Gossamer Forum
Home : Products : Links 2.0 : Discussions :

SECURITY

Quote Reply
SECURITY
Two Issues:
(Issue 1)
I now would like to create link submitter's passwords.

I see that there are mods available, but wish to verify how they would work with my database.

Most of my links originated from an original list which was imported into a different program which included more info fields such as company address and phone, etc. I converted this database to conform to links2 fields, however, many entries did not include a" Contact Name" or "Contact Email"
IE: blank fields (| |).

I discovered this as I attempted to move them into more defined sub categories, and have needed to locate emails and contact names for each of the 700+ entries. (I just used "Contact" for Contact Name if I could not locate one on the linked site.

Now here's the issue.
If I install a password field as defined in "Password Modify" mod from Resources : Links : Modifications,

What happens if someone (say a linked website owner)wishes to modify a link I put in and was obviously not the originator of the link!

I have integrated the email info modification, but they may not know which of the many email's they use that I have integrated!

One other question: Does this modification allow the user to retrieve their password if the loose or forget it?

(ISSUE Two):
I have been trying to make the category descriptions that appear on the home page smaller (so I can have them appear on a single line) without affecting the links descriptions.

I admit my knowledge of Cascading Style Sheets is limited, but, I tried creating a style for the category description IE:
/* The category description */
span.catdescript {font-size: xx-small; color: #FFFFFF; background: #3A7060; font-family: "verdana", "arial", "geneva", sans-serif;}

But, cannot figure out how to impliment it.

In the home.html page there is simply a call for <%category%> with no if/then vars or anything related to the description.

Where is the home page category section built? Can I make the mod there? or elsewhere?
------------------
BruceS

[This message has been edited by BruceS (edited January 11, 2000).]

[This message has been edited by BruceS (edited January 11, 2000).]
Quote Reply
Re: SECURITY In reply to
Still need help with Issue #1

BUT.......

Regarding Issue #2 Above - I figured it out.
So in case anyone else is interested, I created a style in links.css as "span.catdescript" (see above) and found where the home page categories are built in site_html_templates.pl

I discovered that I could replace the span.descript with the above.

I also realize that just above that it where the table width definition was so I also increased the width for 80% to 85%.

Happy Camper!

------------------
BruceS

[This message has been edited by BruceS (edited January 11, 2000).]
Quote Reply
Re: SECURITY In reply to
With regards to ISSUE #1:

1)

Quote:
I see that there are mods available, but wish to verify how they would work with my database.

There are Mods in the Resource Center that will put fields in your database for people to verify their link information before modifying it.

(I am working on a more improved Password and Username script that will use auto generation of encrypted passwords and a Password Lookup Function. Similar to what DBMAN offers in its Secure Password Lookup Mod.)

You must have the fields in your database in order for these Mods to work.

2)

Quote:
What happens if someone (say a linked website owner)wishes to modify a link I put in and was obviously not the originator of the link!

Plainly stated...They will not be able to modify the link.

3)

Quote:
I have integrated the email info modification, but they may not know which of the many email's they use that I have integrated!

Right...so, people will not be able to modify the link.

4)

Quote:
One other question: Does this modification allow the user to retrieve their password if the loose or forget it?

Most of the Mods...Nope.

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------




Quote Reply
Re: SECURITY In reply to
   
Quote:
There are Mods in the Resource Center that will put fields in your database for people to verify their link information before modifying it..)
Can you be more specific as to what they (the mods) are called?

Quote:
(I am working on a more improved Password and Username script that will use auto generation of encrypted passwords and a Password Lookup Function. Similar to what DBMAN offers in its Secure Password Lookup Mod

Can you offer any time frame for this release?


What if I create the password field using the above and then paste a common password IE: "webuser" or something into the flatfile database (and/or where ever you would suggest), and then include a link for those whose sites were listed but wished for editorial privilidges.

Perhaps this link would lead to a form where they submitted their URL, email, and requested password etc.

I would then edit their listing in admin and give them a confirmation.

(I believe I have a password script somewhere that I might be able to utilize for this)

Unless of course your password mod is comming soon, and worth waiting for!

