Search Results

Search found 11227 results on 450 pages for 'login attempts'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 408/450 | < Previous Page | 404 405 406 407 408 409 410 411 412 413 414 415  | Next Page >

  • FBPermissionDialog bug, showing "Welcome to Facebook" page

    - by Oliver
    I'm experiencing a weird bug that I can replicate pretty consistently with the FBConnect iPhone SDK, more specifically with the class FBPermissionDialog. The result is that instead of seeing the standard extended permissions dialog, the user is shown this: http://cl.ly/15Lx. The only way around it is for the user to delete the app and reinstall. This is how I have replicated it: On first login, the user is asked for extended permissions on something (the dialog displays correctly). The user declines the permission. User quits the app. The user relaunches the app and since we still need the permission, we ask again. Instead of the permission dialog, the user is shown the "Welcome to Facebook" page. The only way for the user to get asked again is to delete the app and reinstall. Has anyone else experienced this? Is there a workaround? Here is the code I use to ask for permission, I believe it's pretty standard. // Create a permission dialog FBPermissionDialog *dialog = [[[FBPermissionDialog alloc] init] autorelease]; dialog.delegate = self; dialog.permission = @"read_stream"; [dialog show];

    Read the article

  • activemerchant PayPalExpress transaction is invalid

    - by Ameya Savale
    I am trying to integrate activemerchant into my ruby on rails application. This is my controller where I get the purchase attirbutes and create a PaypalExpressResponse object def checkout total_as_cents, purchase_params = get_setup_params(Schedule.find(params[:schedule]), request) setup_response = @gateway.setup_purchase(total_as_cents, purchase_params) redirect_to @gateway.redirect_url_for(setup_response.token) end @gateway is my PaypalExpressGateway object which I create using this method in my controller def assign_gateway @gateway = PaypalExpressGateway.new( :login => api_user, :password => api_pass, :signature => api_signature ) end I got the api_user, api_pass, and api_signature values from my developer.paypal.com account, when I logged in for the first time there was already a sandbox user created as a merchant which is where I got the api credentials from. And finally here is my get_setup_params method: def get_setup_params(schedule, request) purchase_params = { :ip => request.remote_ip, :return_url => url_for(:action => 'review', :only_path => false, :sched => schedule.id), :cancel_return_url => register_path, :allow_note => true, :item => schedule.id } return to_cents(schedule.fee), purchase_params end How ever when I click on the checkout button, I get redirected to a sandbox paypal page saying "This transaction is invalid. Please return to the recipient's website to complete your transaction using their regular checkout flow." I'm not sure exactly what's wrong, I think the problem lies in the credentials but don't know why. Any help will be appreciated. One other point, I'm running this in my development environment so I have put this in my config file config.after_initialize do ActiveMerchant::Billing::Base.mode = :test end UPDATE Found out what the problem was, my return cancel url was invalid instead of using register_path, I used url_for(action: "action-name", :only_path => false) this answer helped me Rails ActiveMerchant - Paypal Express Checkout Error even though I wasn't able to see the output of the response like the person has managed to do

    Read the article

  • Are these settings correct for sending mail through Rails/Gmail?

    - by aressidi
    Hi there, I spend a good deal of time building an email system for my Rails app that uses Gmail to send bulk mail to a list of opt-in users. I realize a shortcomming of using Google Apps for my mail, namely a rate limit on the number of emails it will send out (i believe 500). Anyway, I have reached out to my users to see how many have received the email, and a lot of them have not, though some have. The list I tried sending to was about 540 users, so I would have expected more "yes, got it," then "nope, still waiting" responses. I have two questions: Do these settings look correct for outgoing bulk mailing through Gmail? Again, using google apps to manage my domain and i know some people (including myself) have received the mailer. This is in a mail.rb initializer in my app. ActionMailer::Base.delivery_method = :sendmail ActionMailer::Base.smtp_settings = { :address => "smtp.gmail.com", :port => 25, :domain => "mydomain.com", :authentication => :login, :user_name => "[email protected]", :password => "mypass" } Is there any way I can test if the mail was delivered, or at least attempted to be delivered? I can't tell where in the list the mailer stops mailing! The way I generate the list is through a query which then passes the user info to a mailer worker which sends the emails out via Starling/Workling. Any advice here would be useful. Happy to post code, but want to make sure the method I'm using is sound. Thanks for the help!

