DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:securelogin

SecureLogin Plugin

Compatible with DokuWiki

  • 2017-02-19 "Frusterick Manners" unknown
  • 2016-06-26 "Elenor Of Tsort" unknown
  • 2015-08-10 "Detritus" yes
  • 2014-09-29 "Hrun" unknown

plugin This plugin let you login securely without HTTPS.

Last updated on
2015-09-28
Provides
Admin, Action
Repository
Source

Description

This plugin uses Tom Wu's implementation of RSA algorithm in JavaScript on the client to encrypt the password with the servers public key. The passwords are sent encrypted over HTTP. No need for HTTPS. Man-in-the-middle attacks are prevented by using a variable token (salt) added to the password before encrypting. Therefore, replay attacks don't work.

When securelogin is used, there is always a use securelogin checkbox near the password field. If the browser has no JavaScript or JavaScript is disabled, then obviously, the passwords are sent in clear text, as they are by default with DokuWiki. In this case though, the user should notice the absence of the checkbox.


Also, whenever a password has to be entered, it is automagically encrypted by this plugin, be it on the login, profile or admin page.

securelogin version 20091206 and + is compatible with the showlogin plugin.

Download and Installation

  1. Download and install the plugin using the Plugin Manager, please use the download link given above. Refer to Plugins on how to install plugins manually.
  2. Go the admin pages and select securelogin. Then click on the generate-new-key button.
  3. You're done. From then on, all passwords are encrypted before being sent.

Changes

  • 20150928 Thanks to Satoshi Sahara
    • compatible with DokuWiki 2015-08-10 “Detritus”
    • replace deprecated split() function call
    • prevent PHP error output
    • use PHP5 constructor method for classes
    • Improved coding style and added license header in source files
  • 20140923 Thanks to Hideaki Sawada
    • Japanese language files added
  • 20140417
    • Changed download link per Mikhail I. Izmestev's request
    • Updates to plugin info in admin page, like the website link and more unified info.
  • 20130519
    • added jQuery patches. Thanks to Heiko Barth
  • 20101121
    • add german translation. Thanks to Heiko Barth
    • fix finding pubkey info with openssl 0.9.8*
    • fix escaping encoded data (now supports non ascii passwords)
  • 20101105
    • fixed support php < 5.2
    • added plugin.info.txt
  • 20091213
    • add support of usermanager plugin
  • 20091206 Thanks to Christophe Martin
    • fix unclosed <div id="secure__login">
    • add showlogin compat
  • 20090901 Thanks to Jan Hána
    • add Czech translation
  • 20090802 Thanks to Christophe Martin
    • fix problem with URL-rewrite DokuWiki method
    • add French translation

For support for these older versions (if you really need outdated software) use https://github.com/bagley/dokuwiki-securelogin/archive/c1f0a0e018cedfd29a48ab157098efe480e37049.zip

  • 2014-05-05 “Ponder Stibbons”
  • 2013-12-08 “Binky”
  • 2013-05-10a Weatherwax
  • 2012-10-13 Adora Belle

Comments

Tested and found to not be functional under Angua. No checkbox appears on the login screen and I am not sure if the key generation is working. How can I test this? — greenseekergreenseeker

2012/02/02 19:41

It works for me under Angua. I do get a checkbox. Did you manually generate a new key pair on the Admin page (&do=admin&page=securelogin)? If it works the public key should be shown there. — Rik BlokRik Blok
rikblok

2012/02/02 20:17
I did generate the new key, or at least I tried. When I click Generate the page reloads but nothing visibly happens. I tried all available key length options and got the same result. — greenseekergreenseeker

2012/02/02 23:10
I'm not the plugin author so I'm just guessing but have you checked your file/folder permissions? Maybe the keys can't be written on the server. I don't know where they're supposed to be stored. — Rik BlokRik Blok
rikblok

2012/02/03 20:29
The key is stored in data/cache/securelogin.*. — Casper 2012/02/03 22:34
Just checked the permissions again and they're all good. data/cache/securelogin.ini and data/cache/securelogin.key both existed with a Feb 2 date, so they were created. I delete and recreated them again but still no checkbox at login. — greenseekergreenseeker

2012/02/04 17:30
Maybe a caching (⇒ delete cache) or template (try default template) problem? — Casper 2012/02/04 19:54
Seems to be an issue with the Arctic template. Odd, I've been using it forever and never had a problem. — greenseekergreenseeker

2012/02/06 19:56
It works for me with the latest Arctic template on Angua. I did have to regenerate my key at some point (but I don't remember if it was related to a DokuWiki or template update). — Rik BlokRik Blok
rikblok

2012/02/08 00:30
I'm not sure what the cause was, but it started working for me after changing to the default template and then back to arctic again. I did this yesterday and it didn't have any effect. — greenseekergreenseeker

2012/02/08 01:25
I can't generate key: I use Adora Belle. Permission rights of data/cache are ok, ma none of the files above (securelogin.*) have been generated. Is the plugin working with Adora Belle? — fabrizio 2012/10/16
I've just generated a new key under Adora Belle - works just fine. — CasperCasper
casper

2012/10/16 15:34
For Weatherwax, I tried to edit .js files and got worked. See this, all of mentioned were needed. — anonymous 2013/05/12 15:59
Patches were committed, so these issues should be fixed. Let me know if you're still having problems. — Matt BagleyMatt Bagley
mattfiddles

2014/04/17 11:39

Patched JavaScript for DokuWiki >= Weatherwax

CasperCasper
casper

2013/05/19 00:51

Added patches to plugin.

Matt BagleyMatt Bagley
mattfiddles

2014/04/17 11:39

plugin/securelogin.txt · Last modified: 2016-01-06 22:15 by Aleksandr · Currently locked by: 222.93.252.123