Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 318 of 806  Not logged in ELOG logo
IDdown Date Icon Author Author Email Category OS ELOG Version Subject
  67256   Tue May 1 09:20:00 2012 Cool Christopher Leechris@chrisandclaire.orgBug reportLinux2435Re: Forgot Password

Stefan Ritt wrote:

Christopher Lee wrote:

We seem to have a problem with retrieving user passwords using the forgot password system 

Thanks for reporting that bug. With the help of your config file I finally could reproduce and fix it. The fix is contained in SVN revision 2462.

 Thanks mate.. Glad to know it wasn't just me going insane? I'll keep an eye out for the new file

  67255   Mon Apr 30 17:05:28 2012 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux2435Re: Forgot Password

Christopher Lee wrote:

We seem to have a problem with retrieving user passwords using the forgot password system 

Thanks for reporting that bug. With the help of your config file I finally could reproduce and fix it. The fix is contained in SVN revision 2462.

  67254   Fri Apr 27 00:29:56 2012 Reply Mark Bergmanmark.bergman@uphs.upenn.eduRequestLinux2.9.1Re: obfuscate password in verbose logging
> I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging

As a work around, I've changed the elogd startup script to do:

        /usr/local/sbin/elogd -v -c /usr/local/elog/elogd.cfg 2>&1 | perl -ne '$|=1; if ( $_ =~ /name="upassword"/
) {<>; <>;} else { print "$_";}' > /var/log/elog 2>&1 &

That simply throws away lines that match the pattern:

    name="upassword"

and the following 2 lines (the last of which contains the password).
  67253   Thu Apr 26 23:57:04 2012 Warning Mark Bergmanmark.bergman@uphs.upenn.eduRequestLinux2.9.1obfuscate password in verbose logging
I'm trying to debug an issue with elogd (2.9.1) and was reminded that using the "-v" option exposes
user passwords. This wasn't a huge problem for us in the past, but we're now using kerberos authentication,
meaning that the exposed username/password applies to lots of sensitive systems within our university.


I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging
purposes, make that a separate (and very well documented) option. Maybe something like:
"--really-include-passwords-as-clear-text-in-log-output". :)
  67252   Wed Apr 18 21:53:26 2012 Reply A. TuttleATuttle@UW.eduQuestionLinux2.9.1-2435Re: author field in reply
Look in https://midas.psi.ch/elog/config.html
--
Fun things to set are:
Preset on first reply <attribute> = <string>
and
Preset on reply <attribute> = <string>
  67251   Tue Apr 17 21:59:43 2012 Reply Rex Tayloertayloe@indiana.eduQuestionLinuxV2.9.0-243Re: create "front page" for a logbook

Stefan Ritt wrote:

Rex Tayloe wrote:

Is there a way to create a "front page" or "table of contents" for a logbook?

While chronological entries are good and what elog was designed for, I find myself wanting a page to summarize important things
and/or link to important files that are somewhere in that logbook.  And, I would like to use the features of the elog editor to do (not just point
to another www page that points to the various elog entries).  For example, in an analysis logbook, you would like to have one page that
may summarize latest on analysis and point to best/latest plot/drawing of something and not have to re-search for it every time.

I think that start page with cmd to go to entry 1 (how do I do that?) may work.  Then I just keep editing entry 1 to point to latest info or
entries.  Will this work?  Will I run into a size limitiation if I attach too many files to that?   Is there a better way?

One could imaging using a wiki to do this, however, I never seem to get to updating our wikis... maybe I should just figure how to
get elog to do it.

Thanks.

Well, if you never get to update your wiki, you will you get to update your summary page? As you know there is no free lunch.

For my analysis logbooks, I do it such that I create an arbitrary entry in the logbook, where I put references to other entries. Using the syntax "elog:<id>" this is very simple like here: elog:67222. Then I put a link to that special page in my browser bookmarks. This puts me one mouse click away from accessing this page. You can link to other elog pages but also to page attachments this way, so no need to put too many attachments into a single page, although there is no limit on that.