    Read the article

  • how to store/model users/faceboook users/linkedin users, etc, with ActiveRecord?

    - by crankharder
    My app has "normal" users: those which come through a typical signup page facebook(FB) users: those which come from Facebook connect "FB-normal" users: a user that can log with both email/password * FB connect Further, there's the a slew of other openID-ish login methods (I don't think openID itself will be acceptable since it doesn't link up the accounts and allow the 3rd party specific features (posting to twitter, adding a FB post, etc etc)) So, how do I model this? Right now we have User class with #facebook_user? defined -- but it gets messy with the "FB-normal" users - plus all the validations become very tricky and hard to interpret. Also, there are methods like #deliver_password_reset! which make no sense in the context for facebook-only users. (this is lame) I've thought out STI (User::Facebook, User::Normal, User::FBNormal, etc.) This makes validations super slick, but it doesn't scale to other connection types, and all the permutations between them... User::FacebookLinkedInNormal(wtf?) Doing this with a bunch of modules I think would suck a lot. Any other ideas?

    Read the article

  • Trying to write up a C daemon, but don't know enough C to continue

    - by JamesM-SiteGen
    Okay, so I want this daemon to run in the background with little to no interaction. I plan to have it work with Apache, lighttpd, etc to send the session & request information to allow C to generate a website from an object DB, saving will have to be an option so, you can start the daemon with an existing DB but will not save to it unless you login to the admin area and enable, and restart the daemon. Summary of the daemon: Load a database from file. Have a function to restart the daemon. Allow Apache, lighttpd, etc to get necessary data about the request and session. A varible to allow the database to be saved to the file, otherwise it will only be stored in ram. If it is set to save back to the file, then only have neccessary data in ram. Use sql-light for the database file. Build a webpage from some template files. $(myVar) for getting variables. Get templates from a directory. ./templates/01-test/{index.html,template.css,template.js} Live version of the code and more information: http://typewith.me/YbGB1h1g1p Also I am working on a website CMS in php, but I am tring to switch to C as it is faster than php. ( php is quite fast, but the fact that making a few mySQL requests for every webpage is quite unefficent and I'm sure that it can be far better, so an object that we can recall data from in C would have to be faster ) P.S I am using Arch-Linux not MS-Windows, with the package group base-devel for the common developer tools such as make and makepgk. Edit: Oupps, forgot the question ;) Okay, so the question is, how can I turn this basic C daemon into a base to what I am attempting to do here?

    Read the article

  • C# WebBrowser Invoke issue

    - by James Jeffrey
    I am logging into facebook using a web browser. Everything works, but the problem is when I invoke the button click I need to check if the password is correct but, the check seems to happen before the button is invoked which makes no sense at all because the checking code is after the invoke. private void Facebook_Login(String username, String password) { webBrowser1.Url = new Uri("http://m.facebook.com"); while (webBrowser1.ReadyState != WebBrowserReadyState.Complete) Application.DoEvents(); HtmlElementCollection inputs = webBrowser1.Document.GetElementsByTagName("input"); foreach(HtmlElement input in inputs) { if (input.GetAttribute("name") == "email") { input.SetAttribute("value", "[email protected]"); } if (input.GetAttribute("name") == "pass") { input.SetAttribute("value", "kelaroostj"); // dont worry that pass wont work lol. } if (input.GetAttribute("name") == "login") { input.InvokeMember("click"); } } while (webBrowser1.ReadyState != WebBrowserReadyState.Complete) Application.DoEvents(); HtmlElementCollection bs = webBrowser1.Document.GetElementsByTagName("b"); foreach(HtmlElement b in bs) { MessageBox.Show(b.InnerHtml); } Log_Message("Logged into Facebook with: [email protected]"); }

    Read the article

  • How can I check if a user has written his username and password correctly?