If it sounds like I am on the right track, or if you have another suggestion, I am all ears Smile

------------------
BruceS


[This message has been edited by BruceS (edited January 11, 2000).]
Quote Reply
Re: SECURITY In reply to
 
Code:
<%links%>

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------




Quote Reply
Re: SECURITY In reply to
  
Quote:
quote:
--------------------------------------------------------------------------------
(I am working on a more improved Password and Username script that will use auto generation of encrypted passwords and a Password Lookup Function. Similar to what DBMAN offers in its Secure Password Lookup Mod
Quote:
I did not say I was going to release it as a Mod. I have become quite reluctant to post Mods based on problems experienced by novice programmers with simple Mods. I do not have the time to provide as much as technical assistance that is needed to walk through users with installing Mods. I also do not have time to write documentation or instructions. But we shall see.

So what's the point? How does this help me?

I may be considered a novice programmer by your standards, but I am also a potential customer and supporter of your products!

If you prefer condescending replies to my support questions, I suggest you prepare a more complete manual for your program!

However, assuming that you really are here to be of help, I will proceed.....

And Nextly, Just as I have started becomming satisfied with the program's functionality, I have discovered that it seems to quit building pages before it finishes all the categories.

A search of records in a certain sub category return correct results, but now some the sub category pages are not being built.

The browser is not timing out. Before the stage 3 build was taking about 40 to 50 seconds and completely going through all the categories and their subs, but now it dsoes not.

The only changes I have made were described previously regarding a style addition to the links.css and the appropriate change in the site_html_templates.pl



[This message has been edited by BruceS (edited January 12, 2000).]
Quote Reply
Re: SECURITY In reply to
  
Quote:
I may be considered a novice programmer by your standards, but I am also a potential customer and supporter of your products!

I AM IN NO WAY SHAPE OR FORM affliated with Gossamer Threads. I am a volunteer programmer and designer who volunteers MANY hours to assist other programmers and LINKS users.

Wink

Quote:
If you prefer condescending replies to my support questions, I suggest you prepare a more complete manual for your program!

Again, this is not MY Program and I am in no way affliated with Gossamer Threads!

Also, if you have a problem with my responses, please address them personally, and not in this public forum, which is the property of Gossamer Threads NOT me.

Quote:
And Nextly, Just as I have started becomming satisfied with the program's functionality, I have discovered that it seems to quit building pages before it finishes all the categories.

Use telnet. If you don't have telnet, Use the Staggered Build option in the LINKS MANAGER console.

Quote:
A search of records in a certain sub category return correct results, but now some the sub category pages are not being built.

Again...use telnet or the Staggered Build Option.

Best of luck.

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------






[This message has been edited by Eliot (edited January 12, 2000).]
Quote Reply
Re: SECURITY In reply to
My apologies regarding assumption that you are affiliated with Gossamer, I will address any further comments regarding your reply technique personally.

I do appreciate any and all help.

Quote:
Use telnet. If you don't have telnet, Use the Staggered Build option in the LINKS MANAGER console.

Unfortunately, my server does not allow telnet access

I did add the script to my cron.sh (which runs at 4am daily) last night, but I just checked and the pages were not generated.

Each time I have made ANY changes I have run the builds all three ways. I discovered that it seemed (in the beginning) to work more efficiently that way.

I did the "Staggered" method several times. Cleared browser's cache each time. But one category in particular does not build pages.

In the Staggered method. It gets probably 3/4 through the categories (alphabetically) and prompts me to the next step!

I have run each method perhaps a dozen times with the same result!

Again, If I do a search of a link which is assigned to one of these empty categories (pages), it returns the link and indicates that it IS in the proper category!


[This message has been edited by BruceS (edited January 12, 2000).]
Quote Reply
Re: SECURITY In reply to
  
Quote:
Can you be more specific as to what they (the mods) are called?

I believe one is called Modify Password Mod. They are pretty ambiguous and I know that one of them is NOT FOUND when you try to access it via the Resource Center.

Quote:
Can you offer any time frame for this release?

I did not say I was going to release it as a Mod. I have become quite reluctant to post Mods based on problems experienced by novice programmers with simple Mods. I do not have the time to provide as much as technical assistance that is needed to walk through users with installing Mods. I also do not have time to write documentation or instructions. But we shall see.

Quote:
What if I create the password field using the above and then paste a common password IE: "webuser" or something into the flatfile database (and/or where ever you would suggest), and then include a link for those whose sites were listed but wished for editorial privilidges.

That would be a mute point, and anyone would still be able to modify links in your directory.

Quote:
If it sounds like I am on the right track, or if you have another suggestion, I am all ears.

