Logic Machine Forum
Cookie x-auth - After user password update - Printable Version

+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Scripting (https://forum.logicmachine.net/forumdisplay.php?fid=8)
+--- Thread: Cookie x-auth - After user password update (/showthread.php?tid=5847)

Cookie x-auth - After user password update - Fcs - 15.01.2025

Hi all,

Even if this is related to my previous post, I prefer to create a new topic to facilitate the search for the next one :-)

I have a lp file so that users can change their own password

this is my code :

Code:
    if getvar("form-name") == "password" then

        local login = getvar('login')
        
        local current_logged_user = request.username
        if username ~= "admin" and login ~= current_logged_user then
            return nil, 'wrong_user'
        end
        
        local password = getvar('user-new-password')
        local password_confirmation = getvar("user-new-password-confirmation")

        local user = db:getrow('SELECT * FROM users WHERE login=?', login)
        if not user then
            return nil, 'user_not_found'
        end

        if password ~= password_confirmation then
            return nil, 'match'
        end

        if #password < 8 or #password > 20 then
            return nil, 'length'
        end
        
        local password = hashpassword(login, password)
        db:update('users', { password = password }, { id = user.id })

        io.readproc('/etc/init.d/nginx reload')
        
        return true, nil, string.format("%s:%s", login, password)

    end

Everythin work, but after the page change, the user has to reconnect, I'd like to avoid this, I saw that an x-auth cookie was added, I tried to find the hash value, but I can't

I've tried a base 64 like user:password or user:hash_password...

Thanks for the help

[Image: cookie.png]

RE: Cookie x-auth - After user password update - admin - 15.01.2025

Not possible. Redirect users to /logout after password change.

RE: Cookie x-auth - After user password update - Fcs - 05.05.2025

Hi all,

I can't find a way to display a link in the form :

https://host/logout

to build host, I tried

local referer = getheader('Referer')
local referer = getheader('Host')

But I always get bad information except when I'm local.

How can I get the current url? Thanks for the help.

RE: Cookie x-auth - After user password update - admin - 05.05.2025

You don't need host for local URLs.

RE: Cookie x-auth - After user password update - Fcs - 06.05.2025

(05.05.2025, 10:08)admin Wrote: You don't need host for local URLs.

but I don't understand, I'm in an application in the data/fcs directory

url of my app locally

https://192.168.1.20/apps/data/fcs/

to logout, I need to go to :

https://192.168.1.20/logout

I can manage with the host, but remotely it doesn't work.

RE: Cookie x-auth - After user password update - admin - 06.05.2025

Use this for logout link:
Code:
<a href="/logout">Logout</a>


RE: Cookie x-auth - After user password update - Fcs - 06.05.2025

oups.. sorry it was so simple.