|
[dokuwiki]
||
[Date Prev]
[10-2007 Date Index]
[Date Next]
||
[Thread Prev]
[10-2007 Thread Index]
[Thread Next]
[dokuwiki] Re: Security Token problem.
- From: Michael Klier <chi@xxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Mon, 1 Oct 2007 21:45:27 +0200
Terence J. Grant wrote:
> Hi guys,
>
> >I've check it and the problem is simply template related.
> >I've changed my default template to the "monobook" tpl two weeks ago and
> >it does not create the hidden sectok field used like security token.
> >Probably it's an old template release, as i guess that the filed is
> >created automatically by some new tpl Api.
>
> > Ah, right. If the template uses the build in functions for creating the
> > forms, the sectoken will be added automatically. But I think the Monobook
> > template uses a custom login form in the sidebar.
>
> Monobook doesn't create a custom form for the login page.
> Monobook doesn't access login page APIs or anything like that.
> Monobook just links a page served up by the dokuwiki engine:
> "doku.php?do=login"
> So somebody (Andi?) may wish to investigate what's happening
> differently in the "do=login" screen.
>
> It's not a template problem from my P.O.V.
Given your example above it is a template problem. You either have to
use the tpl_actionlink() function to generate the login link or if you
build it yourself, like your example implies, you have to add the
security token manually:
"doku.php?do=login&sectok=<?php echo getSecurityToken()?>"
otherwise it wont work. This however only affects the latest development
version of DW and if Andi decides to remove the sectok check from the
login action it`s no problem after all.
Best Regards,
Chi
--
Michael Klier
mail: chi@xxxxxxxxxxx
www: http://www.chimeric.de
icq: 206179334
jabber: chi@xxxxxxxxxxxxxxxxxx
key: http://downloads.chimeric.de/chi.asc
key-id: 0x8308F551
|
|
