Search the Community
Showing results for tags 'token'.
Found 2 results
-
I try to integrate Flarum forum with PW via JSONAPI. First tests are fine (register user, create discussions, get data, ...). To get a valide token I send the username and password as a api call. If auth was successful I'll get the uid and a token back. This token have to be renewed after 30 minutes. To get the token I need username and (plain!) password. So how should I save the user credentials / handle the users? Just additional fields in the user profile username, password, token and uid as array (serialized + base64 encoded) Sync PW users with the remote app (hook PW auth and send a auth request via API call -> token returned = login OK) 1 and 2 would be flexible, but user credentials are saved as plain text! 3 is a secure solution (no plain credentials needed), but PW have to use a remote user backend / auth and maybe some things could be less flexible... Do you see any problems with that solution? Could it break features / modules?
-
I am stuck. Seven days ago, something changed such that when users try to upload images to my PW site, the images are posted to the page, but they show up as zero bytes. The folder is created in the files folder, the image name is recorded, the type of file is recorded, but the byte size is zero. When I looked into the problem this morning, I received the "This request was aborted because it appears to be forged." message whenever I tried to upload images. Turning off protectCSRF in the config file suppresses the aborted image message and now I just get the zero-byte image bug, but I don't know why. I've checked permissions on the files directory, changed it recursively to 777 and then back to 755 with no change. I checked that I have active sessions, logs, and cache folders. I checked on the permissions of the config.php file. I changed the sessionName, and turned off the challenge and fingerprint functions but nothing is budging. I installed a new PW site yesterday and so I keep thinking something is colliding but it looks like the images have been failing to write to the files directory for the last week. I'm getting the same results in multiple browsers after any number of cache-clears so I don't think it is client-side. This is a look at the PHPinfo for the site. Best wishes, J
