Search Results

Search found 11227 results on 450 pages for 'login attempts'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 170/450 | < Previous Page | 166 167 168 169 170 171 172 173 174 175 176 177  | Next Page >

  • removing index.php of codeigniter on local

    - by Aldi Aryanto
    i'm trying to remove index.php,in my localhost, but it seems doesn't working,its on http://localhost/testing i put .htacces in 'testing' directory under the htdocs LoadModule rewrite_module modules/mod_rewrite.so at apache/conf also already uncheck here my .htaccess RewriteEngine On RewriteBase /testing/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /testing/index.php/$1 [L] here my config $config['base_url'] = "http://localhost/testing"; $config['index_page'] = ''; $config['uri_protocol'] = 'AUTO'; when i access login controller, it's not found Not Found The requested URL /testing/login was not found on this server. I really don't know what to try next. Any help would be appreciated.

    Read the article

  • Authlogic: passwords saved in the DB are not working as expected.

    - by user570459
    Hello everyone, Im having trouble with authlogic on my production server. Im able to update passwords in the database but when i try to validate a user using the new password, the validation fails. Please check the below console output. Notice how the salt and crypted_password fields get update before and after the new password is saved. The issue is only on my production server (running passenger). Everything works fine on my development machine. => #<User id: 3, login: "saravk", email: "[email protected]", crypted_password: "9bc86247105e940bb748ab680c0e77d9c44a82ea", salt: "WdVpQIdwl68k8lJWOU"> irb(main):003:0> u.password = "kettik123" => "kettik123" irb(main):004:0> u.password_confirmation = "kettik123" => "kettik123" irb(main):005:0> u.save! => true irb(main):006:0> u.valid_password?("kettik123") => true irb(main):007:0> u.reload => #<User id: 3, login: "saravk", email: "[email protected]", crypted_password: "f059007c56f498a12c63209c849c1e65bb151174", salt: "lVmmczhyGE0gxsbV421A"> irb(main):008:0> u.valid_password?("kettik123") => false The authlogic configuration in my User model.. class User < ActiveRecord::Base acts_as_authentic do |c| c.login_field :email c.validate_login_field false c.validate_email_field false c.perishable_token_valid_for = 1.day c.disable_perishable_token_maintenance = true end I use the email field as the main key for the user. Also the email field is allowed to be blank in some cases (eg a facebook user) Also i belive that my schema is proper (in terms of the length of the salt & crypted password fields) create_table "users", :force => true do |t| t.string "login" t.string "email" t.string "crypted_password", :limit => 128, :default => "" t.string "salt", Any help on this would be highly appreciated. Thanks.

    Read the article

  • Authenticating model - best practices

    - by zerkms
    I come into ASP.NET from php so the reason why i ask my question is because it's totally different nature of how application works and handles requests. well, i have an exists table with user creditians, such as: id, login, password (sha hashed), email, phone, room i have built custom membership provider so it can handle my own database authentication schema. and now i'm confused, because User.Identity.Name contains only user's login, but not the complete object (i'm using linq2sql to communicate with database and i need in it's User object to work). at php applications i just store user object at some static method at Auth class (or some another), but here at ASP.NET MVC i cannot do this, because static member is shared across all requests and permanent, and not lives within only current request (as it was at php). so my question is: how and where should i retrieve and store linq2sql user object to work with it within current and only current request? (after request processed successfully i expect it will be disposed from memory and on next request will be created again). or i'm following totally wrong way?

    Read the article

  • A Security (encryption) Dilemma

    - by TravisPUK
    I have an internal WPF client application that accesses a database. The application is a central resource for a Support team and as such includes Remote Access/Login information for clients. At the moment this database is not available via a web interface etc, but one day is likely to. The remote access information includes the username and passwords for the client's networks so that our client's software applications can be remotely supported by us. I need to store the usernames and passwords in the database and provide the support consultants access to them so that they can login to the client's system and then provide support. Hope this is making sense. So the dilemma is that I don't want to store the usernames and passwords in cleartext on the database to ensure that if the DB was ever compromised, I am not then providing access to our client's networks to whomever gets the database. I have looked at two-way encryption of the passwords, but as they say, two-way is not much different to cleartext as if you can decrypt it, so can an attacker... eventually. The problem here is that I have setup a method to use a salt and a passcode that are stored in the application, I have used a salt that is stored in the db, but all have their weaknesses, ie if the app was reflected it exposes the salts etc. How can I secure the usernames and passwords in my database, and yet still provide the ability for my support consultants to view the information in the application so they can use it to login? This is obviously different to storing user's passwords as these are one way because I don't need to know what they are. But I do need to know what the client's remote access passwords are as we need to enter them in at the time of remoting to them. Anybody have some theories on what would be the best approach here? update The function I am trying to build is for our CRM application that will store the remote access details for the client. The CRM system provides call/issue tracking functionality and during the course of investigating the issue, the support consultant will need to remote in. They will then view the client's remote access details and make the connection

