Check out the LimeSurvey source code on GitHub!
Welcome, Guest
Username: Password:
  • Page:
  • 1
  • 2

TOPIC: Bypassing the authentication of Lime Survey

Bypassing the authentication of Lime Survey 3 years 6 months ago #93024

  • Ben_V
  • Ben_V's Avatar
  • Offline
  • Platinum Lime
  • Posts: 1805
  • Thank you received: 445
  • Karma: 111
Yes it's working and could be ok with some extra (php) security settings (avoiding the direct call of the page, etc.)

This said, if LS new releases provide such kind of feature (cf. authWebserver), I think it will always be much better and secure to use it... So, it will be really helpful if you can go further this way, reporting your experience and encountered bugs; I'm pretty sure that you'll get everything working very soon ;)
Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
All LS releases => bit.ly/1VMuTDu | 2.06lts => bit.ly/1Qv44A1
Demo surveys => bit.ly/20NW9V8 (already included in /docs/demosurveys)
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 4 weeks 14 hours ago #139830

  • carl05
  • carl05's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 5
  • Thank you received: 1
  • Karma: 0
I have LS running on a secure server, 2.50 - and this solution throws a 500 server error. I wonder, Ben, if there's something else going on based upon the version? What is the best solution do you think, in this case?
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 4 weeks 12 hours ago #139837

  • Ben_V
  • Ben_V's Avatar
  • Offline
  • Platinum Lime
  • Posts: 1805
  • Thank you received: 445
  • Karma: 111
Hi,
The workaround provided above is outdated and probably fully incompatible with new releases (including 2.06 )...

I think the only ways to go are now:
- using LimeSurvey RC2 api
- changing some standard config. in config-default.php to switch to server authentication mode:
https://github.com/LimeSurvey/LimeSurvey/blob/master/application/config/config-defaults.php#L154
Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
All LS releases => bit.ly/1VMuTDu | 2.06lts => bit.ly/1Qv44A1
Demo surveys => bit.ly/20NW9V8 (already included in /docs/demosurveys)
The administrator has disabled public write access.
The following user(s) said Thank You: carl05

Bypassing the authentication of Lime Survey 3 weeks 6 days ago #139858

  • carl05
  • carl05's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 5
  • Thank you received: 1
  • Karma: 0
Really appreciate the advice.

I think another way might be to use AuthWPbyDB - which is pretty similar in many ways. But in trying to hack the AuthWPbyDB code to pass through HTTP headers, I've found some aspects tricky. I'm a bit stuck with this:

if($this->addWpDb()){
$this->getEvent()->getContent($this)
->addContent(CHtml::tag($tag, array(), "<label for='user'>" . gT("Username") . "</label><input name='user' id='user' type='text' size='40' maxlength='40' value='' />"))
->addContent(CHtml::tag($tag, array(), "<label for='password'>" . gT("Password") . "</label><input name='password' id='password' type='password' size='40' maxlength='40' value='' />"));
}else{// No login form if unable to access to Wp DB


I'd like value to autopopulate the fields with my HTTP header variables, so people can just click once - but I don't know how to approach this syntax to pass through a value. The other way is just to strip out the login functionality altogether, but that might be an issue for superadmins. Ben, or anyone, if you can dig me out of this, it would be amazing!
The administrator has disabled public write access.
The following user(s) said Thank You: Ben_V

Bypassing the authentication of Lime Survey 3 weeks 6 days ago #139864

  • carl05
  • carl05's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 5
  • Thank you received: 1
  • Karma: 0
Sorry, re question above, got it fixed. thanks again
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 2 days 15 hours ago #141053

  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • Moderator Lime
  • Posts: 9305
  • Thank you received: 1330
  • Karma: 386
carl05 wrote:
Sorry, re question above, got it fixed. thanks again
hI,

Maybe you can provide an new Auth Plugin ? ;)
Assistance on LimeSurvey forum and LimeSurvey core developpement are on my free time (Say thanks ?).
A bug not reported is a bug not corrected. | Please, read the documentation | La doc en français à besoin de vous
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Moderators: ITEd
Time to create page: 0.272 seconds
Imprint                   Data Protection Statement                  Revocation information and revocation form