Search Results

Search found 15556 results on 623 pages for 'login controls'.

Page 262/623 | < Previous Page | 258 259 260 261 262 263 264 265 266 267 268 269  | Next Page >

• SQL Profiles showing high activity

  - by Wong Chi

  I am running my application locally -- ie. No external traffic and very low number of queries, fully under my control. I see tons of 'Audit Login' and 'Audit Logout' events. What are these and where are they actually stored (ie. Where is this audit log)? Are these a hint of a problem with connections, because I have only a simple connection string within my app and thought that connections would remain active throughout the operation of my app (ie. a single login at launch, and then a single logout when terminating).

  Read the article

• MySQL/PHP: How to insert logged in user id into another table that is gathering data from a form tha

  - by Lisa

  For the first time I am needing to join information from two tables and am quite nervous about doing it without any advice first. Basically, I am building a secure site that is accessed by authorised users. I have my login table with user_id, username, password Once the user is on the site, they have the option of inputting data into another table called input. At the moment this table only captures the information that is entered, not the user_id or username of the inputter. I would like the form to be able to input the user_id and/or username from the login table into the input table. Please could somebody talk me through this process? I am sure that once this is amended, I will then be able to use the table to only allow the logged in user to access the information that he or she have inputted, is that correct? Many thanks

  Read the article

• Are global comment systems a privacy concern?

  - by Stefano Borini

  I more and more see these global login-once comment-everywhere systems on every page. I didn't do my homework of tinkering debugging and search before asking, so my question is as follows: You login on site A and leave a comment. Now you go on site B, which uses the same global comment system. At the bottom of the page a request form with your name and data appears for you to add a comment on B page. You don't leave any comment and browse away. Does the global-comment provider get information about the fact that you visited page B, even if you don't leave any comment ? I will dig into the code as soon as I have time, but in the meanwhile I would like to ask your insights on this regard.

  Read the article

• (PHP)how to hold javascript alertbox on screen

  - by Piyush

  when user changes password I want to show message "Successfully changed!" and when user clicks on OK button of alert box I call logout.php and force user to login with new password.But the problem is PHP header() is not waiting for alertbox and directly goes to logout.php. my code- if($count==1) { $sqlchange="UPDATE $tbl_name SET password='$newpassword' WHERE userId='$myusername'"; unset($result); $result=mysql_query($sqlchange,$link); if($result>0) { ?> <script type="text/javascript"> alert("Your Password has been changed successfully.Please login again."); </script> <?php header("location:logout.php"); exit; } else {....

  Read the article

• Android XML-RPC Serialization Issue

  - by Josh Pennington

  I am attempting to use Android XML-RPC and for some calls I get the following exception: W/System.err( 837): java.io.IOException: Cannot serialize java.lang.Object@43759748 It looks like it is having troubles serializing the returned data, but I cannot find much documentation on how to actually use Android XML-RPC. The way I am using Android XML-RPC is as follows: Object response = (Object)client.call("sales_order.list", new Object()); This one is pretty odd. I have tried setting this call up in a few different ways (using HashMaps, not passing second variable, etc) and the response I get is that sales_order.list is not a valid Method. I have been able to login to the service using the following code: this.sessionId = (String)client.call("login", this.apiUserName, this.apiPassword); Does anyone have any ideas or a good resource on how to use Android XML-RPC? Thanks

  Read the article

• Issues with start activity for result

  - by rodkarom

  I have written an Activity using Theme.Holo.Dialog so that it works as an AlertDialog as a login/password notice. I've started this activity with startActivityForResult(...) using a request code I defined. The thing is, whenever I start the activity ´onActivityResult(...)´ is triggered immediately, the buttons get loaded and everything, but once I press them, even though I know the Activity is working because login does happen, there is no result sent back to the first Activity and I am calling setResult(...) and finish() after the buttons are pressed. Thanks in advance, first time using startActivityForResult so I'm sure I must be missing something.

  Read the article

• does webapp has 'elseif' or 'elif' in template tags..