Best regards,
Stefan 

Thanks for suggestion... it gave me idea for slightly different way to do it.  The method you suggest doesnt work that well to share in group (everyone would have to add that link in their bookmarks).. So I added this in config file:
Title image = <img border=0 height=25 src="bulb.png" alt="Summary/TOC entry">
Title image URL = <http:link to my specific elog page/entry num>

That replaces elog help icon with a link to TOC entry which can be any entry number.  One could make a custom icon and perhaps play around with adding more than one link (?).

Another thing that could do same thing and maybe more consistent with elog philiosophy would be to add a command that goes to a specific link or entry.... but this current solution works...

  67250   Mon Apr 16 11:10:07 2012 Warning Christopher Leechris@chrisandclaire.orgBug reportLinux2435Forgot Password

We seem to have a problem with retrieving user passwords using the forgot password system
This only happens when trying to use the password recovery from the first screen that forces people to log in with the following syntax:

Protect selection page = 1
Password file = XXXXX

On the first page of our elog which can be found at

http://physics.uj.ac.za/elog/

Now currently there is one page that is viewable by guests, so going to this direct link, bypasses the login at the main page
If you try login from this page, and then use the forgot password link, the email that gets sent through will then work.

The first email that gets sent through using the main login page has the following link:
https://physics.uj.ac.za/elog/?redir=%3Fcmd%3DChange+password%26oldpwd%3DYJAATGHSIRRSBLLP&uname=Tester&upassword=YJAATGHSIRRSBLLP

When clicking on the above link normally, it takes you to a NULL user

 

The email link that gets sent from the guest page, that works, looks like this:
https://physics.uj.ac.za/elog/General/?redir=%3Fcmd%3DChange+password%26oldpwd%3DSACWEHJWWHKEXLMO&uname=Tester&upassword=SACWEHJWWHKEXLMO

 

Attached is a copy of the cfg file. The last few logbooks are all actually just copies of TEMPLATE A, so I have removed all their details to make the file easier to read for now
 

Attachment 1: elogd.cfg
[global]
; GENERAL SETTINGS
port = 8080
URL = https://physics.uj.ac.za/elog/
Login expiration = 48

;sets login to first page
Protect selection page = 1
Password file = XXXXXX
Self register = 4

;SMTP email settings
SMTP username = physics.uj.elog@gmail.com
SMTP Password = XXXXXX
SMTP host = 173.194.67.108


;error logging details:
Logging level = 3
Logfile = elog.log

; Admins
Admin user = Chris, sash, connell

;Groups
Show top groups = 1

Group Open Logbooks = General, General Physics
Group Personal = Simon Connell, Martin Cook, Marius Tchonang, Doomnull Unwuchola, Admin Users, Claire Lee

Top Group Personal Logbooks = Open Logbooks, Personal
Top Group Instruments = Lang Topography, On-line LAUE, Plane Wave Topography, Diamond Processing
Top Group Collaboration = ATLAS - H --> Z'Z', ATLAS - W --> l nu tau nu, ATLAS -  Astro-Particle, ATLAS - MuonDB, JLAB - Omega
;Top Group Templates = Template A, Template B

[global Personal Logbooks]
Admin user = Chris, sash, connell

[global Instruments]
Admin user = Chris, sash, connell

[global Collaboration]
Admin user = Chris, sash, connell

[Template A]
; use user level password access
Password file = XXXXXX
Admin user = Chris, sash, connell
login user = Chris, sash, connell


; look and feel
Date format = %B %d, %Y
Title image URL = https://physics.uj.ac.za/elog/

; attributes
Attributes = Author, Author Email, Category, Subject
Options Category = Routine entry, Shift summary, Problem, Fix, Question, Info, Other
Extendable attributes = Category
Required Attributes = Category, Subject
Thread display = $Subject, entered by $author on $Entry date
Quick filter = Date, Category

