PEAK XOOPS - Double click needed to reach the requested page 
Double click needed to reach the requested page
- You cannot open a new topic into this forum
- Guests cannot post into this forum
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2004/12/22 0:37
efla
Posts: 39
Posts: 39
Hello,
I installed autologin hack onto my site and have a few anoyances for my registered users.
When they access my site, and reach my home page they "look like" to be autologged (to login block isn't displayed) what is of course de purpose of this hack. :) But, if they click any of the url displayed on my home page, rather then being forwarded to that url, the message "No autologin ... " appears and then the home page is displayed again. They have to click again the selected url to finally arrive to the page that they are looking for.
Strange and annoying behaviour because the users do not understand why they have to click twice
Thanks for you help
EugïÏe
I installed autologin hack onto my site and have a few anoyances for my registered users.
When they access my site, and reach my home page they "look like" to be autologged (to login block isn't displayed) what is of course de purpose of this hack. :) But, if they click any of the url displayed on my home page, rather then being forwarded to that url, the message "No autologin ... " appears and then the home page is displayed again. They have to click again the selected url to finally arrive to the page that they are looking for.
Strange and annoying behaviour because the users do not understand why they have to click twice
Thanks for you help
EugïÏe
Votes:1
Average:10.00
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2004/12/24 19:16
GIJOE
Posts: 4110
Posts: 4110
hi efla.
This is a mechanism for anti-CSRF.
It says not "No autologin ... " but "Now, loggin in ..."
There are many modules which has vulnerablities against CSRF.
If you believe that you use no CSRF-weak module, disable the protection like this:
line 213 of include/common.php
This is a mechanism for anti-CSRF.
It says not "No autologin ... " but "Now, loggin in ..."
There are many modules which has vulnerablities against CSRF.
If you believe that you use no CSRF-weak module, disable the protection like this:
line 213 of include/common.php
// autologin hack GIJ
if(empty($HTTP_SESSION_VARS['xoopsUserId']) && isset($HTTP_COOKIE_VARS['autologin_uname']) && isset($HTTP_COOKIE_VARS['autologin_pass'])) {
// redirect to XOOPS_URL/ when query string exists (anti-CSRF)
if( ! empty( $HTTP_SERVER_VARS['QUERY_STRING'] ) ) {
redirect_header( XOOPS_URL . '/' , 0 , 'Now, logging in automatically' ) ;
exit ;
}
$myts =& MyTextSanitizer::getInstance();
$uname = $myts->stripSlashesGPC($HTTP_COOKIE_VARS['autologin_uname']);
$pass = $myts->stripSlashesGPC($HTTP_COOKIE_VARS['autologin_pass']);
Votes:1
Average:10.00
Login