  - by zjm1126

  my code is : Hello!~~~ {% if user %} <p>Logged in as {{ user.first_name }} {{ user.last_name }}.</p> {% elif openid_user%} <p>Hello, {{openid_user.nickname}}! Do you want to <a href="{{openid_logout_url}}">Log out?</p> {% else %} <p><a href="/login?redirect={{ current_url }}">google Log in</a>.</p> <p><a href="/twitter">twitter Log in</a>.</p> <p><a href="/facebook">facebook Log in</a>.</p> <p><a href="{{openid_login_url}}">openid Log in</a>.</p> <iframe src="/_openid/login?continue=/"></iframe> {% endif %} the error is : TemplateSyntaxError: Invalid block tag: 'elif' does not webapp has a 'else if ' ? thanks

  Read the article

• PhotobucketNet photo upload

  - by n1tr0

  I have a problem with PhotobucketNet user login(I need user to login so I can upload a picture from HDD to his Photobucket account). Photobucket photobucket = new Photobucket("myapikey", "myapisecret"); photobucket.LaunchUserLogin(); // the problem happens here photobucket.RequestUserToken(); If I call RequestUserToken() it will happen immediately, so I'll get a crash cause user didn't logged in, and there is no event that's been raised after user logs in. Is there some variable(bool or something else) that I can check to see if user logged in - maybe to put it in a loop with timer? Also is their a way to know if user canceled logging in? I know that timer isn't a good solution, so if anyone has anything better as an idea, I'm open for any suggestions...

  Read the article

• Which SharePoint Authentication Mode Should I be using for this scenario?

  - by Dynamic

  I currently have a sharepoint 2010 site for which NTLM windows authentication has been enabled (by default it is against Active Directory I believe). I'd need to change this so that I have 1 custom login page which accepts username/password/domain and validates those information against the active directory, then if that was valid, I'll write logic to logon to another webservice which is located on another server and returns me a unique sessionId that I can store (as a cookie) for further use. Please could you advise which authentication mode I can use to create this custom login page? should that be FBA against AD? not sure how that works. Thanks in advance.

  Read the article

• Can somebody explain the difference between exceptions and errors (specific to PHP)?

  - by letseatfood

  I am having trouble figuring the best way to display errors to my clients. Should I use exceptions or errors? For example, if the user's login information does not match the database, should I throw new Exception('Login information is incorrect. Please try again.') and catch it with an exception handler using set_exception_handler()? Or, should I use trigger_error() to display an error message to the user? I think the main issue is that I cannot differentiate between errors and exceptions. I have read a lot of "answers" to this question on the internet and in some books, but it seems that people are really divided or aren't sure. Thanks!

  Read the article

• Forms Authentication Across Applications Stopped Working

  - by colleski

  Hi, I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - http://msdn.microsoft.com/en-us/library/eb0zx8fc(v=VS.80).aspx. Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore. Any ideas as to which security update would have caused this and if its possible to rollback? I've looked at a few suggestions on this (e.g. Cross app on subdomain form authentication not working) and other sites but no luck so far Any help would be appreciated. Thanks

  Read the article

• Communicating between an overlayed iFrame and the underlying page (LAMP)

  - by stef

  I have a small form is to be filled in. If the user is logged in, the form is submitted as normal. If the user is not logged in, I show an overlayer with an iframe'd page that contains a login box where he enters his credentials. If the credentials are correct I can "break out" of the frame to "return" to the main page, but how can I update this main page for example to show "you are now logged in" and to change the JS / PHP login that determines whether or not the form can be submitted normally and not be intercepted again by the overlayer prompt? Afaik, these two separate pages are not aware of each other so I'm struggling to find a solution to this problem. This is in a LAMP / jQuery / CodeIgniter environment. EDIT: Could CodeIgniter's XML RPC class be useful for this?

  Read the article

• How to select Distinct records from SQL without a primary key

  - by Satheesh

  I need to show a Notification on user login if there is any unread messages.So if multiple users send(5 messages each) while the user is in offline these messages should be shown on login.Means have to show the last messages from each user. I use joining to find records. In this scenario Message from User is not a primary key. This is my query SELECT UserMessageConversations.MessageFrom, UserMessageConversations.MessageFromUserName,UserMessages.MessageTo, UserMessageConversations.IsGroupChat, UserMessageConversations.IsLocationChat, UserMessageConversations.Message, UserMessages.UserGroupID,UserMessages.LocationID FROM UserMessageConversations LEFT OUTER JOIN UserMessages ON UserMessageConversations.UserMessageID = UserMessages.UserMessageID ![enter image description here][1]Where UserMessageConversations.MessageTo=743 AND UserMessageConversations.ReadFlag=0 This is the output obtained from above query. MessageFrom -582 appears twice. I need only one record of this User. How is it possible

  Read the article

• Deleting a cookie in Javascript not working

  - by DisgruntledGoat

  I have a site where authentication is done externally (which I can't access), so I'm creating a cookie on login in order to display a welcome message to the user. Creating the cookie works fine, I write to document.cookie when the login form submits. But deleting the cookie doesn't work. Here's my code (logout.php does the external authentication stuff): <a href="http://external.com/logout.php" style="float:right" onclick="document.cookie='BRLOG=; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.example.com;'">Logout</a>

