Since this script has been shown to have a few security holes and since a better method of doing this same thing has been posted, I completely abandoned this mod quite a while ago. It has now been replaced entirely.

I've deleted my User-Friendly Modify script and replaced it with a templates version of the Password Modify mod by Thiago Moretti. I'd implemented this on my site quite a while back, and have been using it instead of the script I wrote which should tell you something.

Thiago has had a non-templates version of this mod posted for long time, but there were no instructions for template users. So now there are. I've added it to the Links Modifications page, but until it gets added there, you can find it at http://www.asan.com/users/phoenix/modify/ .

I hope this is a help to those who've been struggling with the User-Friendly Modify. That script worked fine in its original configuration, but as soon as you tried to change or extend it, it would be one giant security hole. This is not true of Thiago's mod.

Many thanks to Thiago for allowing me to post this templates version of his mod.

Phoenix

          You are welcome Phoenix....

this is great, havent installed it yet, but
have long waiting for it, and wil try it soon.
one question but,
whatabout the links that are already in the
database, how do they add their password,
will they be able to enter their link without
password to then add it.
love,klaus

------------------

That is something a lot of people have asked with both my script and Thiago's, and nobody's come up with a good answer.

The only advice I've got is that you'll have to add them all manually and then send a mass-mailing through the Admin feature to all link owners telling them that passwords have been added and that they can change their password if they like by using the modify script.

Sorry I don't have a more palatable solution.

Phoenix

 A solution is creating a simple routine to create random passwords for each link, then add another routine so when the user enters a wrong password the script sends the owner of the link his/her information, including his/her password.
And when you add this mod, send a mail to all owners with the password included, asking for him/her to change it...

Hie,
I have modified my files to utilise this new user friendly modify.cgi mod but I encountered a problem.
After I entered the ID and password, it shows a error message
"unknown tag : title "
I can't seems to find what is the problem. Can someone help me out here. Thank you very much =)

If you typed the error message exactly as it was given to you, the problem is that in your templates you have used the tag <%title%> rather than <%Title%>... these are case sensitive.

Hope this helps.

Phoenix

For those who have already checked out this mod, I did forget one thing in the instructions...

You should also edit your modify_error.html template. What I have done on my copy is just to remove the form that allows people to correct any errors. This is because they may get to that page from either of 2 different forms now, and it won't know which form to display... that would require yet another template, and I don't feel that it's worth the trouble.

So what I've done is edit that page so that it simply displays the error message and asks the user to go bak to the previous page and make any corrections there.

I'll add this to the instructions as soon as I get a minute.

Phoenix

Hiee,
I have check the template codes and it looks fine to me. I just took the original ones from the Mod itself without any modification and also tried my own template but still the same.
In fact I tried entering wrong password and wrong ID , it stills give me the same error message. It's like the mod didn't even check for any invalid password/id. I m not sure but those error message suppose to mean that someting in template file is not recognize.
Maybe one of the sub routine for the user friendly mod need to add something to allow modify.html to have those <%Title%> ... to be recognize.
But still, I think that is not the only problem. Sigh... if it's my fault then i m gonna scream ... arrghh ... please help ... thakn u thank u thank u
any other files that might interrupt this mod besides the modify.cgi itself ?

sincerely,
vincent tan

Vincent and everyone,

Stop working on it for right now... There are a couple of typos in my code (generally capitalization). I'm really sorry about this. I was working from memory of what I did several months ago, and I guess my memory's not that good.

I will post a correct today, and announce it here. Again, I'm really sorry about causing this confusion. The errors are not big, but they do really louse things up.

Phoenix

OK, I fixed it. The revised copy is on my web page as shown at the beginning of this thread.

Again my sincere apologies to anyone who wated time trying to make this work due to my typos. There were only a couple tiny things and it took me forever to track them down, including installing a clean copy of Links on a dummy site. Sheesh!

But it does work.

Phoenix

Hi,
It's me again. I've just remodified my links but I still get the same result.
"Unkown Tag: Title"
It's driving me nuts... Anyone knows what might be the problem here ? I check out the templates already, they are fine. Weather I entered valid ID/Password or not , the result is still the same.
Is there any other files that might intefer this mod ? coz I have modified the links with , External Rate It Mod, Span Pages Mod, Update & 3 Level NEW Graphic Mod.
Thank You.

