Regard Origin when Login

Post your ideas on features for CrazyStat, improvements, wishes etc. here.
Forum rules
You can find my list of todos here to see what is already planned for CrazyStat. But feel free to request anything that comes to your mind, even if it is already on the list (but don't complain if I just answer "already on the todo" then... ;-) ). A "+1" reply is always welcome.

Preferred language of discussion is English so most users can profit from your threads, but German is okay as well.

Bevorzugte Sprache ist Englisch, damit möglichst viele Nutzer von den Threads profitieren können, aber Deutsch wird auch akzeptiert.
Post Reply
cmb
Posts: 7
Joined: Mon Sep 10, 2012 3:22 pm

Regard Origin when Login

Post by cmb » Wed Apr 09, 2014 1:26 pm

Hi Christopher,

I have noticed that the login request doesn't regard the origin (i.e. protocol, hostname and port) that requested the login form, so that login to the stats is not possible, if, for instance, the webserver is listening on a non default port, such as 8080.

Apparently, that is caused in password_protect.php lines 233 and 293 where the form action attribute's value is set to the htmlspecialchar'd PHP_SELF. I replaced this with a hard-coded "./show_stat.php" and that worked fine. I have not found any side-effects, but I am not sure that there are none.

Maybe something to consider for the next release of Crazystat.

Best regards,
Christoph

Christopher
Site Admin
Posts: 162
Joined: Sat Mar 03, 2012 10:30 pm
Location: Germany

Re: Regard Origin when Login

Post by Christopher » Tue Apr 15, 2014 12:55 pm

Hey,

password logins are also used:
- in the log-tool
- if you directly access something like logs.php or show_log.php
But these are things you usually don't do ;)

But thanks for the feedback.
Hopefully I won't forget to fix this in the next release

Greetings,
Christopher
I try to support my users as best as I can.
Please support me and CrazyStat in return. Thanks.

Post Reply