    Read the article

  • Deleting a cookie in Javascript not working

    - by DisgruntledGoat
    I have a site where authentication is done externally (which I can't access), so I'm creating a cookie on login in order to display a welcome message to the user. Creating the cookie works fine, I write to document.cookie when the login form submits. But deleting the cookie doesn't work. Here's my code (logout.php does the external authentication stuff): <a href="http://external.com/logout.php" style="float:right" onclick="document.cookie='BRLOG=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.example.com;'">Logout</a>

    Read the article

  • Issues with start activity for result

    - by rodkarom
    I have written an Activity using Theme.Holo.Dialog so that it works as an AlertDialog as a login/password notice. I've started this activity with startActivityForResult(...) using a request code I defined. The thing is, whenever I start the activity ´onActivityResult(...)´ is triggered immediately, the buttons get loaded and everything, but once I press them, even though I know the Activity is working because login does happen, there is no result sent back to the first Activity and I am calling setResult(...) and finish() after the buttons are pressed. Thanks in advance, first time using startActivityForResult so I'm sure I must be missing something.

    Read the article

  • Forms Authentication Across Applications Stopped Working

    - by colleski
    Hi, I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - http://msdn.microsoft.com/en-us/library/eb0zx8fc(v=VS.80).aspx. Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore. Any ideas as to which security update would have caused this and if its possible to rollback? I've looked at a few suggestions on this (e.g. Cross app on subdomain form authentication not working) and other sites but no luck so far Any help would be appreciated. Thanks

    Read the article

  • session fixation

    - by markiv
    Hi All, I am new to web development, and trying to get a hold on security issues. I went through this article on http://guides.rubyonrails.org/security.html these are some of the steps the author has mentioned how an attacker fixes session. 1. The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). 2. He possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore he accesses the web application from time to time in order to keep the session alive. 3. Now the attacker will force the user’s browser into using this session id (see number 3 in the image). As you may not change a cookie of another domain (because of the same origin policy), the attacker has to run a JavaScript from the domain of the target web application. Injecting the JavaScript code into the application by XSS accomplishes this attack. Here is an example: <script>?document.cookie="_session_id=16d5b78abb28e3d6206b60f22a03c8d9";?</script>. Read more about XSS and injection later on. 4. The attacker lures the victim to the infected page with the JavaScript code. By viewing the page, the victim’s browser will change the session id to the trap session id. 5. As the new trap session is unused, the web application will require the user to authenticate. 6. From now on, the victim and the attacker will co-use the web application with the same session: The session became valid and the victim didn’t notice the attack. I dont understand couple of points. i) why is user made to login in step5, since session is sent through. ii) I saw possible solutions on wiki, like user properties check and others why cant we just reset the session for the user whoever is login in when they enter username and password in step5? Thanks in advance Markiv

    Read the article

  • HELP!!! session variables survives after logout!!!

    - by Alejandra
    Hi guys! I have a problem, will explain how to reproduce the problem: 1- login into my page (sesion variables set as $_SESSION['logged'] = true and $_SESSION['id'] = 123 2-then inside the main menu I click logout option, code like this function logout() { session_start(); $_SESSION['id'] = null; $_SESSION['logged'] = null; unset($_SESSION); session_destroy(); require_once('Views/SessionExpiredView.php'); } 3- In the session expired view I display a link the login page, there session is null 4- I click back on the browser and click ok to resend information 5- session becomes again $_SESSION['logged'] = true and $_SESSION['id'] = 123 and I'm loggued again and able to see all the information related to the id 123 This is a security issue and I don't know what is happening!!! any suggestion will be deeply appreciated. Alejandra

    Read the article

  • PhotobucketNet photo upload

    - by n1tr0
    I have a problem with PhotobucketNet user login(I need user to login so I can upload a picture from HDD to his Photobucket account). Photobucket photobucket = new Photobucket("myapikey", "myapisecret"); photobucket.LaunchUserLogin(); // the problem happens here photobucket.RequestUserToken(); If I call RequestUserToken() it will happen immediately, so I'll get a crash cause user didn't logged in, and there is no event that's been raised after user logs in. Is there some variable(bool or something else) that I can check to see if user logged in - maybe to put it in a loop with timer? Also is their a way to know if user canceled logging in? I know that timer isn't a good solution, so if anyone has anything better as an idea, I'm open for any suggestions...

    Read the article

  • How do stop form posting to mysql if database contains a specific ID?

