Check out the LimeSurvey source code on GitHub!
Welcome, Guest
Username: Password:
  • Page:
  • 1
  • 2

TOPIC: Bypassing the authentication of Lime Survey

Bypassing the authentication of Lime Survey 3 years 9 months ago #93024

  • Ben_V
  • Ben_V's Avatar
  • Offline
  • Platinum Lime
  • Posts: 1897
  • Thank you received: 469
  • Karma: 118
Yes it's working and could be ok with some extra (php) security settings (avoiding the direct call of the page, etc.)

This said, if LS new releases provide such kind of feature (cf. authWebserver), I think it will always be much better and secure to use it... So, it will be really helpful if you can go further this way, reporting your experience and encountered bugs; I'm pretty sure that you'll get everything working very soon ;)
Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
All LS releases => bit.ly/1VMuTDu | 2.06lts => bit.ly/1Qv44A1
Demo surveys => goo.gl/HuR6Xe (already included in /docs/demosurveys)
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 4 months 1 week ago #139830

  • carl05
  • carl05's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 5
  • Thank you received: 1
  • Karma: 0
I have LS running on a secure server, 2.50 - and this solution throws a 500 server error. I wonder, Ben, if there's something else going on based upon the version? What is the best solution do you think, in this case?
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 4 months 1 week ago #139837

  • Ben_V
  • Ben_V's Avatar
  • Offline
  • Platinum Lime
  • Posts: 1897
  • Thank you received: 469
  • Karma: 118
Hi,
The workaround provided above is outdated and probably fully incompatible with new releases (including 2.06 )...

I think the only ways to go are now:
- using LimeSurvey RC2 api
- changing some standard config. in config-default.php to switch to server authentication mode:
https://github.com/LimeSurvey/LimeSurvey/blob/master/application/config/config-defaults.php#L154
Benoît

EM Variables => bit.ly/1TKQyNu | EM Roadmap => bit.ly/1UTrOB4
All LS releases => bit.ly/1VMuTDu | 2.06lts => bit.ly/1Qv44A1
Demo surveys => goo.gl/HuR6Xe (already included in /docs/demosurveys)
The administrator has disabled public write access.
The following user(s) said Thank You: carl05

Bypassing the authentication of Lime Survey 4 months 1 week ago #139858

  • carl05
  • carl05's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 5
  • Thank you received: 1
  • Karma: 0
Really appreciate the advice.

I think another way might be to use AuthWPbyDB - which is pretty similar in many ways. But in trying to hack the AuthWPbyDB code to pass through HTTP headers, I've found some aspects tricky. I'm a bit stuck with this:

if($this->addWpDb()){
$this->getEvent()->getContent($this)
->addContent(CHtml::tag($tag, array(), "<label for='user'>" . gT("Username") . "</label><input name='user' id='user' type='text' size='40' maxlength='40' value='' />"))
->addContent(CHtml::tag($tag, array(), "<label for='password'>" . gT("Password") . "</label><input name='password' id='password' type='password' size='40' maxlength='40' value='' />"));
}else{// No login form if unable to access to Wp DB


I'd like value to autopopulate the fields with my HTTP header variables, so people can just click once - but I don't know how to approach this syntax to pass through a value. The other way is just to strip out the login functionality altogether, but that might be an issue for superadmins. Ben, or anyone, if you can dig me out of this, it would be amazing!
The administrator has disabled public write access.
The following user(s) said Thank You: Ben_V

Bypassing the authentication of Lime Survey 4 months 1 week ago #139864

  • carl05
  • carl05's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 5
  • Thank you received: 1
  • Karma: 0
Sorry, re question above, got it fixed. thanks again
The administrator has disabled public write access.

Bypassing the authentication of Lime Survey 3 months 1 week ago #141053

  • DenisChenu
  • DenisChenu's Avatar
  • Offline
  • Moderator Lime
  • Posts: 9600
  • Thank you received: 1376
  • Karma: 390
carl05 wrote:
Sorry, re question above, got it fixed. thanks again
hI,

Maybe you can provide an new Auth Plugin ? ;)
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (use private message).
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.232 seconds
Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form