Closed filipe-torres closed 3 months ago
alve89
commented
3 months ago Hi Filipe,
thank you for reaching out. Let's figure this out.
You write that
This raises the following questions:
/ (so https://creativante.com.br/), right?First solution: Try /?option=com_users&view=login.
filipe-torres
commented
3 months ago Hi Stephan, Answering you questions:
- Where is your login form located? I guess it's
/(sohttps://creativante.com.br/), right?- Which user groups are permitted to access (= view) the module?
First solution: Try
/?option=com_users&view=login.
I got access to login form: https://creativante.com.br/?option=com_users&view=login The problem is: this URL shouldn't be accessible, right? The main purpose of plugin is avoid access to login form using URL parameters without secret key. This URL and user component parameters should only work when used combined with secret key, "safelogin" on my specific case: https://creativante.com.br/?option=com_users&view=login&safelogin
Follow below plugin configuration screen:
alve89
commented
3 months ago The problem is: this URL shouldn't be accessible, right?
Right. I assume you tested all URLs within the same session, so without closing the browser in between. Is this correct?
The way the plugin works is as follows (see code):
secretKey is provided or else secretKey was provided once (in the same session).So if you want to run proper tests, close the browser completely after using the secretKey once, or use another browser parallel.
Further I'm still interested in your setup. You write that
Login form was located at https://creativante.com.br/login. I followed the instructions and unpublished this login menu item.
So just to avoid misunderstandings: You don't have any login forms anymore (except of the system ones from the plugin description)? Then the plugin should work properly, except of one change from J4 to J5 (I'll add this information in the description after writing this comment):
While in J4 you were able to use https://myDomain.tld/my/path/to/joomla?option=com_users&YOUR_SECRET_KEY to login, in J5 you need to use
https://myDomain.tld/my/path/to/joomla?option=com_users&view=login&YOUR_SECRET_KEY orhttps://myDomain.tld/my/path/to/joomla/index.php/component/users?view=login&YOUR_SECRET_KEY.Otherwise a 404 system error is thrown because no view was specified:
Adding the view=login parameter, the error message is solved:
Let me know if any of these points are helpful for you to resolve your problem. Otherwise I'm glad to provide further help.
filipe-torres
commented
3 months ago Hi Stephan, I followed your instructions and works like a charm!!!
Asking your question:
So just to avoid misunderstandings: You don't have any login forms anymore (except of the system ones from the plugin description)?
Yes.
P.S.: Just an idea to possible/future plugin: after to use, install and test this plugin I realized that could be useful too if there is a similar plugin to restrict access to one or more URLs. Plugin would work very similar and block access to https://myDomain.tld/path but allow access if provide a correct secret key: https://myDomain.tld/path&YOUR_SECRET_KEY. On plugin configuration form user should fill and set:
Thanks for your patience and disposal to help.
alve89
commented
3 months ago I'm glad to hear you're issue is resolved. I created a new issue #9 in consequence of your feature request, thank you for your idea!
Hi Stefan, I installed this plugin on Joomla 5 website, but I can't access login form.
I follow plugin instructions:
Then I tried to access frontend login form by the following addresses, but no success: https://creativante.com.br/?safelogin https://creativante.com.br/?option=com_users&safelogin https://creativante.com.br/index.php/component/users?safelogin
Where did I go wrong? I miss something?