Check out the LimeSurvey source code on GitHub!
Welcome, Guest
Username: Password:

TOPIC: Bypassing the authentication of Lime Survey

Bypassing the authentication of Lime Survey 3 years 5 months ago #92973

  • JVG
  • JVG's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 7
  • Karma: 0
Hi,

We are developing an app based on CI and integrating it with lime survey.
The requirement is that when admin logs in into our app and clicks onto the survey link he should be redirected to the admin panel. But the problem we are facing is bypassing the limesurvey authentication.

We have tried with delegating authentication to webserver but we are unable to do so. I've gone through the instructions of optional seetings and implemented it too..But it throws an error with invalid username/password when authWebServer is set to true..i am unable to track the problem or is there something to do with enabling authentication at the web server?

So we request you to suggest a wayout for this.
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 3 years 5 months ago #92976

  • Ben_V
  • Ben_V's Avatar
  • Online
  • Platinum Lime
  • Posts: 1795
  • Thank you received: 439
  • Karma: 110
You can copy the login form in an external file, setting user & password default values.
Use JQuery for submit button emulation.

To help you to find a way, I attach 2 html samples (depend on your LS version):
Just adapt:
YOURDOMAIN
USERNAME
PASSWORD

No need to upload; can work from your desktop if the 'action' url value is correct...

If you have to use some differents sets admin+password, just change it for php file and set variables.

File Attachment:

File Name: skip_auth.zip
File Size:3 KB
Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
All LS releases => bit.ly/1VMuTDu | 2.06lts => bit.ly/1Qv44A1
Demo surveys => bit.ly/20NW9V8 (already included in /docs/demosurveys)
The administrator has disabled public write access.
The following user(s) said Thank You: JVG

Bypassing the authentication of Lime Survey 3 years 5 months ago #92978

  • DenisChenu
  • DenisChenu's Avatar
  • Online
  • Moderator Lime
  • Posts: 9279
  • Thank you received: 1323
  • Karma: 383
JVG wrote:
We have tried with delegating authentication to webserver but we are unable to do so. I've gone through the instructions of optional seetings and implemented it too..But it throws an error with invalid username/password when authWebServer is set to true..i am unable to track the problem or is there something to do with enabling authentication at the web server?
What is your version ?

There are some patch for authWebServer in the last version.

Denis
Assistance on LimeSurvey forum and LimeSurvey core developpement are on my free time (Say thanks ?).
A bug not reported is a bug not corrected. | Please, read the documentation | La doc en français à besoin de vous
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 3 years 5 months ago #92980

  • JVG
  • JVG's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 7
  • Karma: 0
I am using 2.0 version. Can u please attach the link for the patch. Does it bypass LimeSurvey authentication?
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 3 years 5 months ago #92981

  • DenisChenu
  • DenisChenu's Avatar
  • Online
  • Moderator Lime
  • Posts: 9279
  • Thank you received: 1323
  • Karma: 383
JVG wrote:
I am using 2.0 version.
Buils number ?
Can u please attach the link for the patch. Does it bypass LimeSurvey authentication?
LS oficial core last build number : github.com/LimeSurvey/LimeSurvey
Assistance on LimeSurvey forum and LimeSurvey core developpement are on my free time (Say thanks ?).
A bug not reported is a bug not corrected. | Please, read the documentation | La doc en français à besoin de vous
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 3 years 5 months ago #92983

  • JVG
  • JVG's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 7
  • Karma: 0
I am using LS with build number is 130206.Will my problem be solved if i replace it with above build?
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 3 years 5 months ago #92995

  • JVG
  • JVG's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 7
  • Karma: 0
I tried installing the latest build that you suggested but still there is a problem. What I need is when I login through my app and when I click on the link 'Add survey' it should bypass LimeSurvey authentication and show me the admin panel directly.

I installed the new build and reset the authWebserver variable to 'true' and edited the admin name from 'lime_users' table to the same name as is in my app login for admin. When I was done with al these changes and clicked on link 'Add survey' it redirects to this page
http://localhost/LimeSurvey-master/index.php/admin/authentication/sa/login with error Invalid username/password

Please help me through this.

Thank you
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 3 years 5 months ago #93007

  • DenisChenu
  • DenisChenu's Avatar
  • Online
  • Moderator Lime
  • Posts: 9279
  • Thank you received: 1323
  • Karma: 383
Never used autWebServer,

Can you set debug to 2 and fill a bug report ?

Denis
www.limesurvey.org/en/community-services/bug-tracker
Assistance on LimeSurvey forum and LimeSurvey core developpement are on my free time (Say thanks ?).
A bug not reported is a bug not corrected. | Please, read the documentation | La doc en français à besoin de vous
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 3 years 5 months ago #93009

  • JVG
  • JVG's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 7
  • Karma: 0
I didnt get u? what is debug to 2?

Yes, will fill a bug report

Thank You.
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 3 years 5 months ago #93020

  • JVG
  • JVG's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 7
  • Karma: 0
Ben_V Wrote:
To help you to find a way, I attach 2 html samples (depend on your LS version):
Just adapt:
YOURDOMAIN
USERNAME
PASSWORD



Thank You so much. I tried with the script and its working!!! :)
Last Edit: 3 years 5 months ago by JVG. Reason: forgot to add few lines
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 3 years 5 months ago #93024

  • Ben_V
  • Ben_V's Avatar
  • Online
  • Platinum Lime
  • Posts: 1795
  • Thank you received: 439
  • Karma: 110
Yes it's working and could be ok with some extra (php) security settings (avoiding the direct call of the page, etc.)

This said, if LS new releases provide such kind of feature (cf. authWebserver), I think it will always be much better and secure to use it... So, it will be really helpful if you can go further this way, reporting your experience and encountered bugs; I'm pretty sure that you'll get everything working very soon ;)
Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
All LS releases => bit.ly/1VMuTDu | 2.06lts => bit.ly/1Qv44A1
Demo surveys => bit.ly/20NW9V8 (already included in /docs/demosurveys)
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.456 seconds
Imprint                   Data Protection Statement                  Revocation information and revocation form