WebLogin, WebSignup and WebChangePwd - MODX Community Forums https://forums.modx.com/board/?board=77 <![CDATA[WebLogin [+action+] allows code injection on page?]]> https://forums.modx.com/thread/89217/weblogin-action-allows-code-injection-on-page#dis-post-490594
We have recently come across an issue where Google is reporting some of our pages are suspected for URL Injection.

After closer inspection it seems that users can visit our login page i.e. http://localhost.com/login.html?ekjhekjhekjhejkhe then when you look at the source code you can see this extra text in the form post / action field.

Has anyone come across this issue before and know how to prevent the extra text from being added into the source code of the page?

I have also as a test installed the latest version of evolution and the same happens as above with the sample site

Thanks Aaron]]>
https://forums.modx.com/thread/89217/weblogin-action-allows-code-injection-on-page#dis-post-490594 Wed, 19 Feb 2014 10:07:56 +0000 https://forums.modx.com/thread/89217/weblogin-action-allows-code-injection-on-page#dis-post-490594
<![CDATA[WebLogin fails when captcha enabled]]> https://forums.modx.com/thread/44715/weblogin-fails-when-captcha-enabled#dis-post-471481
I am seeing the same thing in WebSignup even with useCaptcha=`1`

Captcha is working fine for logging into the Manager. What am I doing wrong? Thanks - John]]>
https://forums.modx.com/thread/44715/weblogin-fails-when-captcha-enabled#dis-post-471481 Thu, 11 Jul 2013 04:20:34 +0000 https://forums.modx.com/thread/44715/weblogin-fails-when-captcha-enabled#dis-post-471481
<![CDATA[Automatically CC Site Admin when a Web User Signup has happended]]> https://forums.modx.com/thread/44773/automatically-cc-site-admin-when-a-web-user-signup-has-happended?page=2#dis-post-467985
Really hope you can help. I’m using the WebLogin feature to get users to sign-up and gain access to members only pages within the site, this is working a treat, once they sign-up the admin then ticks a box on the Web Users details within the manager to give them full access. The only problem I’m have is getting the email notification to be sent to the administrator of the site as well as the new member, this way they know when a user has signed up, they can validate the details and then tick that magic box to activate the account.

Does anyone know how I can do this by modifying the websignup.inc.php file?

Thanks
Lee]]>
https://forums.modx.com/thread/44773/automatically-cc-site-admin-when-a-web-user-signup-has-happended?page=2#dis-post-467985 Tue, 04 Jun 2013 04:43:31 +0000 https://forums.modx.com/thread/44773/automatically-cc-site-admin-when-a-web-user-signup-has-happended?page=2#dis-post-467985
<![CDATA[Use Email as username for WebLogin?]]> https://forums.modx.com/thread/44731/use-email-as-username-for-weblogin#dis-post-431018 https://forums.modx.com/thread/44731/use-email-as-username-for-weblogin#dis-post-431018 Mon, 23 Jul 2012 08:28:50 +0000 https://forums.modx.com/thread/44731/use-email-as-username-for-weblogin#dis-post-431018 <![CDATA[WebLogin redirects to blank page on logout]]> https://forums.modx.com/thread/44803/weblogin-redirects-to-blank-page-on-logout#dis-post-395876
MODx 1.0.5
WebLogin 1.1
Tested in latest versions of Firefox and Safari on Mac OS]]>
https://forums.modx.com/thread/44803/weblogin-redirects-to-blank-page-on-logout#dis-post-395876 Tue, 04 Oct 2011 11:56:44 +0000 https://forums.modx.com/thread/44803/weblogin-redirects-to-blank-page-on-logout#dis-post-395876
<![CDATA[HELP error replacing into active users! SQL: REPLACE INTO Sql.`modx_active_users]]> https://forums.modx.com/thread/44802/help-error-replacing-into-active-users-sql-replace-into-sql-modx-active-users#dis-post-257699
HELP this is my problem