Sincerely,
Vincent Tan

Question....

What is a user has the same e-mail address and different URL's?



------------------
James L. Murray
VirtueTech, Inc.
http://www.virtuetech.com

Vincent,

I had the problem with the tag Title being unknown, but that was only if I put in the incorrect ID or password... that was what reminded me to edit the modify_error.html file to remove the form.

Could you post a few files as text files to a temporary directory on your site and give me the address so I can look at them? The files I'd want to look at are modify.html, modify_first.html, site_html_templates.pl, and modify.cgi. If you wanted to also put up modify_error and modify_success, that wouldn't hurt either. I'll do my best to help.

Phoenix

Also,

When I use the password.cgi script to mail me my password it only e-mails me the following:

You have requested your password for info@legendlogbooks.com.
Resource ID: 40
URL : http://www.legendlogbooks.com
Email : info@legendlogbooks.com

I have added manually to all my existing script a:

|(password)

to the end of the links.db file.

How do I get the password to get e-mailed to the user.

Thanks in advance.


------------------
James L. Murray
VirtueTech, Inc.
http://www.virtuetech.com

Ground Zero,

The script asks people to put in the ID number of their link and their password, so if the one person (with one email address) owns multiple links it doesn't matter. They just need to know the ID number for each of their links.

The script that I call to send people their link information if they have forgotten their ID number or password (hostglobal's Password 1.0) is supposed to email the user the information for every link that has that email address associated with it. So if there are 5 links with the same email, it should send the user ID and password for all 5 links.

If you have more questions about the password script, it would be a good idea to start a new thread about it so that the author of the script will take notice. I didn't write the password script.

Phoenix

[This message has been edited by phoenix (edited June 15, 1999).]

Also,

When I use the password.cgi script to mail me my password it only e-mails me the following:

You have requested your password for info@legendlogbooks.com.
Resource ID: 40
URL : http://www.legendlogbooks.com
Email : info@legendlogbooks.com

I have added manually to all my existing script a:

|(password)

to the end of the links.db file.

How do I get the password to get e-mailed to the user.

Thanks in advance.


------------------
James L. Murray
VirtueTech, Inc.
http://www.virtuetech.com

I'm trying to get the web site to automatically go back to Modify.cgi after password.cgi mails the password information out to the user.

I'm using a refresh meta tag right now, and it refreshes the screen after 2 seconds to go back to modify.cgi, but it always asks me if I wat to report from data, yes or no.

How do I get it to stop asking me if I want to repost from data?

Any help is greatly appreciated.



------------------
James L. Murray
VirtueTech, Inc.
http://www.virtuetech.com

Thanks pheonix,

I didn't know that the password script sent out the info for all 5 (lets say) links and passwords under the same e-mail address.

Thanks

------------------
James L. Murray
VirtueTech, Inc.
http://www.virtuetech.com

Pheonix,

One more question.

When I add the "Password" field to add.html, is it possible to add a "Confirm Password" field to add.html, and if so how does it confirm it?

James L. Murray

------------------
James L. Murray
VirtueTech, Inc.
http://www.virtuetech.com

James,

That's a good question, and I really don't know. Maybe somebody else could help you out with the confirm password thing. It doesn't seem like it should be hard at all, but I haven't tried it.

Phoenix

Problem...

Any e-mail address that has more than 1 listing does not get an e-mail.

I guess the password.cgi script doesn't send them all their resources.

Help...



------------------
James L. Murray
VirtueTech, Inc.
http://www.virtuetech.com

James,

I knew that this script had that problem when it was first released, but I thought the author had corrected it. My apologies. I will try to describe the changes I made in my script to make it send every link associated with the given email address. Hopefully I won't miss anything.

In the password.cgi script change
to this:

I think that is the only change that needs to be made to make it work properly. I should also note that this modification to the password script was written by Crowe. I'm not that clever.

Phoenix

Pheonix,

Your the man.

Thanks a million.



------------------
James L. Murray
VirtueTech, Inc.
http://www.virtuetech.com

Ground Zero,

What if Phoenix is a girl?

How do I know? I'am D Man. :-) Just a joke.

[This message has been edited by socrates (edited June 15, 1999).]