    - by user342391
    I have a form that I am using to post data to mysql. Before submitting the form I want to check the database and see if there are any fields in the column 'customerid' that equal 'userid' and if so not to post the form. Basically, I am trying to limit my users from posting more than once. Users will be able to login to my system and make ONE post. They will be able to delete and modify their post but are only limited to one post. How would I do this??? Code so far: <?php include '../login/dbc.php'; page_protect(); $userid = $_SESSION['user_id']; $sql="INSERT INTO content (customerid, weburl, title, description) VALUES ('$_POST[userid]','$_POST[webaddress]','$_POST[pagetitle]','$_POST[pagedescription]')"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } echo "1 record added"; ?>

    Read the article

  • case sensititivity with users controller on certain hosting

    - by Leo
    We generally use two different hosting services. On one, everything works ticketyboo, as it does on my local dev servers. On the other server, however, I am having this problem: I can't access the users controller like this: http://www.example.com/users/login But I can like this: http://www.example.com/Users/login ** note the capitalised 'Users' ** If I displace the application to a sub-folder everything works fine (both upper- and lowercase). The hosting company have looked at it and can't see a problem at their end and they assure me that users is not a reserved word. You might say this isn't a problem, just use the version that works. Unfortunately it leads to problems downstream where Cake core starts generating urls itself. Anybody else seen this problem or know the solution? [This only occurs on the users controller - all others work as expected]

    Read the article

  • Same Salt, Different Encrypted Password is not working? Using Linq to update password.

    - by Xaisoft
    Hello, I am running into a wall regarding changing the password and was wondering if anyone had any ideas. Here are the database values prior to changing the password: Clear Text password = abc1980 Encrypted Password = Yn1N5l+4AUqkOM3WYO7ww/sCN+o= Salt = 82qVIhUIoblBRIRvFSZ1fw== After I change my password to abc1973, salt remains the same, but the Encrypted Password changes which is supposed to happen: Encrypted Password = rHtjLq3qxAl/7T1GfkxrsHzPsNk= However, when I try to login with abc1973 as the password, it does not login. If I try abc1980, it logs me in. It is updating the database, is it caching the values somewhere? Any ideas?

    Read the article

  • Is there a way to get Apache to blank sensitive data from logs?

    - by i..
    We're trying to clean up one of our systems as much as possible & have found that despite our attempts to block, users are accessing a certain part of our system through a HTTP GET with their password in the URL. This results in our Apache logs recording their password in plain text on the server. Is there an Apache directive or module that can filter out (or replace) certain patterns in its logs?

    Read the article

  • wordpress not properly functioning anymore after moving it to another domain

    - by Andy
    Hi, I followed the instructions on http://codex.wordpress.org/Moving_WordPress under 'Moving WordPress to a New Server' and 'If You Want Your Old Blog To Still Work' So I made a copy of everything marked is as old, then changed the domain under the WP settings, made a new copy. And now put the first copy back but when I go to the login page I can reach it, but it's without the usual markup as first. It's all skinned out. After I login, worpress uses the new domain instead of the old domain which the old copy of wordpress used!! what went wrong?? thanks.

    Read the article

  • How to specify "PG-USERNAME" in pg_ident.conf so that it'll match any database user ?

    - by felace
    I need to restrict a specific unix user so that it can login with only a few select postgres usernames (with password prompt), but allowing every other user to use whatever pg username they want. Assuming restrUnixUser is the unix user name and restrUser is one of the postgres users it may use, and AllowedDB is the only database they should connect to : pg_hba.conf : local AllowedDB restrUser password local all restrUser reject local all all ident map=exceptrestrUser And pg_ident.conf : exceptrestrUser /^(?!restrUnixUser).*$ user1 exceptrestrUser /^(?!restrUnixUser).*$ user2 exceptrestrUser /^(?!restrUnixUser).*$ postgres does what I exactly want to do right now, however, I'll probably add a lot more users so I wonder if there is something like mapname unixuserpattern allpgusers that'll match with whatever username used to login by any unix user matching the pattern.

    Read the article

  • How to select Distinct records from SQL without a primary key

    - by Satheesh
    I need to show a Notification on user login if there is any unread messages.So if multiple users send(5 messages each) while the user is in offline these messages should be shown on login.Means have to show the last messages from each user. I use joining to find records. In this scenario Message from User is not a primary key. This is my query SELECT UserMessageConversations.MessageFrom, UserMessageConversations.MessageFromUserName,UserMessages.MessageTo, UserMessageConversations.IsGroupChat, UserMessageConversations.IsLocationChat, UserMessageConversations.Message, UserMessages.UserGroupID,UserMessages.LocationID FROM UserMessageConversations LEFT OUTER JOIN UserMessages ON UserMessageConversations.UserMessageID = UserMessages.UserMessageID ![enter image description here][1]Where UserMessageConversations.MessageTo=743 AND UserMessageConversations.ReadFlag=0 This is the output obtained from above query. MessageFrom -582 appears twice. I need only one record of this User. How is it possible