error replacing into active users! SQL: REPLACE INTO Sql212271_8.`modx_active_users` (internalKey, username, lasthit, action, id, ip) VALUES (1, ’admin’, ’3333333333’, ’2’, NULL, ’33.33.333.226’) INSERT,DELETE command denied to user ’Sql109991’@’33.333.333.33’ for table ’modx_active_users’]]>
https://forums.modx.com/thread/44802/help-error-replacing-into-active-users-sql-replace-into-sql-modx-active-users#dis-post-257699 Thu, 21 Jul 2011 05:32:05 +0000 https://forums.modx.com/thread/44802/help-error-replacing-into-active-users-sql-replace-into-sql-modx-active-users#dis-post-257699
<![CDATA[weblogin - Error while sending mail to ...]]> https://forums.modx.com/thread/44801/weblogin---error-while-sending-mail-to#dis-post-257696 I use modx 1.0.4 rev 6981.
In Weblogin: while trying to restore forgotten password I receive message
"Error while sending mail to ... Please contact the Site Administrator"
Could anybody adwise what can be the issue?
Thanks in advance]]>
https://forums.modx.com/thread/44801/weblogin---error-while-sending-mail-to#dis-post-257696 Sun, 24 Apr 2011 08:43:09 +0000 https://forums.modx.com/thread/44801/weblogin---error-while-sending-mail-to#dis-post-257696
<![CDATA[Keeping the user logged in upon closing browser and returning to site]]> https://forums.modx.com/thread/44786/keeping-the-user-logged-in-upon-closing-browser-and-returning-to-site?page=4#dis-post-257646
Is it possible with WebLogin to allow a user to login but keep their session active so that if they closed their browser and came back to the site a few days later it would recognise they were still logged in without having to go through the login process again? Much like a "remember me" checkbox would do.

I’m sure it has something to do with setting a session expiry time or something like that, but am unsure where or how to go about this. Anybody have any idea?

Thanks in advance...]]>
https://forums.modx.com/thread/44786/keeping-the-user-logged-in-upon-closing-browser-and-returning-to-site?page=4#dis-post-257646 Sat, 23 Apr 2011 07:04:03 +0000 https://forums.modx.com/thread/44786/keeping-the-user-logged-in-upon-closing-browser-and-returning-to-site?page=4#dis-post-257646
<![CDATA[WebLoginPE Error]]> https://forums.modx.com/thread/44759/webloginpe-error#dis-post-257486 I have added WebLoginPE snippet on my website which I downloaded from http://modxcms.com/extras.html?view=package/view&package=495.
I am getting the error below.

Can anyone help me out.


« MODx Parse Error »
MODx encountered the following error while attempting to parse the requested resource:
« PHP Parse Error »

PHP error debug
Error: include_once(/home/siafuwa/public_html/modx/modx-0.9.6.3/assets/snippets/webloginpe/webloginpe.class.php) [function.include-once]: failed to open stream: No such file or directory
Error type/ Nr.: Warning - 2
File: /home/siafuwa/public_html/modx/modx-0.9.6.3/manager/includes/document.parser.class.inc.php(769) : eval()’d code
Line: 27

Parser timing
MySQL: 0.0035 s (4 Requests)
PHP: 0.0278 s
Total: 0.0313 s

Thanks.
Lillian]]>
https://forums.modx.com/thread/44759/webloginpe-error#dis-post-257486 Fri, 11 Mar 2011 06:39:18 +0000 https://forums.modx.com/thread/44759/webloginpe-error#dis-post-257486
<![CDATA[Need Help with Weblogin and Captcha]]> https://forums.modx.com/thread/44800/need-help-with-weblogin-and-captcha#dis-post-257695 <fieldset>
<h3>Your Login Details</h3>
<label for="username">User: <input type="text" name="username" id="username" tabindex="1" onkeypress="return webLoginEnter(document.loginfrm.password);" value="[+username+]" /></label>
<label for="password">Password: <input type="password" name="password" id="password" tabindex="2" onkeypress="return webLoginEnter(document.loginfrm.cmdweblogin);" value="" /></label>
<p>Enter the word/number combination shown in the image below.</p>
<p><a href="[+action+]"><img align="top" src="manager/includes/veriword.php" width="149" height="60" alt="If you have trouble reading the code, click on the code itself to generate a new random code." style="border: 1px solid #039" /></a></p>
<label>Form code:*
<input type="text" name="formcode" class="inputBox" size="20" /></label>

