| Author |
|
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: February 27 2005 at 05:08 | IP Logged
|
|
|
Hey Dave,
would it be possible to add a function to PH to have multiple users and passwords for the webserver? It's not that unlimited users have to be added but three or five would meet my needs more. This way I can give my wife and in the future my daughter their own log-ins...
Peter
|
| Back to Top |
|
| |
dhoward
Admin Group
Joined: June 29 2001
Location: United States
Online Status: Offline
Posts: 4447
|
| Posted: February 28 2005 at 13:41 | IP Logged
|
|
|
Peter,
I can look at extending some of the authorization functionality and see what I can come up with. I would probably do this within PSP though rather than changing the default web functionality.
Based upon what Ive seen of yours so far where you are creating your own web pages, the existing PSP functionality may be sufficient for you. For example:
<%ph_rtne(if(ph_getwebbase64auth() = "dXNlcjpwYXNzd29yZA==",0,ph_setwebreturn(401)))%>
<%ph_getwburl("http://masteruser:masterpassword@127.0.0.1 :8000/ph-cgi/main",10)%>
If you were to copy and paste the above PSP script into a file called "index.psp" and put this file in your web directory, this would allow someone to access the main PowerHome page using the userid/password of "user/password".
I'll detail how it works: The first function ph_getwebbase64auth returns the raw userid and password that a user used to access the page. When a user first accesses the index.psp page, this will be blank. So PowerHome will then set the return value using the ph_setwebreturn function to 401 which means to ask for a userid and password. The user will then be presented with the browser's authorization dialog. When the user enters the appropriate userid and password, the browser again requests the index.psp page and this time the base64 encoding of the userid/password will be returned by the ph_getwebbase64auth function. If this matches the above string ("dXNlcjpwYXNzd29yZA==") which is user:password in base64, then the default return code of 200 (success) will be used. The next part of the PSP code retrieves the HTML of the main PowerHome page using the master userid and password and returns this.
At no time is the user ever privy to the master userid and password and you are able to user any userid and password you like by changing the base64 authorization string.
Using this technique, you could check for multiple authorizations and return pages specific to the user that logged in.
Let me know if you need help,
Dave.
|
| Back to Top |
|
| |
TonyNo
Moderator Group
Joined: December 05 2001
Location: United States
Online Status: Offline
Posts: 2889
|
| Posted: February 28 2005 at 15:43 | IP Logged
|
|
|
Good work-around!
Tony
|
| Back to Top |
|
| |
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: September 30 2006 at 07:17 | IP Logged
|
|
|
I waited a bit to start again with this project since there was no hurry... So I looked into this again and unable to make it work... I coded a password and username with ph_base64encode("user:pass") (not the real pass/user) and got the correct base64 string returned and so I put this with a copy&paste into the Page but PH keeps asking for a password...
What seems to be wrong here?
Peter
Edited by krommetje - September 30 2006 at 07:54
|
| Back to Top |
|
| |
TonyNo
Moderator Group
Joined: December 05 2001
Location: United States
Online Status: Offline
Posts: 2889
|
| Posted: September 30 2006 at 09:54 | IP Logged
|
|
|
I'm pretty sure this functionality (user:password@) was removed from IE in one of the older Security Updates. It should work in Firefox, though.
|
| Back to Top |
|
| |
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: October 03 2006 at 12:32 | IP Logged
|
|
|
TonyNo wrote:
| I'm pretty sure this functionality (user:password@) was removed from IE in one of the older Security Updates. It should work in Firefox, though. |
|
|
It doesn't work in forefox either, that is the $64000 question!!! 
Peter
|
| Back to Top |
|
| |
dhoward
Admin Group
Joined: June 29 2001
Location: United States
Online Status: Offline
Posts: 4447
|
| Posted: October 03 2006 at 21:52 | IP Logged
|
|
|
Peter,
I just tested this out and it worked no problem. I re-read my post and probably what I forgot to mention is that you must set the Access to PSP pages to "Any".
By creating the index.psp, this will become your default launch page. Since the PSP access is now any, then anyone can run any PSP page (so you'll have to add the first line above and do the userid/password authentication in every PSP). The first line of the PSP checks the supplied password and gives you a prompt if they don't match.
I also verified the technique of passing the userid:password on the command line and it worked (at least on my machine which is a fresh install of Windows XP sp2, no updates). It's possible that this has been removed as Tony says in a recent security patch, but I was hoping that it would still be available in the activex control that the ph_getwburl function uses. You could add 127.0.0.1 to the trusted IP's and then you wouldnt have to have a userid/password combo in the ph_getwburl function. This would however mean that the PowerHome machine does not require any userid/passwords when accessing PowerHome from itself.
HTH,
Dave.
|
| Back to Top |
|
| |
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: October 04 2006 at 09:54 | IP Logged
|
|
|
I'll get on it ASAP! Thank you 
|
| Back to Top |
|
| |
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: October 18 2006 at 14:32 | IP Logged
|
|
|
Somehow I just can't get this to work, PH keeps asking for more logins.... what am I missing here?
Peter
|
| Back to Top |
|
| |
dhoward
Admin Group
Joined: June 29 2001
Location: United States
Online Status: Offline
Posts: 4447
|
| Posted: October 18 2006 at 21:16 | IP Logged
|
|
|
Peter,
In the Webserver setup page, do you have the Access for PSP pages set to "Any"? Have you reinitialized after changing this setting?