    - by Sergio Tapia
    I'm using a Linq-to-SQL class called Scans.dbml. In that class I've dragged a table called Users (username, password, role) onto the graphic area and now I can access User object via a UserRepository class: using System; using System.Collections.Generic; using System.Linq; using System.Text; namespace Scanner.Classes { public class UserRepository { private ScansDataContext db = new ScansDataContext(); public User getUser(string username) { return db.Users.SingleOrDefault(x => x.username == username); } public bool exists(string username) { } } } Now in my Login form, I want to use this Linq-to-SQL goodness to do all the data related activities. UserRepository users = new UserRepository(); private void btnLogin_Click(object sender, EventArgs e) { loginToSystem(); } private void loginToSystem() { if (users.getUser(txtUsername.Text)) { } //If txtUsername exists && User.password == Salt(txtPassword) //then Show.MainForm() with User.accountType in constructor to set permissions. } I need help with verifying that a user exists && that that users.password is equal to SALT(txtpassword.text). Any guidance please?

    Read the article

  • Raising events and object persistence in Django

    - by Mridang Agarwalla
    Hi, I have a tricky Django problem which didn't occur to me when I was developing it. My Django application allows a user to sign up and store his login credentials for a sites. The Django application basically allows the user to search this other site (by scraping content off it) and returns the result to the user. For each query, it does a couple of queries of the other site. This seemed to work fine but sometimes, the other site slaps me with a CAPTCHA. I've written the code to get the CAPTCHA image and I need to return this to the user so he can type it in but I don't know how. My search request (the query, the username and the password) in my Django application gets passed to a view which in turn calls the backend that does the scraping/search. When a CAPTCHA is detected, I'd like to raise a client side event or something on those lines and display the CAPTCHA to the user and wait for the user's input so that I can resume my search. I would somehow need to persist my backend object between calls. I've tried pickling it but it doesn't work because I get the Can't pickle 'lock' object error. I don't know to implement this though. Any help/ideas? Thanks a ton.

    Read the article

  • Setting up a domain using WAMP and NameCheap's DNS service

    - by Mike Jones
    So, I've been working on this for far longer than I should be and I'm quite thoroughly perplexed and lost. I apologize if this turns out to be a facile question, but I'm entirely befuddled and very much in need of some guidance. Earlier today I registered a cheap .info domain on NameCheap just to play around with as I learn webdev. I have WAMP installed on my computer and I've been testing my projects through localhost. I thought it would be a good idea to have a domain at my disposal in order to understand how it works and better test my work. NameCheap has a complimentary DNS service (not that I entirely understand what DNS is, although I tried), so I'm using that. I direct both the "@" and "www" host names to my IP address, as shown in the below tutorial: https://www.namecheap.com/support/knowledgebase/article.aspx/319/78/how-can-i-setup-an-a-address-record-for-my-domain However, now when I go to the URL of the domain I bought, it confronts me with a login box that seems to be coming from my wifi network. How do I set this up so that it hosts the information in my WAMP server? Thanks in advance for any help, I really appreciate it. And, as a side-note, what should read (print or online) to better understand the structure of the internet? I've been studying HTML/CSS/Javascript, but I'm not sure where to look for pragmatic and comprehensive information on how the internet works and how to utilize it as a website administrator. Thanks so much.