; preset author and email
Preset Author = $long_name
Preset Author Email = $user_email

; these attributes cannot be changed
Locked Attributes = Author, Author Email

; only author can change its own entry
Restrict edit = 1

; options for reply
Subst on reply subject = Re: $Configuration Name
Remove on reply = Author, Author Email

; No Email notification
Suppress Email to users = 1

[Template B]
; use user level password access
Password file = XXXXXX
; Admin user = Chris, sash, connell
; login user = Chris, sash, connell

Theme = default
Display mode = threaded
Entries per page = 100
Filtered browsing = 0
Entries per page = 8
Reverse sort = 1
Restrict edit = 1
Summary lines = 1

Display Email recipients = 1
#Suppress Email to users = 0
#Email All = 
#Use Email From = physics.uj.elog@physics.uj.ac.za
#Use Email Subject = [ELOG][$logbook][$date][$subject]
#Preset Email = $user_email
#Email Encoding = 1
#Email Format = 15

Title image URL = https://physics.uj.ac.za/elog/

; look and feel
;Date format = %B %d, %
Title image URL = https://physics.uj.ac.za/elog/

Comment = Testing Worklist
List Display = Edit, ID, Job Description, Location, Status, Date Entered, Date Closed
Thread Display = $Location, $Job Description, $Date Entered, $Date Closed,
#Start Page = ?Status=2-Open&mode=threaded&sort=Location
Start Page = ?wpwd=1&mode=threaded&Status=2-Open&sort=Location
Date Format = %A, %B %d, %Y
Time Format = %A, %B %d, %Y, %H:%M
Message Height = 6
Attributes = Location, Status, Date Entered, Date Closed, Job Description, Author, Email
Type To Do = Time
Type Date Entered = time
Type Date Closed = time
Options Status = 1-To Do{1}, 2-Open{2}, 3-Closed{3}, 4-Suspended{4}
{1} Preset To Do = $Date
{2} Preset Date Entered = $Date
{3} Preset Date Closed = $Date
{4} Preset Date Closed = $Date
Options Location = Sequim, Port Angeles, All, Secaira
Extendable options = Location,
Page Title = Simon's Worklist - $subject
Option Author = Filled In Automatically
Subst Author = $long_name
Menu Commands = Back, New, Edit, Delete, Reply, Find, Select, Copy to, Move to,

Reverse sort = 1
Quick Filter = Location, Status

Subst on reply subject = Re: $Job Description
Thread display = $subject, posted by $author on $Entry time
Thread icon = Icon
Remove on reply = Author, Author Email
Date format = %B %d, %Y
Preset Author = $long_name
Preset Author Email = $user_email
Locked Attributes = Author
Quick filter = Date, Category, Status

[General]

[General Physics]

[Simon Connell]

[Martin Cook]

[Marius Tchonang]

[Doomnull Unwuchola]

[Admin Users]

[Claire Lee]

[Lang Topography]

[On-line LAUE]

[Plane Wave Topography]

[Diamond Processing]

[ATLAS - H --> Z'Z']

[ATLAS - W --> l nu tau nu]

[ATLAS -  Astro-Particle]

[ATLAS - MuonDB]

[JLAB - Omega]

  67249   Sun Apr 15 22:53:41 2012 Question Aldo Saavedraa.saavedra@physics.usyd.edu.auQuestionLinux2.9.1-2435author field in reply
Hi,

I was wondering what is the correct way so that the author field when a reply is made shows the author of the
person making the reply.
In version 2.6, the field was filled correctly but since upgrading to ELOG V2.9.1-2435 due to the ssh problem
the field just keeps the author of the original post.

I have a tried a number of subst on reply Author = $long_name with no luck.

Any ideas?

Cheers,
Aldo
ELOG V3.1.5-3fb85fa6