You are on the right track for creating a Password Mod that may work for you. However, figuring out how to allow "record owners" who really don't own records the ability to edit their links will be the obstacle to overcome.

Your link idea for people to fill out a email processed form to request to modify a resource would allow you to associate people with their links. However, how would you go about verifying whether that person actually owns the record or link???

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------






[This message has been edited by Eliot (edited January 12, 2000).]
Quote Reply
Re: SECURITY In reply to
 
Code:
<!-- Subcategories-->
<%if category%>
<h3>Categories:</h3>
<%category%>
<%endif%>

<!-- Links in this category. -->
<%if links%>
<h3>Links: </h3>
<%links%>
<%endif%>

All pages are being generated, except two sub-category pages. I have even renamed some categories (and yes, ran the cat-check and move the links successfully)

Again, This problem must have something to do with the nph-build.cgi because it stops building at a certain point before finishing al the categories.

I have monitored the category builds during the staggered process, and it finishes before running ALL the categories!

p.s. if you would like to discuss previous situation bsimon47@ecom.net !

------------------
BruceS
Quote Reply
Re: SECURITY In reply to
 
Quote:
My host allows cron processing via their server console. It runs cron.sh daily from within my cgi-local folder! (at least they claim it does)

Well, that is odd. I have never heard that before. Well, then...have you changed the permission of your .sh file to 744 (rwxr--r--).

What changes have you made to the nph-build.cgi script?

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------




Quote Reply
Re: SECURITY In reply to
  
Code:
sub build_category_pages {
# --------------------------------------------------------
# This routine builds all the category pages. Each category uses
# the same template which is defined in &site_html_category.

# Modified June 26, 1999
# Fixing the bug of Prev

my ($cat, $url, $dir, @related, $relation, $page_num, $prev_page, $next_page, $numlinks);
local ($category, $links, $title_linked, $title, $total, $category_name, $category_name_escaped);
local ($description, $related, $meta_name, $meta_keywords, $header, $footer, $next, $prev);

# Go through each category and build the appropriate page.
CATEGORY: foreach $cat (sort keys %category) {
next CATEGORY if ($cat =~ /^\s*$/); # How'd that get in here? =)

$url = "$build_root_url/" . &urlencode($cat) . "/";
$use_html ?
print qq|Building Category: <A HREF="$url" TARGET="_blank">$cat</A>\n| :
print qq|Building Category: $cat\n|;
print "\tSubcategories: " . ($#{$subcategories{$cat}} + 1) . "\n";
print "\tLinks: " . (($#{$links{$cat}}+1) / ($#db_cols+1)) . "\n";

# Let's make sure the directory exists, build it if it doesn't.
$dir = &build_dir ($cat);
print "\tDirectory: $dir\n";
print "\tFilename : $dir/$build_index\n";

# We set up all the variables people can use in &site_html.pl.
($description, $related, $meta_name, $meta_keywords, $header, $footer) = @{$category{$cat}}[2..7];

# Calculate the related entries and put in a <LI> list.
@related = split(/\Q$db_delim\E/, $related); $related = "";
foreach $relation (@related) {
$related .= qq|<li><a href="$build_root_url/|;
$related .= &urlencode($relation);
$related .= qq|/$build_index">|;
$related .= &build_clean($relation);
$related .= "</a> ($stats{$relation}[0])</li>";
### mod Frown$stats{$relation}[0]) added to display number of related links
}

# Get the header and footer from file if it exists, otherwise assume it is html.
if ($header && (length($header) < 20) && ($header !~ /\s+/) && (-e "$db_header_path/$header")) {
open (HEAD, "<$db_header_path/$header") or &cgierr ("Unable to open header file: $db_header_path/$header. Reason: $!");
$header = "";
while (<HEAD> ) {
$header .= $_;
}
close HEAD;
}
if ($footer && (length($footer) < 20) && ($footer !~ /\s+/) && (-e "$db_footer_path/$footer")) {
open (FOOT, "<$db_footer_path/$footer") or &cgierr ("Unable to open footer file: $db_footer_path/$footer. Reason: $!");
$footer = "";
while (<FOOT> ) {
$footer .= $_;
}
close FOOT;
}
$title_linked = &build_linked_title ($cat);
$title = &build_unlinked_title ($cat);
$total = ($#{$links{$cat}} + 1) / ($#db_cols + 1);
$category_name = $cat;
$category_name_escaped = &urlencode ($cat);
$category_clean = &build_clean ($cat);