    Read the article

  • Drupal advanced ACLs for "untrusted" administrators

    - by redShadow
    I have a multi-site Drupal-6 installation containing websites of different customers. On each site, there is an "administrator" role that includes mainly the customer's account. We want to give as many permissions as possible to this privileged user, but this could bring to security leaks using just the Drupal Core permissions management system. The main thing to avoid is the customer account being able to run PHP code on the server (that would be like being logged on the server as the www-data user.. sounds really bad). To avoid that, it is not sufficient to deny PHP code evaluation for the role. Since the administrator role must have permissions to manage users, he could also change the password of the user #1 and login in the site as superadmin. The second goal would be to deny also some "confusing" administrative pages (such as module selection) but not others (such as site informations configuration, or theme selection, etc.) I found the User One module that seems to fix the first problem, but I have no idea on how to solve the second one. I found some modules around, but no-one seems to fit.. it seems like the most ACLs are thought to protect the content, and not the site itself, as if the site administrator would always be the server owner itself..

    Read the article

  • Cannot exit in CodeIgniter constructor

    - by gzg
    I'm basically trying a session control. If the user is logged in, it's ok to move on. But if he's not logged in, then it will show a log-in screen and then die. However, when I use die or exit in the constructor, it does not show the log-in screen; it immediately dies. The code is as following: private $username = null; private $mongoid = null; private $neoid = null; public function __construct(){ parent::__construct(); // session to global $this->username = $this->session->userdata( 'username'); $this->mongoid = $this->session->userdata( 'mongoid'); $this->neoid = $this->session->userdata( 'neoid'); // check if user is logged in if( $this->username == "" || empty( $this->username)){ $this->load->view( 'access/login'); die; } } It shows the log-in page if die is not written there, but with die, it does not show. Why do I want to use die? Because if I don't use, it moves on the index function and I don't want it to execute index function if the user is not logged in. What is wrong here? What should I use to stop executing?

    Read the article

  • ASP.Net forms authentication - multiple providers

    - by Chris Klepeis
    I have an ASP.Net 4.0 application, and within it is a folder called "Forum", setup as a sub application in IIS 7. This forum package implements a custom provider for .net membership. The forum is running in .net 3.5. I'd like to setup the main site so that when users login, it logs them into both my site and the forum site. Both the main site and the forum have separate .Net membership tables. How can I specify which provider to use with formsauthentication? right now I have FormsAuthentication.SetAuthCookie(...); this, however, just uses my default provider and does nothing with the provider for the forum I tried setting the forum app and my web app to have the same cookie name, as well as setting the machinekey on each: <machineKey validationKey="AutoGenerate" validation="SHA1" /> no dice. I googled and didnt really come up with any example of how to use multiple providers like I want to. I updated my web.config to have both provideers but this is useless if I cannot specify in my code which one to use.

    Read the article

  • How do I display a view as if it's the front page via a module?

    - by Justin
    I have a simple view that feeds a home page. I have a custom module that registers some specific URLs in hook_menu that I pass into my module so I can pass them as arguments into the view. I can get the module to display the view all right, but it doesn't use the teaser/is_front view that outputs when I access the home page. I looked through the APIs but I can't seem to figure out how I can output the view via my module as if it's the front page, meaning $is_front is true and the teasers would appear. The reason I'm not passing in the arguments via the URL bar into the view itself is: My argument list is known and finite The argument order is mixed, meaning I will sometimes have /argument1, /argument1/argument2 or just /argument2. I only want to capture the first level URL as an argument for specific, known strings (e.g. I don't want to pass /admin into my view but I do want to pass in /los-angeles, which I register in the menu system via hook_menu in my module) Here are some examples to make this more clear: /admin - loads the admin page /user - loads the login page /boston - passes into the first argument of the view; shows in front/teaser mode / - shows view with no arguments /bread - passes into argument 2 of the view; shows in front/teaser mode /boston/bread - Passes into argument 1 and 2 of the view; shows in front/teaser mode Maybe I'm going about this the wrong way? Or perhaps there is a way to have a module load a view and somehow set front/teaser mode? Details: Drupal 6, PHP 5, MySQL 5, Views, CCK

