Closed filipe-torres closed 3 months ago
Hi Filipe,
thank you for reaching out. Let's figure this out.
You write that
This raises the following questions:
/
(so https://creativante.com.br/
), right?First solution: Try /?option=com_users&view=login
.
Hi Stephan, Answering you questions:
- Where is your login form located? I guess it's
/
(sohttps://creativante.com.br/
), right?- Which user groups are permitted to access (= view) the module?
First solution: Try
/?option=com_users&view=login
.
I got access to login form: https://creativante.com.br/?option=com_users&view=login The problem is: this URL shouldn't be accessible, right? The main purpose of plugin is avoid access to login form using URL parameters without secret key. This URL and user component parameters should only work when used combined with secret key, "safelogin" on my specific case: https://creativante.com.br/?option=com_users&view=login&safelogin
Follow below plugin configuration screen:
The problem is: this URL shouldn't be accessible, right?
Right. I assume you tested all URLs within the same session, so without closing the browser in between. Is this correct?
The way the plugin works is as follows (see code):
secretKey
is provided or else secretKey
was provided once (in the same session).So if you want to run proper tests, close the browser completely after using the secretKey
once, or use another browser parallel.
Further I'm still interested in your setup. You write that
Login form was located at https://creativante.com.br/login. I followed the instructions and unpublished this login menu item.
So just to avoid misunderstandings: You don't have any login forms anymore (except of the system ones from the plugin description)? Then the plugin should work properly, except of one change from J4 to J5 (I'll add this information in the description after writing this comment):
While in J4 you were able to use https://myDomain.tld/my/path/to/joomla?option=com_users&YOUR_SECRET_KEY
to login, in J5 you need to use
https://myDomain.tld/my/path/to/joomla?option=com_users&view=login&YOUR_SECRET_KEY
orhttps://myDomain.tld/my/path/to/joomla/index.php/component/users?view=login&YOUR_SECRET_KEY
.Otherwise a 404
system error is thrown because no view was specified:
Adding the view=login
parameter, the error message is solved:
Let me know if any of these points are helpful for you to resolve your problem. Otherwise I'm glad to provide further help.
Hi Stephan, I followed your instructions and works like a charm!!!
Asking your question:
So just to avoid misunderstandings: You don't have any login forms anymore (except of the system ones from the plugin description)?
Yes.
P.S.: Just an idea to possible/future plugin: after to use, install and test this plugin I realized that could be useful too if there is a similar plugin to restrict access to one or more URLs. Plugin would work very similar and block access to https://myDomain.tld/path but allow access if provide a correct secret key: https://myDomain.tld/path&YOUR_SECRET_KEY. On plugin configuration form user should fill and set:
Thanks for your patience and disposal to help.
I'm glad to hear you're issue is resolved. I created a new issue #9 in consequence of your feature request, thank you for your idea!
Hi Stefan, I installed this plugin on Joomla 5 website, but I can't access login form.
I follow plugin instructions:
Then I tried to access frontend login form by the following addresses, but no success: https://creativante.com.br/?safelogin https://creativante.com.br/?option=com_users&safelogin https://creativante.com.br/index.php/component/users?safelogin
Where did I go wrong? I miss something?