LogicMachine Forum
Cookie x-auth - After user password update - Printable Version

+- LogicMachine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Scripting (https://forum.logicmachine.net/forumdisplay.php?fid=8)
+--- Thread: Cookie x-auth - After user password update (/showthread.php?tid=5847)



Cookie x-auth - After user password update - Fcs - 15.01.2025

Hi all,

Even if this is related to my previous post, I prefer to create a new topic to facilitate the search for the next one :-)

I have a lp file so that users can change their own password

this is my code :

Code:
    if getvar("form-name") == "password" then         local login = getvar('login')                  local current_logged_user = request.username         if username ~= "admin" and login ~= current_logged_user then             return nil, 'wrong_user'         end                  local password = getvar('user-new-password')         local password_confirmation = getvar("user-new-password-confirmation")         local user = db:getrow('SELECT * FROM users WHERE login=?', login)         if not user then             return nil, 'user_not_found'         end         if password ~= password_confirmation then             return nil, 'match'         end         if #password < 8 or #password > 20 then             return nil, 'length'         end                  local password = hashpassword(login, password)         db:update('users', { password = password }, { id = user.id })         io.readproc('/etc/init.d/nginx reload')                  return true, nil, string.format("%s:%s", login, password)     end

Everythin work, but after the page change, the user has to reconnect, I'd like to avoid this, I saw that an x-auth cookie was added, I tried to find the hash value, but I can't

I've tried a base 64 like user:password or user:hash_password...

Thanks for the help

[Image: cookie.png]


RE: Cookie x-auth - After user password update - admin - 15.01.2025

Not possible. Redirect users to /logout after password change.


RE: Cookie x-auth - After user password update - Fcs - 05.05.2025

Hi all,

I can't find a way to display a link in the form :

https://host/logout

to build host, I tried

local referer = getheader('Referer')
local referer = getheader('Host')

But I always get bad information except when I'm local.

How can I get the current url? Thanks for the help.


RE: Cookie x-auth - After user password update - admin - 05.05.2025

You don't need host for local URLs.


RE: Cookie x-auth - After user password update - Fcs - 06.05.2025

(05.05.2025, 10:08)admin Wrote: You don't need host for local URLs.

but I don't understand, I'm in an application in the data/fcs directory

url of my app locally

https://192.168.1.20/apps/data/fcs/

to logout, I need to go to :

https://192.168.1.20/logout

I can manage with the host, but remotely it doesn't work.


RE: Cookie x-auth - After user password update - admin - 06.05.2025

Use this for logout link:
Code:
<a href="/logout">Logout</a>



RE: Cookie x-auth - After user password update - Fcs - 06.05.2025

oups.. sorry it was so simple.