. Are you using accented characters in the password?
hansfn
Developer
 
Posts: 3280
Joined: Sun Nov 25, 2007 7:48 pm
Location: Molde, Norway

Re: Password protect extension

Postby Sanzine » Fri Jan 09, 2015 11:43 am

Thanks Hans! I have now tried the solution of scoude. The code that needed to be added to the .htaccess file, was already there. So I only added the red code in admin_passwordprotect.php. Unfortunately, that didn't help.

I have indeed used this extension before on multiple sites. In this case it was working on a website, but I have to move this site to another server platform with the same hoster. And while testing the site on this new server, the extension isn't working anymore.

I have no clue what other steps I have to take to get it to work. Hope you can help me.
Sanzine
 
Posts: 75
Joined: Tue Jan 20, 2009 10:15 am

Re: Password protect extension

Postby hansfn » Fri Jan 09, 2015 11:48 am

You might have added the code in the wrong place or something. Maybe give me FTP and/or PivotX access? Contact me at hansfn@pivotx.net

If scoude's fix is needed for you too, I'll update and make a new release of the extension.
hansfn
Developer
 
Posts: 3280
Joined: Sun Nov 25, 2007 7:48 pm
Location: Molde, Norway

Re: Password protect extension

Postby Sanzine » Fri Jan 09, 2015 12:46 pm

I have sent you a message. Thanks in advance!
Sanzine
 
Posts: 75
Joined: Tue Jan 20, 2009 10:15 am

Re: Password protect extension

Postby hansfn » Sun Jan 11, 2015 8:43 am

Problem fixed.

You had the same problem as scoude - PHP running in CGI mode, but for some reason on your server we have to use $_SERVER['REDIRECT_REMOTE_USER'] in stead of $_SERVER['REMOTE_USER'] (in the code above).
hansfn
Developer
 
Posts: 3280
Joined: Sun Nov 25, 2007 7:48 pm
Location: Molde, Norway

Re: Password protect extension

Postby Sanzine » Mon Jan 12, 2015 10:31 am

Thanks Hans, for all your help!
Sanzine
 
Posts: 75
Joined: Tue Jan 20, 2009 10:15 am

PreviousNext

Return to 2.x Extensions

Who is online

Users browsing this forum: No registered users and 3 guests