  Read the article

• Authorization/Licensing of Webservice

  - by Burhan

  I have developed a web service which accepts the login credentials from the XML message passed to it. I have concerns over this method as the developer who consumes the service can easily share the login credentials and my service can be called from some other application that uses the same credentials. Is there any way that I can issue a 'license' to some specific applications? So that, even if credentials are shared among the consuming apps, only authorized ones can successfully consume the service. P.S: I thought about implementing IP restrictions but that doesn't serve the purpose as we may have different applications installed on a same server (we do have such a scenario implemented).

  Read the article

• Authenticating model - best practices

  - by zerkms

  I come into ASP.NET from php so the reason why i ask my question is because it's totally different nature of how application works and handles requests. well, i have an exists table with user creditians, such as: id, login, password (sha hashed), email, phone, room i have built custom membership provider so it can handle my own database authentication schema. and now i'm confused, because User.Identity.Name contains only user's login, but not the complete object (i'm using linq2sql to communicate with database and i need in it's User object to work). at php applications i just store user object at some static method at Auth class (or some another), but here at ASP.NET MVC i cannot do this, because static member is shared across all requests and permanent, and not lives within only current request (as it was at php). so my question is: how and where should i retrieve and store linq2sql user object to work with it within current and only current request? (after request processed successfully i expect it will be disposed from memory and on next request will be created again). or i'm following totally wrong way?

  Read the article

• Trying to understand the Zend_Auth OpenId

  - by Will Olbrys

  I'm using a slightly modified version of the Zend_Auth_OpenId classes to get openid logins from google apps. The results are very positive, as I seem to be getting successful results from Google. I cannot get successful results passed to Zend_Auth, though. For example, Zend_Auth_Adapter_OpenId on line 241: if (!$consumer->login($id, $this->_returnTo, $this->_root, $this->_extensions, $this->_response)) { return new Zend_Auth_Result( Zend_Auth_Result::FAILURE, $id, array("Authentication failed", $consumer->getError())); } The consumer calls login() which in turn calls the private method _checkId() in Zend_OpenId_Consumer. _checkId() always ends in redirecting to the openid server. How is this ever supposed to return a valid Zend_Auth_Result object? I'm pretty close to giving up and trying to implement another OpenId library, but I'm so close to just making this work. I must be missing something so obvious! Maybe I don't understand how openid works exactly, but if someone could help me understand I would really appreciate it.

  Read the article

• Where should I place a function that I want to run before the cached page is served (Drupal)

  - by kidbrax

  We have a intranet site that runs on Drupal. If an employee hits the site from outside our network they are required to login first. If they are already in our network, they can browse around freely. So we have a function that checks where they are coming from and redirects them to a login page if they are from outside. If we enable caching, they are not redirected because the cached page is rendered without running our function. The code currently exists inside of the theme_preprocess function. Where can I put it so that it always runs before the cached pages are served?

  Read the article

• how to maintain session in cURL in php?

  - by newbie programmer

  how can we maintain session in cURL? i'am having a code the sends login details of a site and logs in successfully i need to get the session maintained at the site to continue. here is my code that used to login to the site using cURL <?php $socket = curl_init(); curl_setopt($socket, CURLOPT_URL, "http://www.XXXXXXX.com"); curl_setopt($socket, CURLOPT_REFERER, "http://www.XXXXXXX.com"); curl_setopt($socket, CURLOPT_POST, true); curl_setopt($socket, CURLOPT_USERAGENT, $agent); curl_setopt($socket, CURLOPT_POSTFIELDS, "form_logusername=XXXXX&form_logpassword=XXXXX"); curl_setopt($socket, CURLOPT_COOKIESESSION, true); curl_setopt($socket, CURLOPT_COOKIEJAR, "cookies.txt"); curl_setopt($socket, CURLOPT_COOKIEFILE, "cookies.txt"); $data = curl_exec($socket); curl_close($socket); ?>

  Read the article

• Why is my socket closing?