<input type="checkbox" id="checkbox_1" name="checkbox_1" tabindex="3" size="1" value="" [+checkbox+] onclick="webLoginCheckRemember()" /><label for="checkbox_1" class="checkbox">Remember me</label>
<input type="submit" value="[+logintext+]" name="cmdweblogin" class="button" />
<a href="#" onclick="webLoginShowForm(2);return false;" id="forgotpsswd">Forget Your Password?</a>
{{register}}

{{manager user}}
</fieldset>
and placed the &useCaptcha=`1` inside of my snippet call like follows:
<h2>Login:</h2>
<div id="sidebarlogin">[!WebLogin? &tpl=`FormLogin` &loginhomeid=`[(site_start)]` &useCaptcha=`1`!]</div>
But it doesn’t seem to validate. You can view the site here: http://www.grstreamkeepers.com look at the lower right corner side bar and you’ll see the login with captcha. You can use tester with test123 to see what I mean.

I also tried copying the code (in red) from the WebSignup snippet and pasted into the WebLogin snippet but that doesn’t seem to work either:
WebLogin 1.1 Snippet Code
# Snippet customize settings
$liHomeId = isset($loginhomeid)? explode(",",$loginhomeid):array($modx->config[’login_home’],$modx->documentIdentifier);
$loHomeId = isset($logouthomeid)? $logouthomeid:$modx->documentIdentifier;
$pwdReqId = isset($pwdreqid)? $pwdreqid:0;
$pwdActId = isset($pwdactid)? $pwdactid:0;
$loginText = isset($logintext)? $logintext:’Login’;
$logoutText = isset($logouttext)? $logouttext:’Logout’;
$tpl = isset($tpl)? $tpl:"";
$useCaptcha = isset($useCaptcha)? $useCaptcha : $modx->config[’use_captcha’] ;
// Override captcha if no GD
if ($useCaptcha && !gd_info()) $useCaptcha = 0;

The login form seems to work fine with captcha disabled, however when I disable the captcha feature I get bombarded by bots trying to register with the registration page which uses the FormSignup chunk in conjunction with the WebSignup 1.1 snippet therefore I have to enable the captcha to avoid the bots.

Can anyone help me with this? Am I missing something?]]>
https://forums.modx.com/thread/44800/need-help-with-weblogin-and-captcha#dis-post-257695 Fri, 04 Mar 2011 10:56:57 +0000 https://forums.modx.com/thread/44800/need-help-with-weblogin-and-captcha#dis-post-257695
<![CDATA[weblogin action]]> https://forums.modx.com/thread/44799/weblogin-action#dis-post-257693
this must be a silly question but i’m trying to implement weblogin in a evo 1.0.4 website (as it’s still in the snippets) and when looking at the source code when the login form is in the page i get action="/minimal-base" !? well, i tried &action=`#` in the snippet call but nothing changes, could someone give me some track to understand where to change this (i have seen the clue in the snippet comments)

or, maybe it just means that i should not use weblogin in evo but weblogin PE... ?