    Read the article

  • php not redirecting

    - by NSchulze
    I'm trying to write the logout of a website. When I do this I want the page to redirect to the login page. I think I'm doing it the correct way, but can't get the right result. Could you guys point me in the right direction? Relevant Code: <button onclick="logout()">Logout</button> function logout() { var xmlhttp; if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { document.location=xmlhttp.responseText; } } xmlhttp.open("GET","logout.php",true); xmlhttp.send(); } <?php session_destroy(); header("Location:http://localhost:8888/loginns.html"); mysql_close($con); ?> Thanks!

    Read the article

  • Performance of VIEW vs. SQL statement

    - by Matt W.
    I have a query that goes something like the following: select <field list> from <table list> where <join conditions> and <condition list> and PrimaryKey in (select PrimaryKey from <table list> where <join list> and <condition list>) and PrimaryKey not in (select PrimaryKey from <table list> where <join list> and <condition list>) The sub-select queries both have multiple sub-select queries of their own that I'm not showing so as not to clutter the statement. One of the developers on my team thinks a view would be better. I disagree in that the SQL statement uses variables passed in by the program (based on the user's login Id). Are there any hard and fast rules on when a view should be used vs. using a SQL statement? What kind of performance gain issues are there in running SQL statements on their own against regular tables vs. against views. (Note that all the joins / where conditions are against indexed columns, so that shouldn't be an issue.) EDIT for clarification... Here's the query I'm working with: select obj_id from object where obj_id in( (select distinct(sec_id) from security where sec_type_id = 494 and ( (sec_usergroup_id = 3278 and sec_usergroup_type_id = 230) or (sec_usergroup_id in (select ug_gi_id from user_group where ug_ui_id = 3278) and sec_usergroup_type_id = 231) ) and sec_obj_id in ( select obj_id from object where obj_ot_id in (select of_ot_id from obj_form left outer join obj_type on ot_id = of_ot_id where ot_app_id = 87 and of_id in (select sec_obj_id from security where sec_type_id = 493 and ( (sec_usergroup_id = 3278 and sec_usergroup_type_id = 230) or (sec_usergroup_id in (select ug_gi_id from user_group where ug_ui_id = 3278) and sec_usergroup_type_id = 231) ) ) and of_usage_type_id = 131 ) ) ) ) or (obj_ot_id in (select of_ot_id from obj_form left outer join obj_type on ot_id = of_ot_id where ot_app_id = 87 and of_id in (select sec_obj_id from security where sec_type_id = 493 and ( (sec_usergroup_id = 3278 and sec_usergroup_type_id = 230) or (sec_usergroup_id in (select ug_gi_id from user_group where ug_ui_id = 3278) and sec_usergroup_type_id = 231) ) ) and of_usage_type_id = 131 ) and obj_id not in (select sec_obj_id from security where sec_type_id = 494) )

    Read the article

  • Protecting Content with AuthLogic

    - by Rob Wilkerson
    I know this sounds like a really, really simple use case and I'm hoping that it is, but I swear I've looked all over the place and haven't found any mention of any way - not even the best way - of doing this. I'm brand-spanking new to Ruby, Rails and everything surrounding either (which may explain a lot). The dummy app that I'm using as my learning tool requires authentication in order to do almost anything meaningful, so I chose to start by solving that problem. I've installed the AuthLogic gem and have it working nicely to the extent that is covered by the intro documentation and Railscast, but now that I can register, login and logout...I need to do something with it. As an example, I need to create a page where users can upload images. I'm planning to have an ImagesController with an upload action method, but I want that only accessible to logged in users. I suppose that in every restricted action I could add code to redirect if there's no current_user, but that seems really verbose. Is there a better way of doing this that allows me to define or identify restricted areas and handle the authentication check in one place?