  - by Tommy3244

  Ok, so I am making a multiplayer game. I am working out the kinks in the server/client connectivity system. I can't seam to work out this error. Mainly, my server code does the following: Accepts Client Using SocketServer Module CLIENT -- SERVER sends Login byte (1 byte) + login username and password (200 bytes) SERVER request for 1 byte by struct.calcsize('b') CLIENT has exception on read SERVER recieves byte from CLIENT and sends CLIENT a struct packed byte with the value of 4 SERVER has exception on send So, it is the client excepting. The client exception is: socket.error: (10054, 'Connection reset by peer') And the server error is this: error: (9, 'Bad file descriptor')

  Read the article

• pound character(#) in asp.net ajax

  - by Praveen Prasad

  iam using asp.net and asp.net-ajax every thing happens on browser urls are of format http://somepage#page1 http://somepage#page2 http://somepage#page3 now all these urls are in a secured folder when logged in user directly types (or use bookmark) a url like below, he is shown that page http://somepage#page2 -- (bookmarked url lying in secured folder) now when a user user who is not logged in directly type above url he gets redirected to login page but on login page in redirection url iam unable to read characters after pound (#) sign. iam just getting redirection url= "http://somepage" while i want it to be "http://somepage#page2" is there is any way i can do this

  Read the article

• Same Salt, Different Encrypted Password is not working? Using Linq to update password.

  - by Xaisoft

  Hello, I am running into a wall regarding changing the password and was wondering if anyone had any ideas. Here are the database values prior to changing the password: Clear Text password = abc1980 Encrypted Password = Yn1N5l+4AUqkOM3WYO7ww/sCN+o= Salt = 82qVIhUIoblBRIRvFSZ1fw== After I change my password to abc1973, salt remains the same, but the Encrypted Password changes which is supposed to happen: Encrypted Password = rHtjLq3qxAl/7T1GfkxrsHzPsNk= However, when I try to login with abc1973 as the password, it does not login. If I try abc1980, it logs me in. It is updating the database, is it caching the values somewhere? Any ideas?

  Read the article

• HELP!!! session variables survives after logout!!!

  - by Alejandra

  Hi guys! I have a problem, will explain how to reproduce the problem: 1- login into my page (sesion variables set as $_SESSION['logged'] = true and $_SESSION['id'] = 123 2-then inside the main menu I click logout option, code like this function logout() { session_start(); $_SESSION['id'] = null; $_SESSION['logged'] = null; unset($_SESSION); session_destroy(); require_once('Views/SessionExpiredView.php'); } 3- In the session expired view I display a link the login page, there session is null 4- I click back on the browser and click ok to resend information 5- session becomes again $_SESSION['logged'] = true and $_SESSION['id'] = 123 and I'm loggued again and able to see all the information related to the id 123 This is a security issue and I don't know what is happening!!! any suggestion will be deeply appreciated. Alejandra

  Read the article

• How do stop form posting to mysql if database contains a specific ID?

  - by user342391

  I have a form that I am using to post data to mysql. Before submitting the form I want to check the database and see if there are any fields in the column 'customerid' that equal 'userid' and if so not to post the form. Basically, I am trying to limit my users from posting more than once. Users will be able to login to my system and make ONE post. They will be able to delete and modify their post but are only limited to one post. How would I do this??? Code so far: <?php include '../login/dbc.php'; page_protect(); $userid = $_SESSION['user_id']; $sql="INSERT INTO content (customerid, weburl, title, description) VALUES ('$_POST[userid]','$_POST[webaddress]','$_POST[pagetitle]','$_POST[pagedescription]')"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } echo "1 record added"; ?>

  Read the article

• session fixation

  - by markiv

  Hi All, I am new to web development, and trying to get a hold on security issues. I went through this article on http://guides.rubyonrails.org/security.html these are some of the steps the author has mentioned how an attacker fixes session. 1. The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). 2. He possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore he accesses the web application from time to time in order to keep the session alive. 3. Now the attacker will force the user’s browser into using this session id (see number 3 in the image). As you may not change a cookie of another domain (because of the same origin policy), the attacker has to run a JavaScript from the domain of the target web application. Injecting the JavaScript code into the application by XSS accomplishes this attack. Here is an example: <script>?document.cookie="_session_id=16d5b78abb28e3d6206b60f22a03c8d9";?</script>. Read more about XSS and injection later on. 4. The attacker lures the victim to the infected page with the JavaScript code. By viewing the page, the victim’s browser will change the session id to the trap session id. 5. As the new trap session is unused, the web application will require the user to authenticate. 6. From now on, the victim and the attacker will co-use the web application with the same session: The session became valid and the victim didn’t notice the attack. I dont understand couple of points. i) why is user made to login in step5, since session is sent through. ii) I saw possible solutions on wiki, like user properties check and others why cant we just reset the session for the user whoever is login in when they enter username and password in step5? Thanks in advance Markiv

  Read the article

< Previous Page | 258 259 260 261 262 263 264 265 266 267 268 269  | Next Page >