On Mon, Feb 9, 2009 at 9:56 AM, Hans - softflow.co.uk <[email protected]> wrote: > > Thanks! Data saves now. > > As for crypting: perhaps you could add a function like this: > > function BOLTFcrypt($args, $zone='') { > $BOLTcrypt = BOLTconfig('BOLTcrypt'); > return crypt($args[''][0],$BOLTcrypt); > }
Yes, this is exactly how to do it. It's already available in the crypt plugin: http://www.boltwire.com/index.php?p=solutions.system.crypt I've tried to keep BoltWire light by only putting critical stuff in the core. But make it easy to create and install plugins. Just download the crypt.php file above and drop it in boltwire/farm/plugins. Then in your wiki go to action.plugins. Select crypt, and it will automatically enable the plugin. If there were wiki pages to install as well, they could be saved as a .backup file and be automatically imported simultaneously. The action.plugins page simply adds enableCrypt to site.config. You can do it manually as well. If you only want this plugin available in the login hierarchy, you can do enableCrypt: login* The asterisk means all the child pages. Without it, it's only available on one page. > With this added I tested: > Then when I use in a page [(crypt secret)] it will show the password > 'secret' encrypted. If I save this with Data on the member's page > field password, the new password works. BoltWire is set to recognize either encrypted or plain text passwords automatically. Well, it just checks for both. > But I did not know how to add the 'crypt' function to a form: > I tried this: > > [form] > [text password "{:password}"] > [submit 'Change Password'] > [session savedata <(crypt password)>] > [form] > > But it did not work. First, If you look in the crypt plugin you will see the model for creating a simple command. Similar to functions, but slightly different. With that you should be able to do: [form] [text password "{:password}"] [submit 'Change Password'] [session crypt password] // encrypts the value of field=password [session savedata password] // saves the value of field=password [form] Second, as noted above, savedata takes one or more names of field names (not values), like: [session savedata field1,field2]. However, you also need to set the target page or it will save to current page. In this case you would do: [form] [text password "{:password}"] [submit 'Change Password'] [session target login.{id}] [session savedata password] [form] Note, if you put this form on an action page, like action.password, you can do [[login.{id}&action=password|Reset Password]] and it will use login.{id} as the base page, in which case the target line is not needed. On another note, I realized in an earlier email that the site.auth.data page only checks permissions to reading data, not saving them. So this form would work for anyone, not just an admin. Of course the target page could be hardcoded, but it makes me uncomfortable that there's even a remote possibility of members changing other people's passwords. In the next release, coming out shortly, there will be fix to this, so the same settings will work for reading and writing data values. I just hacked the crypt function to assist with the permissions problems in setting up a password changing form, and set up a new solution page with info on how to use it. Take a look here: http://www.boltwire.com/index.php?p=solutions.community.passwords Let me know if you have questions or problems. The permissions trick I added to crypt.php will be necessary once you upgrade to 2.43 as I will tighten down the security on saving data values. Cheers, Dan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/boltwire?hl=en -~----------~----~----~----~------~----~------~--~---
