Gossamer Forum
(Advanced Search)
for
Home : Products : Gossamer Links : Discussions :

page builder help

Sep 23, 2002, 3:18 PM
xpert
User (277 posts)
Sep 23, 2002, 3:18 PM
Post #1 of 7
Views: 2048
Shortcut
Quote Reply
page builder help
When i add a simple dynamic page, i tried to use the gloab is_logged_in=> sub { return $USER ? 1 : 0 }

if form of <%if is_logged_in%><%Username%><%endif%> but it doesn't work!!!<%Username%> returns an unknown tag.

Please help!
Sep 23, 2002, 3:19 PM
Paul
Veteran (19537 posts)
Sep 23, 2002, 3:19 PM
Post #2 of 7
Views: 1999
Shortcut
Quote Reply
Re: [xpert] page builder help In reply to
Can't you just do:

<%if Username%><%Username%><%endif%>

Smile
Sep 23, 2002, 3:35 PM
xpert
User (277 posts)
Sep 23, 2002, 3:35 PM
Post #3 of 7
Views: 1983
Shortcut
Quote Reply
Re: [Paul] page builder help In reply to
That works, but i recall Alex said in one post that using the global is more secure and prevent from cgi inputs!

Also when using the if Username tag, it doesn't detect if the user was logged in correctly, it's very conflicting.

I got the is_logged_in global to work right under the other links page except for the page builder generated page, so if help?

Last edited by:

xpert: Sep 23, 2002, 3:59 PM
Sep 24, 2002, 5:22 AM
yogi
Veteran / Moderator (2199 posts)
Sep 24, 2002, 5:22 AM
Post #4 of 7
Views: 1965
Shortcut
Quote Reply
Re: [xpert] page builder help In reply to
I don't know at the moment what the problem is, but try modifying you global to
Code:
sub {
return $USER->{Username} ? 1 : 0;
}
Then, it should work. I'll try to find the cause of this problem.

Ivan
-----
Iyengar Yoga Resources / GT Plugins
Sep 24, 2002, 6:10 AM
pugdog
Veteran / Moderator (6956 posts)
Sep 24, 2002, 6:10 AM
Post #5 of 7
Views: 1955
Shortcut
Quote Reply
Re: [xpert] page builder help In reply to
Do you remember where Alex said that?

I don't see how using a global could be more secure than using a template variable. They work out to just about the same thing.

All the scripts that do something to the databases, check to make sure the user is logged in, BEFORE they go and do anything.

The GT (and well written 3rd party ones) use $USER->{Username} to decide what to do, and that variable is available only after a successful log on.

If you try to pass in Username=Hacker for example, you aren't going to get very far. You might trick a template into displaying something, but I don't even see how that can happen, since everything is still piped or run through scripts.


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.
Sep 24, 2002, 6:38 AM
yogi
Veteran / Moderator (2199 posts)
Sep 24, 2002, 6:38 AM
Post #6 of 7
Views: 1939
Shortcut
Quote Reply
Re: [pugdog] page builder help In reply to
You are completely right, there is not really a security problem here.

The only thing that is a bit odd is that if a user is not logged in, and they pass Username=hacker in the query string, then Username will be available as a template var, and it will be set to hacker. If the user is logged in, this is not a problem since the real username overwrites the one passed in through the query string.

Ivan
-----
Iyengar Yoga Resources / GT Plugins
Sep 24, 2002, 10:10 AM
Payooo
User (424 posts)
Sep 24, 2002, 10:10 AM
Post #7 of 7
Views: 1941
Shortcut
Quote Reply
Re: [pugdog] page builder help In reply to
In Reply To:
Do you remember where Alex said that?


I believe here ...

http://www.gossamer-threads.com/...i?post=196181#196181