# Store all the category html info in $category.
if ($#{$subcategories{$cat}} >= 0) {
$category = &site_html_print_cat (@{$subcategories{$cat}});
}
else {
$category = "";
}

$numlinks = ($#{$links{$cat}} + 1) / ($#db_cols + 1);
$next = $prev = $links = "";
if (($numlinks > $build_links_per_page) && $build_span_pages) {
$total_pages=(int($numlinks/$build_links_per_page)); #added
if ($total_pages < $numlinks/$build_links_per_page) {$total_pages++}
$next .= "<b>1</b>"; # new added
for $j(2..($total_pages)){ #added & changed
$next .= qq~ <a href="more$j$build_extension">$j</a>~; #added
} # end of for #added

$page_num = 2;

$next .= qq~ <a href="more$page_num$build_extension">[Next >>]</a>~; #added
for ($i = 0; $i < $build_links_per_page; $i++) {
%tmp = &array_to_hash ($i, @{$links{$cat}});
$links .= &site_html_link (%tmp);
}
@{$links{$cat}} = @{$links{$cat}}[(($#db_cols+1)*$build_links_per_page) .. $#{$links{$cat}}];
$numlinks = ($#{$links{$cat}}+1) / ($#db_cols + 1);
}
# Otherwise we either only have less then x number of links, or we are not
# splitting pages, so let's just build them all.
else {
for ($i = 0; $i < $numlinks; $i++) {
%tmp = &array_to_hash ($i, @{$links{$cat}});
$links .= &site_html_link (%tmp);
}
}
# Create the main page.
open (CAT, ">$dir/$build_index") or &cgierr ("unable to open category page: $dir/$build_index. Reason: $!");
print CAT &site_html_category;
close CAT;
# Then we go through the list of links and build on the remaining pages.
while ($next && $build_span_pages) {

if ($numlinks > $build_links_per_page) {

$prev=$next=$next_page=$prev_page=""; #added
$next_page = $page_num+1;
$prev_page = $page_num-1; #added

if ($page_num == 2){
$prev .= qq~ <a href="$url">[<< Prev]</a> ~;
$prev .= qq~ <a href="$url"> 1</a> ~;}

else {$prev .= qq~ <a href="more$prev_page$build_extension">[<< Prev]</a> ~;
$prev .= qq~ <a href="$url">1</a> ~;
for $k(2..$prev_page){$prev .= qq~ <a href="more$k$build_extension">$k</a>~;}}

$next .= qq~ <b>$page_num</b> ~; #added

for $m($next_page..$total_pages){$next .= qq~ <a href="more$m$build_extension">$m</a>~;}

$next .= qq~ <a href="more$next_page$build_extension">[Next >>]</a>~; #added
} # end of if

else {
if ($page_num == $total_pages) {
$prev = $next = $next_page = $prev_page= "";
$prev_page=$total_pages-1;

if ($page_num == 2){
$prev .= qq~ <a href="$url">[<< Prev]</a> ~;
$prev .= qq~ <a href="$url"> 1</a> ~;}

else {$prev .= qq~ <a href="more$prev_page$build_extension">[<< Prev]</a> ~;
$prev .= qq~ <a href="$url">1</a> ~;
for $k(2..$prev_page){$prev .= qq~ <a href="more$k$build_extension">$k</a>~;}
} # end of else

$prev .= qq~ <b>$page_num</b> ~; #added
} # end of if
} # end of else

$links = "";
LINK: for ($i = 0; $i < $build_links_per_page; $i++) {
%tmp = &array_to_hash ($i, @{$links{$cat}});
last LINK if ($tmp{$db_key} eq "");
$links .= &site_html_link (%tmp);
}
$title_linked = &build_linked_title ("$cat/Page_$page_num/");
$title = &build_unlinked_title ("$cat/Page_$page_num/");

$use_html ?
print qq|\tSubpage : <A HREF="|, $url, qq|more$page_num$build_extension" TARGET="_blank">$dir/more$page_num$build_extension</A>\n| :
print qq|\tSubpage : $dir/more$page_num$build_extension\n|;

open (CAT, ">$dir/more$page_num$build_extension") or &cgierr ("unable to open category page: $dir/index$page_num$build_extension. Reason: $!");
print CAT &site_html_category;
close CAT;

@{$links{$cat}} = @{$links{$cat}}[(($#db_cols+1)*$build_links_per_page) .. $#{$links{$cat}}];
$numlinks = ($#{$links{$cat}}+1) / ($#db_cols + 1);

if ($page_num == $total_pages) { last; }
else { $page_num++; }

}
print "\n";
}
}

I really like the functionality of this, navigation feature, so I hope if there IS something wrong, then it can be easily remedied!