    Read the article

  • Configurating JOOMLA's e-mail notification for new account

    - by Dion
    I'm using Joomla 1.5 to create a local site for my office. The site will be accessed locally via intranet, and my PC will be the localhost for the site. I'm using a Login pluggin, so that anyone who wanted to enter the site should create an account. In JOOMLA, all user who created their account for the first time will receive a notification e-mail like : "Hello pras, You have been added as a User to Information Center by an Administrator. This e-mail contains your username and password to log in to http://localhost/yaddayadda/ Username: hadisuryo.prasetio Password: xxxx Please do not respond to this message as it is automatically generated and is for information purposes only." but if the user click the URL in the mail, which is, "localhost/yaddayadda/" they will not be directed to my site, but to their own PC's localhost.... My question is : How can I Modified the e-mail or the site configuration so that the URL will not be "localhost/yaddayadda/" anymore, but will be "(My-IP adress)/yaddayadda" I'm not going to host my site to a web hosting service, just using my PC as a host. I've been trying to trace on each config and .ini files...it seems that i have to do something with the "JURI" function or the "$mosConfig_live_site" on the backlink.php file $mosConfig_absolute_path = JPATH_SITE; $mosConfig_live_site = JURI :: base(); $url_array = explode('/', $_SERVER['REQUEST_URI']); Can anyone give me assistance ? Thank You

    Read the article

  • How do I programatically verify, create, and update SQL table structure?

    - by JYelton
    Scenario: I have an application (C#) that expects a SQL database and login, which are set by a user. Once connected, it checks for the existence of several table and creates them if not found. I'd like to expand on this by having the program be capable of adding columns to those tables if I release a new version of the program which relies upon the new columns. Question: What is the best way to programatically check the structure of an existing SQL table and create or update it to match an expected structure? I am planning to iterate through the list of required columns and alter the existing table whenever it does not contain the new column. I can't help but wonder if there's an approach that is different or better. Criteria: Here are some of my expectations and self-imposed rules: Newer versions of the program might no longer use certain columns, but they would be retained for data logging purposes. In other words, no columns will be removed. Existing data in the table must be preserved, so the table cannot simply be dropped and recreated. In all cases, newly added columns would allow null data, so the population of old records is taken care of by having default null values. Example: Here is a sample table (because visual examples help!): id sensor_name sensor_status x1 x2 x3 x4 1 na019 OK 0.01 0.21 1.41 1.22 Then, in a new version, I may want to add the column x5. The "x-columns" are all data-storage columns that accept null.

    Read the article

  • How can click on a java show link programatically?

    - by Jules
    I'm trying to develop a new feature for our vb.net order entry system. At the moment I provide an assisted paypal login which loops through transactions and copies the transactions. My program then looks at this data and copies it into text boxes. The operator then approves and saves the record. So my code uses IHTMLFormElement and loops round form elements and adds values. However I only really use this to log in to paypal. See my code... Dim theObject As Object = Nothing theObject = "https://www.paypal.com/cgi-bin/webscr?cmd=_login-run" WebBrowPayPal.AxWebBrowser1.Navigate2(theObject) While WebBrowPayPal.AxWebBrowser1.ReadyState <> tagREADYSTATE.READYSTATE_COMPLETE Application.DoEvents() End While Dim HtmlDoc As IHTMLDocument2 = CType(WebBrowPayPal.AxWebBrowser1.Document, IHTMLDocument2) Dim FormCol As IHTMLElementCollection = HtmlDoc.forms Dim iForms As Integer = FormCol.length Dim i As Integer Dim x As Integer For i = 0 To iForms - 1 Dim oForm As IHTMLFormElement = CType(FormCol.item(CType(i, Object), CType(i, Object)), IHTMLFormElement) For x = 0 To oForm.length - 1 If oForm.elements(x).tagname = "INPUT" Then If oForm.elements(x).name = "login_email" Then oForm.elements(x).value = "[email protected]" End If If oForm.elements(x).name = "login_password" Then oForm.elements(x).value = "mypassword" End If If oForm.elements(x).type = "submit" Or _ oForm.elements(x).type = "SUBMIT" Then oForm.elements(x).click() End If End If Next Next i I'm now trying this page https://www.paypal.com/uk/cgi-bin/webscr?cmd=_history&nav=0.3.0 Which is the history page, which allows you to search on the paypal transaction id. Unfortunately you need to click on 'find a transaction' which then uses some javascript to shows the post fields. So the problem is that the fields I need to use are hidden. How can I click on this java link in code ?