thanks for any idea]]>
https://forums.modx.com/thread/44799/weblogin-action#dis-post-257693 Mon, 08 Nov 2010 01:17:06 +0000 https://forums.modx.com/thread/44799/weblogin-action#dis-post-257693
<![CDATA[CSS problem with new register button in IE and Opera]]> https://forums.modx.com/thread/44798/css-problem-with-new-register-button-in-ie-and-opera#dis-post-257690 http://www.vanislebc.com/webdev/frugal/]]> https://forums.modx.com/thread/44798/css-problem-with-new-register-button-in-ie-and-opera#dis-post-257690 Fri, 24 Sep 2010 08:12:52 +0000 https://forums.modx.com/thread/44798/css-problem-with-new-register-button-in-ie-and-opera#dis-post-257690 <![CDATA[Adding up to three IP addresses]]> https://forums.modx.com/thread/44797/adding-up-to-three-ip-addresses#dis-post-257684
My coding skills are terrible, but I guess I need the code to check against the field to see if the existing IP address matches the one stored, and if so, do nothing, and if not, check how many characters are stored in the Allowed IP Address field, and if under 51 (allowing for commas between IP addresses), append a comma and the IP address, and if over 51, provide a message to say they need to get in touch with the company.

Has anyone else implemented something like this?]]>
https://forums.modx.com/thread/44797/adding-up-to-three-ip-addresses#dis-post-257684 Thu, 16 Sep 2010 02:03:33 +0000 https://forums.modx.com/thread/44797/adding-up-to-three-ip-addresses#dis-post-257684
<![CDATA[Weblogin disables PHX in Revo 1.0.4]]> https://forums.modx.com/thread/44796/weblogin-disables-phx-in-revo-1-0-4#dis-post-257681
I have a severe Problem with Weblogin and PHx.

I am using a PHx call in my template changing two column layout to a three column layout if needed. Now in a page I need the WebLogin. But WebLogin somehow disables PHx, loading both templates at the same time. Anyone an idea how I could fix that?

My Templates looks like this
[+phx:if=`[*sidebar*]`:is=``:then=`<div id="wrapContent">
<div id="breadcrumb">[!Breadcrumbs? &homeId=`194` &showCrumbsAtHome=`0` &showHomeCrumb=`0` &titleField=`menutitle`!]</div>
<div id="cont2" class="group"><h1>[*longtitle*]</h1>[*content*]</div></div>`:else=`<div id="wrapContent">
<div id="breadcrumb">[!Breadcrumbs? &homeId=`194` &showCrumbsAtHome=`0` &showHomeCrumb=`0` &titleField=`menutitle`!]</div>
<div id="contLeft"><h1>[*longtitle*]</h1>[*content*]</div>
<div id="sidebar">[*sidebar*]</div></div>`+]


my system
Evo 1.0.4
weblogin as in evo 1.0.4
PHP 5.3.2
PHx 2.1.3

your Help is much appreciated

]]>
https://forums.modx.com/thread/44796/weblogin-disables-phx-in-revo-1-0-4#dis-post-257681 Fri, 27 Aug 2010 03:40:22 +0000 https://forums.modx.com/thread/44796/weblogin-disables-phx-in-revo-1-0-4#dis-post-257681
<![CDATA[Admin Activate New Users]]> https://forums.modx.com/thread/44795/admin-activate-new-users#dis-post-257680
[[WebSignup? &tpl=`FormSignup` &groups=`Registered Users`]]
]]>
https://forums.modx.com/thread/44795/admin-activate-new-users#dis-post-257680 Thu, 26 Aug 2010 09:54:24 +0000 https://forums.modx.com/thread/44795/admin-activate-new-users#dis-post-257680
<![CDATA[Login/Logout redirect problem]]> https://forums.modx.com/thread/44794/login-logout-redirect-problem#dis-post-257675
I know this is a simple thing to do but i can’t for the life of me get it to do what i want.
I have a the following pages: HOME | SERVICES | ABOUT | PRICE LISTS | CONTACT US (very basic setup)
The PRICE LISTS page is only shown, when a web user assigned to the Sales group, is logged on, otherwise it is permanently hidden form the public. This is working fine.

I simply need the user to be redirected to a User Profile page when they log-on and also redirected to a Log-out page when they log-out.
Simple enough but i am getting mixed results.

