plugin:securelogin
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
plugin:securelogin [2014-09-22 23:32] – casper | plugin:securelogin [2018-05-28 21:45] – [Download and Installation] Klap-in | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== | + | ====== |
---- plugin ---- | ---- plugin ---- | ||
- | description: | + | description: |
author | author | ||
email : securelogin@mattfiddles.com | email : securelogin@mattfiddles.com | ||
type : admin, action | type : admin, action | ||
- | lastupdate : 2014-04-17 | + | lastupdate : 2018-02-17 |
- | compatible : 2009-03-12+, | + | compatible : 2009-03-12+, |
depends | depends | ||
conflicts | conflicts | ||
Line 21: | Line 21: | ||
===== Description ===== | ===== Description ===== | ||
- | //The download location has changed to https://github.com/bagley/dokuwiki-securelogin/tarball/ | + | This plugin uses [[http://www-cs-students.stanford.edu/~tjw/jsbn/|Tom Wu's implementation of RSA algorithm in JavaScript]] |
- | This plugin uses [[http://www-cs-students.stanford.edu/~tjw/jsbn/|Tom Wu's implementation of RSA algorithm in JavaScript]] on the client to encrypt | + | When securelogin is used, there is always a //use securelogin// checkbox near the password |
- | With version 20091213 and + , whenever a password has to be entered, it is automagically encrypted by this plugin, be it on the | + | ---- |
- | //login//, //profile// or //admin// page. | + | |
- | securelogin version 20091206 and + is compatible with the [[: | + | Also, whenever |
- | + | ||
- | When securelogin is used, there is always | + | |
+ | securelogin version 20091206 and + is compatible with the [[: | ||
===== Download and Installation ===== | ===== Download and Installation ===== | ||
- | - Download | + | - Search |
- Go the admin pages and select // | - Go the admin pages and select // | ||
- You're done. From then on, all passwords are encrypted before being sent. | - You're done. From then on, all passwords are encrypted before being sent. | ||
+ | |||
+ | ===== How it works ===== | ||
+ | |||
+ | Normally when you submit your ' | ||
+ | |||
+ | < | ||
+ | id:start | ||
+ | do:login | ||
+ | u:MyUser | ||
+ | p: | ||
+ | </ | ||
+ | |||
+ | You can easily see the ' | ||
+ | |||
+ | But when you use this plugin, it will encrypt the password, which can only be decrypted on the server. | ||
+ | |||
+ | < | ||
+ | id:start | ||
+ | do:login | ||
+ | u:MyUser | ||
+ | p:****** | ||
+ | use_securelogin: | ||
+ | securelogin: | ||
+ | </ | ||
+ | |||
+ | The javascript on the page takes the form's password variable `p=MySecretPa$$word`, | ||
+ | |||
+ | When the server receives the data, it sees that `use_securelogin` is set to `1` (true), so it knows the password was encrypted. It will decrypt the `securelogin` variable and separate it from the salt value. From this it gets the `p=MySecretPa$$word` value, which it sets so the Dokuwiki authentication routines have it. Dokuwiki can then compare the passwords like it normally does. | ||
+ | |||
+ | This same process happens during the add user, modify user, and edit profile options. This is what will be seen if someone views a user changing their password (with this plugin active): | ||
+ | |||
+ | < | ||
+ | do:profile | ||
+ | fullname: | ||
+ | email: | ||
+ | newpass: | ||
+ | passchk: | ||
+ | oldpass: | ||
+ | use_securelogin: | ||
+ | securelogin: | ||
+ | </ | ||
+ | |||
+ | In this case, all three passwords are encrypted into `securelogin`, | ||
===== Changes ===== | ===== Changes ===== | ||
+ | * **20180217** Thanks to [[https:// | ||
+ | * Fixed issue where second password was not encrypted on add/modify users | ||
+ | |||
+ | * **20150928** Thanks to Satoshi Sahara | ||
+ | * compatible with DokuWiki 2015-08-10 " | ||
+ | * replace deprecated split() function call | ||
+ | * prevent PHP error output | ||
+ | * use PHP5 constructor method for classes | ||
+ | * Improved coding style and added license header in source files | ||
+ | |||
+ | * **20140923** Thanks to Hideaki Sawada | ||
+ | * Japanese language files added | ||
+ | |||
* **20140417** | * **20140417** | ||
- | * Changed download link per [[izmmishao5@gmail.com|Mikhail I. Izmestev' | + | * Changed download link per [[izmmishao5@gmail.com|Mikhail I. Izmestev' |
* Updates to plugin info in admin page, like the website link and more unified info. | * Updates to plugin info in admin page, like the website link and more unified info. | ||
Line 72: | Line 126: | ||
* fix problem with URL-rewrite DokuWiki method | * fix problem with URL-rewrite DokuWiki method | ||
* add French translation | * add French translation | ||
+ | |||
+ | For support for these older versions (if you really need outdated software) use https:// | ||
+ | * 2014-05-05 " | ||
+ | * 2013-12-08 " | ||
+ | * 2013-05-10a Weatherwax | ||
+ | * 2012-10-13 Adora Belle | ||
===== Comments ===== | ===== Comments ===== |
plugin/securelogin.txt · Last modified: 2023-10-30 23:29 by Klap-in