    Read the article

  • csrf error in django

    - by niklasfi
    Hello, I want to realize a login for my site. I basically copied and pasted the following bits from the Django Book together. However I still get an error (CSRF verification failed. Request aborted.), when submitting my registration form. Can somebody tell my what raised this error and how to fix it? Here is my code: views.py: # Create your views here. from django import forms from django.contrib.auth.forms import UserCreationForm from django.http import HttpResponseRedirect from django.shortcuts import render_to_response def register(request): if request.method == 'POST': form = UserCreationForm(request.POST) if form.is_valid(): new_user = form.save() return HttpResponseRedirect("/books/") else: form = UserCreationForm() return render_to_response("registration/register.html", { 'form': form, }) register.html: <html> <body> {% block title %}Create an account{% endblock %} {% block content %} <h1>Create an account</h1> <form action="" method="post">{% csrf_token %} {{ form.as_p }} <input type="submit" value="Create the account"> </form> {% endblock %} </body> </html>

    Read the article

  • autologin component doesn't work on remote server

    - by user606521
    I am using autologin component from http://milesj.me/code/cakephp/auto-login (v 3.5.1). It works on my localhost WAMP server but fails on remote server. I am using this settings in beforeFilter() callback: $this->AutoLogin->settings = array( // Model settings 'model' => 'User', 'username' => 'username', 'password' => 'password', // Controller settings 'plugin' => '', 'controller' => 'users', // Cookie settings 'cookieName' => 'rememberMe', 'expires' => '+1 month', // Process logic 'active' => true, 'redirect' => true, 'requirePrompt' => true ); On remote server it simply doesn't autolog users after the browser was closed. I can't figure out what may cause the problem. -------------------- edit I figured out what is causing the problem but I don't know how to fix this. First of all cookie is set like this: $this->Cookie->write('key',array('username' => 'someusername', 'hash' => 'somehash', ...) ); Then it's readed like this: $cookie = $this->Cookie->read('key'); On my WAMP server $cookie is array('username' => 'someusername', 'hash' => 'somehash', ...) and on remote server returned $cookie is string(159) "{\"username\":\"YWxlay5iYXJzsdsdZXdza2ldssd21haWwuY29t\",\"password\":\"YWxlazc3ODEy\",\"hash\":\"aa15bffff9ca12cdcgfgb351d8bfg2f370bf458\",\"time\":1339923926}" and it should be: array( 'username' => "YWxlay5iYXJzsdsdZXdza2ldssd21haWwuY29t", 'password' => "YWxlazc3ODEy", ...) Why the retuned cookie is string not array?

    Read the article

  • How to Treat Race Condition of Session in Web Application?

    - by Morgan Cheng
    I was in a ASP.NET application has heavy traffic of AJAX requests. Once a user login our web application, a session is created to store information of this user's state. Currently, our solution to keep session data consistent is quite simple and brutal: each request needs to acquire a exclusive lock before being processed. This works fine for tradition web application. But, when the web application turns to support AJAX, it turns to not efficient. It is quite possible that multiple AJAX requests are sent to server at the same time without reloading the web page. If all AJAX requests are serialized by the exclusive lock, the response is not so quick. Anyway, many AJAX requests that doesn't access same session variables are blocked as well. If we don't have a exclusive lock for each requests, then we need to treat all race condition carefully to avoid dead lock. I'm afraid that would make the code complex and buggy. So, is there any best practice to keep session data consistent and keep code simple and clean?

