Create idea.. but login still works

[johanpeters]

Hello, create to have this plugin.. i was looking for a solution to prevent frontend login. the user components are always active.. its not as easy as simple disable en login menu item or module.

on my test site, with your plugin inabled i am still able to login. logout does not work any more, i get a access denied.

[alve89]

That's really bad to hear!

Can you please provide me a link to your site? If you have a specific login-site, use this link please.

[johanpeters]

Hello Stefan, can i sent you a PM with the details?..

[johanpeters]

PM is not supported on github.. do you have a @mail address so i can sent you detail information.

[johanpeters]

already found you mail address from the extension details.. sent you a message.

[alve89]

How / where are you login? Joomlas direct system-addresses are correctly blocked...

[johanpeters]

https://domainname-in-yoir-mail/en/login

[alve89]

The first question that comes to my mind without taking a deeper view: If you want to disable logging it - why do you offer a option to login? This plugin blocks the internal comuser addresses of Joomla. If you provide a custom address (/login/_) it isn't checked now. I could add a block for this address,too, but then the question from above pops up again: Why blocking an address instead of simply disabling it in the com_menu extension?

So actually at this point your issue is resolved. Do you agree with that?

I'm gonna add this to the documentation (disabling all custom login paths).

[johanpeters]

Login option was only for dev. Purpose.. in final site it will not be there.. And a other site that i need prefension of user logon in frontend..

So, as long there is no menu item (published or not) to the user login component the plugin should work, correct?

[alve89]

That's correct (as you already experienced - logging out isn't possible because this uses Joomlas internal routes which are checked). I suggest remove any _comusers menu item as well as any login form from the site, because the custom created addresses can't be checked automatically as the plugin doesn't know about them. I'm planning to add a secret-key solution to enable logging in in a secured way. But by now, this option doesn't exist yet.

If you have further questions / issues, don't hesitate to come back!

[johanpeters]

The secure option would be create.. Default no login allowed, but with secret key or something .. Like adminexile plugin for /administrator

[alve89]

Yes, this seems to be quite similar to my plugin _blockaccess.

[alve89]

@johanpeters I just released v0.0.5. This version brings the secretKey feature. You can login at domain.tld/your/path/to/joomla/index.php?option=com_users&view=login

[johanpeters]

Hello, Thanx.. i will test it . Btw. Joomla update did not notify of a update..

And i will make a dutch translation..

Op 16 nov. 2021 10:51, om 10:51, Stefan Herzog @.> schreef: @. I just released

v0.0.5. This version brings the secretKey feature. You can login at domain.tld/your/path/to/joomla/index.php?option=com_users&view=login

-- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/alve89/j_plg_hrz_disablelogin/issues/2#issuecomment-970102099

[johanpeters]

Add correct discription to secretkey attribute..

Should be domain.tld/your/path/to/joomla/index.php?option=com_users&view=login?yoursecretkey

And not domain.tld/your/path/to/joomla/index.php?yoursecretkey

Op 16 nov. 2021 10:51, om 10:51, Stefan Herzog @.> schreef: @. I just released

v0.0.5. This version brings the secretKey feature. You can login at domain.tld/your/path/to/joomla/index.php?option=com_users&view=login

-- You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub: https://github.com/alve89/j_plg_hrz_disablelogin/issues/2#issuecomment-970102099

[alve89]

@johanpeters Both works, because after entering the secretKey a session variable is set so one don't need to re-enter it in the same session.