The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Microsoft Updates for Internet Explorer

Discussion in 'General Discussion' started by osfdeath, Feb 3, 2004.

  1. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    If you've recently updated your IE, you'll soon come to realize that you can no longer pass usernames and passwords via the URL

    So this will no longer work:

    http://USERNAME:PASSWORD@www.domain.com

    I know many people use this method to allow their customers easy login to cPanel and even use it themselves as a bookmark to their WHM so they don't have to use the Remember Password feature.

    This method will no longer work so if you cannot reach your cPanel, WHM or webmail and have an error (Invalid Syntax) this is why

    Maybe sticky this? I'm sure it's going to come up alot :)

    More info is available at the Microsoft Knowledge Base Article - 834489
     
  2. Planet_Master

    Planet_Master Well-Known Member

    Joined:
    Apr 18, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    New Yorker
    I believe Cpanel fixes this isssue in the latest builds.


    +-------------------------------------------------------------+
    Tue Feb 3 19:29:18 EST 2004
    8.8.0-EDGE_21
    ---------------------------------------------------------------
    fix don't pass the username in the url anymore with listpops
    as the latest IE patch makes it break
    --------------------------------------------------------------
     
  3. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Still going to require a username/password though :(

    I'm hopeful the php community (or even the perl community) will soon have a new solution for allowing logins

    I use a client WHM/cPanel/webmail (without @domain.com in username) on my site - I'd hate to loose that ability
    I realize I can still use it and let them be prompted for their username and pass, but it just isn't the same
     
  4. CoolMike

    CoolMike Well-Known Member

    Joined:
    Sep 6, 2001
    Messages:
    307
    Likes Received:
    0
    Trophy Points:
    16
    Wow, that's the reason, I had already a few customers, who told me, that my link to the cpanel in my member area doen't work anymore...

    Is there really no solution anymore, to do this? I don't want, that the user needs to change the registry to use this link.

    Thanks
    Mike
     
  5. asmithjr

    asmithjr Well-Known Member

    Joined:
    Jun 13, 2003
    Messages:
    475
    Likes Received:
    1
    Trophy Points:
    18
    I have not updated yet.

    Does this include FTP logins and such?
     
  6. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
  7. T-Bone

    T-Bone Registered

    Joined:
    Jan 4, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I'm not that smart on code-writing... but isn't it possible to write a cookie with information, that .htaccess accepts?! Create your own login page again... and would also make it possible to automatically grant access to some features.
     
  8. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    However, I think the whole purpose of this patch was to protect usernames/passwords.

    We should never be able to see username/passwords in URLs or cookies. It basically defeats the purpose of being secure if anyone can check your computer for the info.

    Inconvenient? Yes. But so is locking your car and keeping the windows up in a hot parking lot. Would you lock your car, and then leave the keys on the hood?
     
  9. salvatore333

    salvatore333 Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    login not functioning

    yes, i am getting many complaints now about my homepage login box not working. is there another way customers can login via our homepage?

    thank you
     
  10. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    No actually I think it was to prevent people from using domains that looked like other domains

    support:microsoft@domain.com

    See how that could be misleading?
    Ok maybe you don't - but think of your grandparents using the internet for the first few times...
     
  11. studentwebhosting

    studentwebhosting Active Member

    Joined:
    Dec 12, 2002
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Does anyone have a work around for this? I think we'll all need to change our login forms now!
     
  12. djrpowell

    djrpowell Registered

    Joined:
    Feb 6, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Yes, i use CPANEL password protect on my site.

    I then have a simple login box which feeds into this for my users to log on.

    I just don't understand why this is happening, i wish Microsoft would sort it all out!
     
  13. osfdeath

    osfdeath Well-Known Member

    Joined:
    Aug 29, 2003
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    Actually if you read above, it honestly isn't MS's fault
    They've taken steps to protect people who don't know better
    While the idea in general is good, the overall impact, IMHO, is bad - they should have put a little more thought into it.

    Maybe even allowing the call within your own site or something...who knows

    You can fix your own IE if you want to edit the registry
    Or on XP roll back to before the patch

    Don't do it if you do not know what you're doing!
    I won't be held responcible if you mess up your system
     
  14. djrpowell

    djrpowell Registered

    Joined:
    Feb 6, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the advice.

    I am not too worried about me, i am using Mozzilla for the time being, it is my users who have the problem, not sure what to do!
     
  15. djrpowell

    djrpowell Registered

    Joined:
    Feb 6, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    So does anyone have any ideas on how to sort this out?
     
  16. oinkmedia

    oinkmedia Well-Known Member

    Joined:
    Jul 5, 2003
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    SW London (UK)
    Yes, I'd love to hear from anyone who has a way around this!
     
  17. djrpowell

    djrpowell Registered

    Joined:
    Feb 6, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    well so far there does not seem to be one!

    What i have done is make a flash button and let CPANEL do the work.

    Now i get a pop-up box on login!

    www.animatedscience.co.uk

    check it out
     
  18. oinkmedia

    oinkmedia Well-Known Member

    Joined:
    Jul 5, 2003
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    SW London (UK)
    Cool! But not ideal for my purposes. Someone will come up with an answer... hopefully!
     
  19. apodigm

    apodigm Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    I've been trying to get around this. The key is to make the user's browser reconstruct a new HTTP request header. Although there is some nice functionality in PHP to create http headers on the fly, the php header would come from the server to the user browser. Instead we need to get the user's browser to construct the new http header. (So basically, I think this is going to take a javascript solution).

    In the PHP version, it might look something like this:
    header("GET / http/1.0\r\n");
    header("Host: www.cpaneldomain.com:2082\r\n");
    header("Authorization: Basic " . base64_encode ("username:password"));

    I'm not sure if Javascript will allow you to build the HTTP raw headers though. Although you can use a URI to open a new window, I am not familiar enough to know what type of HTTP header control there is.
     
  20. apodigm

    apodigm Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    I'm going to move this discussion to a different thread that appears to have a better description of this problem.

    http://forums.cpanel.net/showthread.php?s=&threadid=20067


    I am convinced that there is a solution. But so far, I don't see anything from Javascript that would allow you to create raw http headers.

    Another option might be to redirect them to a "proxy" server which has it's own http engine and can act on the behalf of the customer. you would need to provide a unique (key) URL to the proxy server to begin the session. the proxy would also need to translate all of the <a> tags to make sure that it links back to the proxy server instead of to the cpanel httpd engine.
    However, the proxy solution would be cumbersome, and definitely not easy or quick.

    I have also wondered if you might be able to use Meta tags with the HTTP-Equivalent value to specify the "Authorization" header and new location that you need. Then you could use the meta refresh to have the page reload to the correct place.
     
Loading...

Share This Page