Public Forums 71,145 posts

[questbg Friend questbgJoin date: May 2008Posts: 1912Downloads:0Uploads:1 Thanks: 146 Thanked: 339 times in 197 posts]

#139024

Hi Everyone

I’m currently developing a site with Telline II. I’ve removed the ‘Register’ and ‘Log In’ text in the header area and also disabled the User menu.

However, my Editor has just phoned me and says she wants to log into the front end to check the appearance of articles prior to publishing them (quite a valid request I suppose).

Is there a method of doing this via some kind of URL?

I tried:
http://www.mysite.com/en/component/user/?task=login

But this results in a 404.

Any assistance greatly appreciated.

Many Thanks
Chris

[ShannonN Friend ShannonNJoin date: July 2006Posts: 1947Downloads:0Uploads:9 Thanks: 16 Thanked: 172 times in 49 posts]

#295575

questbg;117226Hi Everyone

I’m currently developing a site with Telline II. I’ve removed the ‘Register’ and ‘Log In’ text in the header area and also disabled the User menu.

However, my Editor has just phoned me and says she wants to log into the front end to check the appearance of articles prior to publishing them (quite a valid request I suppose).

Is there a method of doing this via some kind of URL?

I tried:
http://www.mysite.com/en/component/user/?task=login

But this results in a 404.

Any assistance greatly appreciated.

Many Thanks
Chris

Could you give her non super admin backend access and she uses the template preview to view frontpage?

[questbg Friend questbgJoin date: May 2008Posts: 1912Downloads:0Uploads:1 Thanks: 146 Thanked: 339 times in 197 posts]

#295580

<em>@ShannonN 117233 wrote:</em><blockquote>Could you give her non super admin backend access and she uses the template preview to view frontpage?</blockquote>

Tried that mate, she’s not happy with the discrepancies between Preview and actual site:

Preview:

Site:

She’s also adamant she wants the FRONT END! 🙂

Thanks
Chris

[wooohanetworks Friend wooohanetworksJoin date: September 2008Posts: 1239Downloads:0Uploads:2 Thanks: 148 Thanked: 138 times in 41 posts]

#295659

I don’t know if this will really help or be the solution but….I also do not know what the problem really is as:

1. When you look at the site via the url of the site like http://www.domain.com/(index.php) you should see the site like in the lower screenshot.

2. Now when you simply login the backend and are logged in, whenever you open the site with the url like in point one in a new browser tab manually, like a visitor does you should see the site like in point 1 plus the buttons for frontend editing as you are logged in.

3. I do not think that there is a default Joomla page with a login, from what I see is this only possible with a module, the only static pages are forgot password and register. So you can do one thing, you can create a page, link it to some menu that has no frontend link and place the login module there. This way people can’t access the site with the login but she can when you tell her the url of this hidden page. With a robots.txt statement you can forbide google and other search engines to crawl this page and to display a search engine entry as results for search engine searches for this site.

Hope this helps.

[wooohanetworks Friend wooohanetworksJoin date: September 2008Posts: 1239Downloads:0Uploads:2 Thanks: 148 Thanked: 138 times in 41 posts]

#295926

By accident I found this url to a login page you looked for:

index.php?option=com_user&view=login

This should open a login page.

I know that most will rarely look over that stuff in their Joomla admin, but when you create a new link for menu and choose “User” you will get some options to chose from including “login page” etc..

Simply use “Layout: Login (Joomla!-Standard)” and all the other options whenever you need some static pages with user related content.

1 user says Thank You to wooohanetworks for this useful post

1. questbg

[questbg Friend questbgJoin date: May 2008Posts: 1912Downloads:0Uploads:1 Thanks: 146 Thanked: 339 times in 197 posts]

#296035

Thanks Woooha, tested it, works fine!

1 user says Thank You to questbg for this useful post

1. wooohanetworks

[cgc0202 Friend cgc0202Join date: August 2007Posts: 2244Downloads:0Uploads:3 Thanks: 206 Thanked: 262 times in 1 posts]

#296040

Chris,

Unless the articles are marked registered, then everyone can see whatever was written through the BackEnd. The reverse is also true, if articles are marked for registered, even the administrators — superadmins and regular admins — who have access to the backend will not be able to see the FrontEnd. — because those two are separate.

So which of the above two situation was the condition when you opted to remove the registration/login? Or, to put it differently, how were you able to view an article (even as the creator, i.e., as super administrator) if the articles are not public?

As I mentioned last Summer, it is false security, to think that not placing the registration/login will prevents bots and one who is familiar with the Joomla script.

For example, if I know the name of your site, I can register and login. As far as I know (and I would appreciate to be corrected, if it is not the case), there is no security feature in Joomla or the Joomlart script, that prevents registration/login. So, unless you watch your site 24/7, you cannot fully control who can view the contents of your site, even if they were marked “registered” only.

A better alternative is to install an extension that will allow you as a super administrator to ensure legitimate email address owned by the registrant — so that (s)he can confirm a valid registration via email confirmation of registration. As further security measures, use captcha, at least during the registration — to avoid automated bots registration. Another level of security would be require admin approval — before a validated registration gets truly activated.