While you are reviewing it, I will revert back to the original and see if it makes a difference!


------------------
BruceS

[This message has been edited by BruceS (edited January 12, 2000).]
Quote Reply
Re: SECURITY In reply to
hi you guys.. i'd like to show you guys something..

www.pdamania.com/modify.cgi

login as:

u: pdamania
p: test

don't use REMEMBER ME..

this user has like 5 or 6 links that he/she can edit.. (of course since these are users.. they are still validated by the admin)

if you clicked on remember me when you logged in.. go to

www.pdamania.com/user.cgi?logout=1

now go to

www.pdamania.com/user.cgi?to=/modify.cgi

login as

u: jsu7785
p: test

this user has 1 link Smile

i did happen to get this mod with Links 2.0.. however.. what you are seeing is Links SQL..

it's faster than the Links 2.0 version.. however.. it's the same thing..

remember not to use remember me.. it will keep you logged in for a whole year.. unless you logout.. but yea.. i find it quite annoying..

jerry

[This message has been edited by widgetz (edited January 13, 2000).]
Quote Reply
Re: SECURITY In reply to
To all, Thanks to Alex, we resolved the Building pages problem by setting the cutoff to a much lower number. Smile

I had uploaded over 700 links into the links.db and it must have been overloading the nph-build.cgi and it was quitting. But now all is resolved with that issue!

To Jerry,

This seems to be a good solution!

Please tell, which mod this is and where I can get it!!!

I will probably need to figure out a way to assign id's to the many pre-loaded links and then find another way to aallow users who were not the originators of the link to get there id and password. But for new linkers, this can be great.

Thanks!

------------------
BruceS
Quote Reply
Re: SECURITY In reply to
Widgetz,

The script you provided does not seem to work.

I get a Software Error when I login with your user information.

Then when I go to the signup form, there are two unknown tags: User and Pass.

Nice integrated security system...however, does not work.

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------






[This message has been edited by Eliot (edited January 15, 2000).]
Quote Reply
Re: SECURITY In reply to
You know, I tried it the other day and had no problems. But after reading your post I tried to log in again and got
Code:
DBSQL (4525): Fatal Error: Unable to connect to the SQL server. Reason: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (111) at /home/pdamania/public_html/user.cgi line 109

The new user reg form outputted as Elliot Describes above!

I wonder if widgetz just put that up for demo purposes and then removed it.

I suppose we shoudl allow him the explaination.

In either case I still would like to know if this is the same password system offered in the Resources of this site, before I integrate it aor any other!

Cheers!

------------------
BruceS
Quote Reply
Re: SECURITY In reply to
eliot and bruce.. mysql was down for 2 days straight.. it's back up now..

------------------
Jerry Su
Links SQL Licensed
------------------
Quote Reply
Re: SECURITY In reply to
Now, I cannot connect to your script, Widgetz.

DNS Entry Error in Netscape.
Cannot connect to Internet Site in IE.

I did a tracert and got the following error:

Quote:
Unable to resolve target system name www.pdamania.com

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------




Quote Reply
Re: SECURITY In reply to
well.. it's working for me! Smile

------------------
Jerry Su
Links SQL Licensed
------------------
Quote Reply
Re: SECURITY In reply to
Very cool!

IT would be wonderful to use this script with regular LINKS 2.0. Yet I understand your relunctance to post Mods, as I am, too.

But really cool Mod!

Great job!

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------




Quote Reply
Re: SECURITY In reply to
Well, I am glad to see things seem to be worked out!

But just because so much information has passed, could you please point me to the mod and it's instructions?

Thanks!

------------------
BruceS
Quote Reply
Re: SECURITY In reply to
It is not a Mod...yet...It is just a script that widgetz shared with us...Whether he will release it as a formal Mod remains to be seen.

Regards,

------------------
Eliot Lee
Anthro TECH,L.L.C
www.anthrotech.com
----------------------