Question

Hi - I'm trying to create a login form on a twiki page, to authenticate users. I want to pre-empt the popup security dialogue box. (I find it annoying.)

I'm trying to find the right page/cgi script to modify to make this happen.

I know the registration form automatically authenticates users, when it generates the username and password. But modifying this page into a login page doesn't really seem to work.

I'm thinking the ChangePassword form (and the associated manage.cgi file) could be modified into an authentication form. But no such luck their either.

Any other ideas?

Thx !

UPDATE: The easiest way to create a custom login page is to use javascript or php to parse a URL encoded with the password info. Unfortunately, Microsoft just put an end to this easy solution earlier this week:

From the MS bulletin found at http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-004.asp:

"A vulnerability that involves the incorrect parsing of URLs that contain special characters. When combined with a misuse of the basic authentication feature that has "username:password@" at the beginning of a URL, this vulnerability could result in a misrepresentation of the URL in the address bar of an Internet Explorer window."

To fix this vulnerability, they removed that functionality.

-- SamAbrams - 04 Feb 2004

THE SAME QUESTION, ASKED A DIFFERENT WAY:

• Is there a way to identify a user without relying on the REMOTE_USER environment variable?

It just seems too plainly difficult to set the REMOTE_USER variable WITHOUT the popup box.

For example, instead, I could setup an external cookie-based login system, and then have that login system set the %WIKINAME% variable manually.

-- SamAbrams - 13 Feb 2004

Environment

Answer

Sam - the UserCookiePlugin could do what you want, though i have not used it with passwords (never needed it) I htink if you want passwords some development work would be needed

-- SvenDowideit - 14 Feb 2004