Currently if the user log’s on it re-directs OK.
If the user is on the ABOUT page and logs-out the it stays on the ABOUT page
If the user is on the PRICE LIST page (which is secured) and logs-out then it redirects to the log-in page and not the specified log-out page.

I am using this:
[[WebLogin? &loginhomeid=`233` &logouthomeid=`234`]]


Oh, and another thing it does is when a user logs-out the PRICE LIST menu item remains visible but when you click in it it takes you to the log-in page...is there a way to automatically hide the PRICE LIST page when a user logs-out?

Thanks]]>
https://forums.modx.com/thread/44794/login-logout-redirect-problem#dis-post-257675 Thu, 12 Aug 2010 07:33:31 +0000 https://forums.modx.com/thread/44794/login-logout-redirect-problem#dis-post-257675
<![CDATA[Using the weblogin to edit from the front end]]> https://forums.modx.com/thread/44793/using-the-weblogin-to-edit-from-the-front-end#dis-post-257672 without me have to set up manager users from the backend. The reason for this is that I won’t always be available to do it for them when they want (I have a day job that takes me away from the province some days) and weblogin seems pretty basic. I am using Modx evo 1.04 with the example content installed. The default template is also being used.

After struggling to understand this document http://bobsguides.com/permissions.html I have tried creating groups with permissions and assigning preferred users to those groups but there doesn’t seem to be an editing option available when I look at the user profile under the manager. Also it seems that resources cannot be open for public viewing and allow web users to edit too. Can I assign a role to a certain user group? If not, what would be the way to go?



]]>
https://forums.modx.com/thread/44793/using-the-weblogin-to-edit-from-the-front-end#dis-post-257672 Sun, 08 Aug 2010 02:43:29 +0000 https://forums.modx.com/thread/44793/using-the-weblogin-to-edit-from-the-front-end#dis-post-257672
<![CDATA[Adding Register Button to Login]]> https://forums.modx.com/thread/44790/adding-register-button-to-login#dis-post-257659 https://forums.modx.com/thread/44790/adding-register-button-to-login#dis-post-257659 Fri, 06 Aug 2010 04:06:20 +0000 https://forums.modx.com/thread/44790/adding-register-button-to-login#dis-post-257659 <![CDATA[Confused by Weblogin on Home page.]]> https://forums.modx.com/thread/44792/confused-by-weblogin-on-home-page#dis-post-257668 Simple Blog. When logged into your site, you’ll be able to create new entries from the front end. This can also be turned into a News publishing or PR publishing system. View example blog So I created a new account and then tried to login but was met with an error that says:
The security code you entered didn’t validate! Please try to login again!
Now no where in the login section was there any captcha or security code to type in. Also there was no registration button and I had to use the link in the content to actually create an account. Am I missing something or is this not a normal login like those I am accustomed to on other sites like this forum for example?

I see that I can post a comment in the blog section without logging in however.

I also read through a few posts where they mention creating groups, documents, and permissions but that too is a bit confusing as how would I know the new members name etc to assign him/her to a web user group until they actually register? Without a register button this wouldn’t work. Setting up a link similar to the one on the content page is fine but most people are used to seeing a registration button near the login button so would probably never see the link.]]>
https://forums.modx.com/thread/44792/confused-by-weblogin-on-home-page#dis-post-257668 Thu, 29 Jul 2010 12:01:49 +0000 https://forums.modx.com/thread/44792/confused-by-weblogin-on-home-page#dis-post-257668
<![CDATA[New Member Registration Issue with Login Form]]> https://forums.modx.com/thread/44791/new-member-registration-issue-with-login-form#dis-post-257661 The security code you entered didn’t validate. Please try to login again. When I logged in there was no security code text box to enter code into. Just a user and password text box, remember me check box, login button and forget your password text link. Have I missed something?]]> https://forums.modx.com/thread/44791/new-member-registration-issue-with-login-form#dis-post-257661 Sun, 25 Jul 2010 10:57:28 +0000 https://forums.modx.com/thread/44791/new-member-registration-issue-with-login-form#dis-post-257661