    Read the article

  • Styling related issue in IE8

    - by Ajith
    I am using a background image to display as a button. The button shows up well in all versions of firefox, chrome, opera etc. However, the image fails to render itself in IE8. Only the image is not being shown, some of the other class styling gets applied such as width, height etc. Even more confounding is that in another page(though a different class and style sheet), an image of similar proportions gets displayed in similar usage. The image format is JPG. I'm copy-pasting the valid style attributes for both cases as shown by firebug below. None of the below buttons are displayed. button classes are applied as class="cart-button login", class="cart-button update", class="cart-button checkout" and class="cart-button continue" and are inside some divs. .cart-button{ height: 28px; cursor: pointer; border: none; float: left; } .cart-button:hover{ background-position: 0 -28px; } .login{ width: 58px; background:url(/../../templates/animalcare/i/login.jpg)no-repeat; margin:0 0 20px 0; clear: both; } .update{ width: 63px; background:url(/../../templates/animalcare/i/update.jpg)no-repeat; margin:0 0 20px 15px; float: left; } .checkout{ width: 77px; background:url(/../../templates/animalcare/i/checkout.jpg)no-repeat; float:right; margin:0 25px 30px 10px; } .continue{ width: 132px; background:url(/../../templates/animalcare/i/continue.jpg)no-repeat; float:right; margin:0 0 30px 0px; } The below is the only image button that gets displayed. It is located inside a table. It is in a different style sheet - hence the path difference. .add-to-cart{ width:102px; height:28px; float:left; background:url(i/add_to_cart.jpg) no-repeat; cursor:pointer; border:none; margin:10px 0 5px 0; } .add-to-cart:hover{ background-position:0 -28px; }

    Read the article

  • Implementing prompts in text-input

    - by AntonAL
    Hi, I have a form with some text-inputs: login, password. If user sees this form the first time, input-texts should "contain" prompts, like "enter login", "enter password". If user clicks text-input, it's prompt should disappear to allow typing. I have seen various examples, that uses background image with prerendered text on it. Those images are appearing with following jQuery: $("form > :text").focus(function(){ // hide image }).blur(function(){ // show image, if text-input is still empty if ( $(this).val() == "" ) // show image with prompt }); This approach has following problems: localization is impossible need to pre-render images for various textual prompts overhead with loading images How do you overcomes such a problems ?

    Read the article

  • OpenId + Bort + google

    - by zakurahime
    Hi I'm new in using ruby and i wanted to implement the openid feature that came with the bort template... I used the google openid url https://www.google.com/accounts/o8/id in the sign up but it cant get the email that i used in the openid login.. here's a part of my code... its the standard code from the bort template def create logout_keeping_session! if using_open_id? authenticate_with_open_id(params[:openid_url], :return_to => open_id_create_url, :required => [:nickname, :email]) do |result, identity_url, registration| if result.successful? create_new_user(:identity_url => identity_url, :login => registration['nickname'], :email => registration['email']) else failed_creation(result.message || "Sorry, something went wrong") end end else create_new_user(params[:user]) end end i will really appreciate any help on this.. i've been stuck with this for a few days now.. thanks

    Read the article

  • Why is my socket closing?

    - by Tommy3244
    Ok, so I am making a multiplayer game. I am working out the kinks in the server/client connectivity system. I can't seam to work out this error. Mainly, my server code does the following: Accepts Client Using SocketServer Module CLIENT -- SERVER sends Login byte (1 byte) + login username and password (200 bytes) SERVER request for 1 byte by struct.calcsize('b') CLIENT has exception on read SERVER recieves byte from CLIENT and sends CLIENT a struct packed byte with the value of 4 SERVER has exception on send So, it is the client excepting. The client exception is: socket.error: (10054, 'Connection reset by peer') And the server error is this: error: (9, 'Bad file descriptor')

    Read the article

  • How to distinguish between new and returning anonymous Drupal users?

    - by Matt V.
    Is there an easy way (or a module) in Drupal to distinguish between anonymous users who have never created an account versus those who are returning but are not currently logged in? For non-returning (ie, completely new) users, I'd like to have a front page that is very streamlined and focused on registration as the call-to-action. However, if someone is a returning user but not currently logged in, I'd like to present a lot more information on the front page and have login as the main call-to-action. I realize both pages would still need to have both login and register options available, I just want to make the focus significantly different between the two.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 166 167 168 169 170 171 172 173 174 175 176 177  | Next Page >