    Read the article

  • Lack of security in many PHP applications?

    - by John
    Over the past year of freelancing, I inherited two web projects, both of them built in PHP, both of them with sensitive information like credit card info, bank info, etc... In one application, when I typed http://thecompany.com/admin/, and without being asked for a username and password, I saw every user's sensitive information, including credit card numbers, bank account numbers etc... In another application, I was able to bypass the login screen by simply typing http://the2ndcompany.com/customer.php?user_id=777, and again, without any prompts for username and password, i was able to see user 777's credit card info. I cycled through a few more user_ids (any integer) and saw each person's credit card info. Is something wrong here? Or is this the quality of work that the "average" programmer produces? Because if this is what the average programmer produces, does that means I'm an...gasp...elite programmer?? No..that can't be right....something doesn't make sense. So my question is, is it just coincidence that I inherited two applications both of which are dangerously lacking in security? Or are there are a lot of bad PHP programmers out there?

    Read the article

  • how to automate the testing of a text based menu

    - by Reagan Penner
    Hi there, I have a text based menu running on a remote Linux host. I am using expect to ssh into this host and would like to figure out how to interact with the menus. Interaction involves arrowing up, down and using the enter and back arrow keys. For example, Disconnect Data Collection > Utilities > Save Changes When you enter the system Disconnect is highlighted. So simply pressing enter twice you can disconnect from the system. Second enter confirms the disconnect. The following code will ssh into my system and bring up the menu. If I remove the expect eof and try to send "\r" thinking that this would select the Disconnect menu option I get the following error: "write() failed to write anything - will sleep(1) and retry..." #!/usr/bin/expect set env(TERM) vt100 set password abc123 set ipaddr 162.116.11.100 set timeout -1 match_max -d 100000 spawn ssh root@$ipaddr exp_internal 1 expect "*password:*" send -- "$password\r" expect "Last login: *\r" expect eof I have looked at the virterm and term_expect examples but cannot figure out how to tweak them to work for me. If someone can point me in the right direction I would greatly appreciate it. What I need to know is can I interact with a text based menu system and what is the correct method for doing this, examples if any exist would be great. thanks, -reagan

    Read the article

  • DotNetOpenAuth / WebSecurity Basic Info Exchange

    - by Jammer
    I've gotten a good number of OAuth logins working on my site now. My implementation is based on the WebSecurity classes with amends to the code to suit my needs (I pulled the WebSecurity source into mine). However I'm now facing a new set of problems. In my application I have opted to make the user email address the login identifier of choice. It's naturally unique and suits this use case. However, the OAuth "standards" strikes again. Some providers will return your email address as "username" (Google) some will return the display name (Facebook). As it stands I see to options given my particular scenario: Option 1 Pull even more framework source code into my solution until I can chase down where the OpenIdRelyingParty class is actually interacted with (via the DotNetOpenAuth.AspNet facade) and make addition information requests from the OpenID Providers. Option 2 When a user first logs in using an OpenID provider I can display a kind of "complete registration" form that requests missing info based on the provider selected.* Option 2 is the most immediate and probably the quickest to implement but also includes some code smells through having to do something different based on the provider selected. Option 1 will take longer but will ultimately make things more future proof. I will need to perform richer interactions down the line so this also has an edge in that regard. The more I get into the code it does seem that the WebSecurity class itself is actually very limiting as it hides lots of useful DotNetOpenAuth functionality in the name of making integration easier. Andrew (the author of DNOA) has said that the Attribute Exchange stuff happens in the OpenIdRelyingParty class but I cannot see from the DotNetOpenAuth.AspNet source code where this class is used so I'm unsure of what source would need to be pulled into my code in order to enable the functionality I need. Has anyone completely something similar?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 404 405 406 407 408 409 410 411 412 413 414 415  | Next Page >