Hello,

I have a question concerning the following situation:

There is a one logbook with two possible acces methods (defined in config 
file) one for readonly access and one for read/write access. Both entries in 
the elogd.cfg file pointing to the same logbook.

When an allowed person enters a logbook entry with an email notification the 
link to the message is given inside the email. 
This link points to the read/write logbook entry.

Is it possible to alter the link in the email notification that it points to 
the corresponding readlonly logbook entry? 

Thank you for hints, best regards,


Stefan Siegel  

Hi,

a routine scan revealed a possible DOS attack vector: sending an invalid POST HTTP request with a negative Content-Length field crashes our elog instance, leading to service unavailability.

thanks,

-Christian

-- 
Dr. Christian Herzog <herzog@phys.ethz.ch>  support: +41 44 633 26 68
IT Services Group, HPT H 8                    voice: +41 44 633 39 50
Department of Physics, ETH Zurich           
8093 Zurich, Switzerland                     http://nic.phys.ethz.ch/

I added a reply to my previous post about this issue (a few months ago) to point to the solution, but ELOG moved it to the top of the forum. 
And I cannot delete this now, because I change my user name from "Andrey" to "Andrey Pashnin" :)

"Only user Andrey can delete this entry"

is it possible to make the "+" sign, indicating a thread in the threaded
view, to be clickable in order to be able to expand a single thread each time ?

of course elog should remember the choice, so it will be possible to expand
N threads over the M total ones..

thanx :-) 

I think with the latest Imagemagick from brew (6.9.4-7) that pdf thumnails no longer get made; the attachment is there but the message "Cannot create thumbnail, please check ImageMagick installation" apears instead of the thumbnails.  I couldn't make out from elogd -v 3 why they failed, but I couldn't make out the exact convert command that was failing.  This is on MacOS 10.11.5 and I think the updated version ofImagemagick was the last thing that changed before it failed.

I think with the latest Imagemagick from brew (6.9.4-7) that pdf thumnails no longer get made; the attachment is there but the message "Cannot create thumbnail, please check ImageMagick installation" apears instead of the thumbnails.  I couldn't make out from elogd -v 3 why they failed, but I couldn't make out the exact convert command that was failing.  This is on MacOS 10.11.5 and I think the updated version ofImagemagick was the last thing that changed before it failed.

Hi,

I'm trying to set up elogd, running on port 8080 behind an Apache server on port 80, using mod_proxy to redirect
to the elogd server, and the recommended

Redirect permanent /elogbook http://example.com/elogbook/
ProxyPass /elogbook/         http://example.com:8080/

This works well for non-password-protected logbooks, but for password protected (that I can access fine via port
8080), I keep getting shown the Login page, even with valid username / password.    

Poking around the code, it appears (probably not too surprisingly) that the issue lies in check_login().  
For example, 

   /* if invalid or no session ID, show login page */
  if (!skip_sid_check && !sid_check(sid, user_name)) {
      if (isparam("redir"))
         strlcpy(str, getparam("redir"), sizeof(str));
      else
         strlcpy(str, isparam("cmdline") ? getparam("cmdline") : _cmdline, sizeof(str));
      /* avoid recursive loops with ?cmd=Login */
      if (stristr(str, loc("Login")))
         str[0] = 0;
      /*  added write_logfile here...
          char mstr[250];
          sprintf(mstr, "show_login B %s isparam: %d, cmd: %d, skip_sid_check: %d, sid_check: %d",
                         user_name,  isparam("redir"), isparam("cmdline"), skip_sid_check, sid_check(sid,
user_name));
           write_logfile(lbs, mstr);

        */
      show_login_page(lbs, str, 0);
      return FALSE;
}

and the logfile shows that user_name is blank(!!) and redir, cmdline, skip_sid_check, and sid_check(sid,
user_name) all to be 0.   In fact, isparam("unm") and isparam("upwd") are also 0, which explains why user_name
is blank.   But the log file also shows

LOGIN user "username" (attempt)
LOGIN user "username" (success)

just prior to this!

I'd guess that the form POST methods aren't being forwarded correctly, but I haven't looked at it in any more
detail.   

Is there a way to make this (password protecting logbooks while also using a proxy to Apache) work?

Thanks!

I moved my elog install to a new box on short notice due to an emergency, everything works but none of the passwords are recognized, and are not using what it set in elogd.cfg.  any ideas ?