Examples of such extensions, with the aforementioned features, would be Community Builder. The software itself is free (and no license restriction), but you are “requested” to buy the manual, which you may want anyway, in order to have prior access to the latest version.

Other softwares, like SMF, have more robust security system. I read also a Joomla extension developer that was developing even a more stringent permissions systems, down to specific pages. For example, with such a software, even with admin activated registration, you can use such a robust software, so that only you and those who give permision will be view pages that you so designated.

The aforementioned precautions are not foolproof — because Joomla itself has been shown still to have many security vulnerabilities — but it might eliminate most automated registration and perhaps even many skilled hackers. So unless the site is really already very popular, you would have elimiated the casual hackers, and most bots.

Cornelio

[questbg Friend questbgJoin date: May 2008Posts: 1912Downloads:0Uploads:1 Thanks: 146 Thanked: 339 times in 197 posts]

#296194

Hi Cornelio

I am currently using Captcha on my User Registration forms and also using a customised Registration Method with a JoomSuite User extension.

However, I’m currently developing a new web site which I don’t want ‘Users’ or ‘Registration’, just visitors! I’ve set ‘Allow User Registration’ to ‘No’ in the Global Config and removed the ‘Register’ and ‘Login’ buttons. The only option will be ‘Subscribe to our Newsletter’ via a Newsletter Module.

The reason I needed to do this was so that our Editor can view the articles in the Front End even though they are still ‘Unpublished’. That way she can check the content is OK and the page views correctly before Publishing and letting the ‘Public’ members see it!

This method seems to work OK.

Best Wishes
Chris

[ShannonN Friend ShannonNJoin date: July 2006Posts: 1947Downloads:0Uploads:9 Thanks: 16 Thanked: 172 times in 49 posts]

#296196

questbg;117238Tried that mate, she’s not happy with the discrepancies between
She’s also adamant she wants the FRONT END! 🙂

Thanks
Chris

Try the ‘invisible login fix’ I made works fine

[questbg Friend questbgJoin date: May 2008Posts: 1912Downloads:0Uploads:1 Thanks: 146 Thanked: 339 times in 197 posts]

#296197

Thanks Shannon. I’m going to update the files on my ‘sandbox’ site with the hacked code you sent me. I’ll report back once that’s done. Seems a neat trick to me!

[cgc0202 Friend cgc0202Join date: August 2007Posts: 2244Downloads:0Uploads:3 Thanks: 206 Thanked: 262 times in 1 posts]

#296202

Hi Chris,

The reason why I asked is that I am in the same predicament also when I delete the top registration and login, while a site is not ready. When I do not do it, I get this bots registering.

The only problem I had was that when I do that, there is no easy way for me to view the Front End. Before the alternative proposed by wooohanetworks, how do you view the Front End itself?

How granular is the permissions systems of JoomSuite? Does it allow further differentiation of registered users (e.g., registered, moderators, admins, editors, superadmind, etc)?

wooohanetworks,

Does your suggestion work if the login module if unpublished through the Admin page? I think the default Joomla registration/login is a security risk. In the white paper in the Joomla page in 2007, the core team of Joomla mentioned addressing the registration and login issues, but they said they will do this only in the next Joomla 1.6 version — that may be years away.

Cornelio

[questbg Friend questbgJoin date: May 2008Posts: 1912Downloads:0Uploads:1 Thanks: 146 Thanked: 339 times in 197 posts]

#296203

Hi Cornelio

If I’m developing a site, I use a different method to ‘protect’ it from new users, bots, etc.

I simply ‘Password Protect’ the /html directory so that only the users I assign as ‘Web Users’ can access the front end. This works really well for that particular purpose. It also stops any bots getting in and picking the site up before it’s ready for launch!

Best Wishes
Chris

[wooohanetworks Friend wooohanetworksJoin date: September 2008Posts: 1239Downloads:0Uploads:2 Thanks: 148 Thanked: 138 times in 41 posts]

#296217

<em>@cgc0202 118019 wrote:</em><blockquote>
Does your suggestion work if the login module if unpublished through the Admin page? I think the default Joomla registration/login is a security risk. In the white paper in the Joomla page in 2007, the core team of Joomla mentioned addressing the registration and login issues, but they said they will do this only in the next Joomla 1.6 version — that may be years away.</blockquote>

I don’t know, I also read posts in the Yootheme Forum that some members came up with the proposal the Yoo Login, one alternative to the regular login module has caused hackers to be able to hack their sites, I suppose because the codes shall have had a leak while passing on the security tokens whatsoever. What you mention was for sure that security leak that was fixed in 1.5.4 I think, that one where you can watch endless movies about on YouTube, how they “hack” Joomla homepages, with simply doing an sql injection via the forget my password or username screen but this was fixed long ago already.

I used several other logins, CB Login for example, Yoo Login, Login Box, there are so many out there and all can have potential security leaks as you can’t be assured that the developers really know what they do and take care of those.

Basically, this option must work without the module published.

[Author]

Posts