Jump to content
TNG Community
Mike Goodstadt

hack: if not logged in then no direct access to tng

Recommended Posts

Mike Goodstadt

Want to insist that visitors logon through the CMS (my current choice is Joomla).

This hack avoids direct access to the tng folder (in my case unwrapped from its iframe wrapper).

The edit is to remove the exception made for the index page of TNG (you still want if once logged in!).

Then edit the redirect path to the site URL (in my case this is Joomla's frontpage).

In checklogin.php in the TNG folder edit the following (about 2/3 of the way down the file):

        if( $requirelogin ) {
            if( !substr_count( $_SERVER['SCRIPT_NAME'], "/index." ) ) {
                $login_noargs_url = getURL( "login", 0 );
                header( "Location: $login_noargs_url" );
                exit;
            }
to read
        if( $requirelogin ) {

                $login_noargs_url = "http://" . $_SERVER['HTTP_HOST'];
                header( "Location: $login_noargs_url" );
                exit;

        }

Can anyone advise on security? Is it secure? Will this screw up anything else?

Hope this helps.

Mike

Share this post


Link to post
Share on other sites
dlassen

Hi,

I am fairly new at TNG/joomla/php but have now suceeded in integrating my TNG installation into my joomla site (thanks to Cas Nuy/Mark Fleeson/Joe Cox for the bridge code). The access to the TNG component is setup in joomla to be "Registered" users only.

However, I just realized that there is full public access to all media, document, photo files in their respective folders under the TNG folder. without logging into TNG or joomla.

Have I setup anything incorrectly or is this to be expected? If this is to be expected, has anyone come up with a method to protect the various media folders under the TNG folder using the single joomla logon?

(I have briefly looked at .htaccess but it seems to be a stand-alone solution relative to TNG and joomla)

Thanks in advance for any ideas,

dennis

Share this post


Link to post
Share on other sites
reverendspam

Hi,

I am fairly new at TNG/joomla/php but have now suceeded in integrating my TNG installation into my joomla site (thanks to Cas Nuy/Mark Fleeson/Joe Cox for the bridge code). The access to the TNG component is setup in joomla to be "Registered" users only.

However, I just realized that there is full public access to all media, document, photo files in their respective folders under the TNG folder. without logging into TNG or joomla.

Have I setup anything incorrectly or is this to be expected? If this is to be expected, has anyone come up with a method to protect the various media folders under the TNG folder using the single joomla logon?

(I have briefly looked at .htaccess but it seems to be a stand-alone solution relative to TNG and joomla)

Thanks in advance for any ideas,

dennis

Hi Dennis,

I think you must set the switch in the TNG administration back end that only gives access on login.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×