If you create a file named "index.psp" in the webserver directory with the following text:
Code:
<%ph_getwburl("http://masteruser:masterpassword@127.0.0.1 :8000/ph-cgi/main",10)%>
|
|
|
Do you get any password prompts? Also, in the above code, make sure you change the masteruser:masterpassword to your actual userid and password. You also may need to adjust the port from 8000.
Let me know how this goes.
Dave.
|
| Back to Top |
|
| |
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: October 22 2006 at 18:50 | IP Logged
|
|
|
this is the actual page called:
Code:
<%ph_rtne(if(ph_getwebbase64auth()="YW5raWU6bWFpa2UwMw==" ,0,p h_setwebreturn(401)))%>
<%ph_getwburl("http://MUNGED:MUNGED@127.0.0.1/ph-cgi/main ",30)%>
|
|
|
After entering the second users Name and Pass, it takes about 5 seconds and then a new PasswordDiaglogbox appears...
the altered value for exending time-out is for tha fact that my wife sometimes uses her Mobile Phone ...
Peter
Edited by krommetje - October 22 2006 at 18:53
|
| Back to Top |
|
| |
dhoward
Admin Group
Joined: June 29 2001
Location: United States
Online Status: Offline
Posts: 4447
|
| Posted: October 24 2006 at 14:30 | IP Logged
|
|
|
Peter,
Try taking out the first line and have just the ph_getwburl line. Let's see where that gets us and take it from there.
Dave.
|
| Back to Top |
|
| |
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: October 26 2006 at 06:57 | IP Logged
|
|
|
If I take the first line out, then the normal Passwordbox appears and I must login with my User/Pass as defined in Powerhome.
If I do this and remove the %> and the <% between ph_setwebreturn... and the ph_getwburl...
Code:
<%ph_rtne(if(ph_getwebbase64auth()="YW5raWU6bWFpa2UwMw==" ,0,ph_setwebreturn(401)))
ph_getwburl("http://MUNGED:MUNGED@127.0.0.1/ph-cgi/main ",30)%>
|
|
|
then the result is a !
Peter
p.s. Does PH have .htaccess support?
Edited by krommetje - October 26 2006 at 07:01
|
| Back to Top |
|
| |
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: October 26 2006 at 06:59 | IP Logged
|
|
|
Update:
when I take the IF statement out of the first line, then no login is needed as shown in the LOG:
Code:
From: 62.163.238.60 GET /ph-cgi/eventlog?page=1 HTTP/1.1 Host: homecontrol.krommetje.nl:9600 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; nl; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0 .9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: nl,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://homecontrol.krommetje.nl:9600/ankie.psp Authorization: Basic a3JvbW1ldGplOmtwM2VhZzRl
|
|
|
Peter
|
| Back to Top |
|
| |
dhoward
Admin Group
Joined: June 29 2001
Location: United States
Online Status: Offline
Posts: 4447
|
| Posted: October 28 2006 at 21:04 | IP Logged
|
|
|
Peter,
Ok, if you take out the first line and run just the second line and get the PowerHome webserver userid and password login, then it sounds as if the access level for PSP pages is not set to "Any". Verify this setting in the webserver setup and if it's not set to "Any", then change it and reinitalize PowerHome.
If it is set to "Any", then we need to figure out why you're being prompted for a password.
Let me know,
Dave.
|
| Back to Top |
|
| |
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: October 29 2006 at 02:32 | IP Logged
|
|
|
I just checked and double checked: PSP is set to any...
Peter
|
| Back to Top |
|
| |
dhoward
Admin Group
Joined: June 29 2001
Location: United States
Online Status: Offline
Posts: 4447
|
| Posted: November 03 2006 at 14:49 | IP Logged
|
|
|
Arghhhh!!
Thats not good. One more test then. Save the code below with a PSP extension and try bringing it up in your browser:
Code:
<html>
<body><h1>This is a test</h1></body>
</html>
|
|
|
If this comes up asking for a userid/password, then it's almost as if your pwrhome.ini file is corrupt or something is wrong with the PowerHome webserver because if the PSP access is set as "Any", then you should have no password prompts.
Let me know,
Dave.
|
| Back to Top |
|
| |
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: November 03 2006 at 23:52 | IP Logged
|
|
|
No password box... so No problem there but this can be explained since I have my whole network segment 192.168.* entered in PH as non-authenticate
Peter
|
| Back to Top |
|
| |
dhoward
Admin Group
Joined: June 29 2001
Location: United States
Online Status: Offline
Posts: 4447
|
| Posted: November 21 2006 at 13:11 | IP Logged
|
|
|
Peter,
Since you've got the 192.168.* segment as authorized, try temporarily removing this and then reinitializing. Then try the last little PSP above. We need to make sure that PSP itself is successfully being executed without requiring credentials.
Thanks,
Dave.
|
| Back to Top |
|
| |
krommetje
Super User
Joined: December 29 2004
Location: Netherlands
Online Status: Offline
Posts: 695
|
| Posted: November 30 2006 at 03:44 | IP Logged
|
|
|
HAd a busy few weeks
I've tried to logon to PH with my PDA through a GPRS/UMTS modem Internet-Connection and used:
http://username:password@homecontrol.mydomain.com:9600
and this works!!
Peter
|
| Back to Top |
|
| |
Active Topics 
Memberlist 
Search 
Help
Register 
Login
PowerHome Messageboard : PowerHome Feature Requests
Topic: multiple users and passwords
