I am new to liferay 5.1 technology.
I by mistake removed the login portlet and now I am not able to login into the application.
I mean login portlet is no more visible any help would be of great help.
Can you please try hitting the following url?
localhost:8080/c/portal/login
Replace host and port with your host and port number.
If it doesnt work out try doing the following.(Make sure the package is correct as i am not aware of package path in 5.1)
http://www.liferay.com/community/forums/-/message_boards/message/5005621
Actually, with enough persistence, it would be also possible to lock yourself out of access to /c/portal/login (as of Liferay 6.0.6). This can be done by setting community home page to a hidden "redirect" page (as opposed to default "portlet" page), causing /c/portal/login to redirect wherever the home page redirects.
Liferay tries to prevent from doing so by issuing alerts whenever you try to make home page hidden. But you can make some page hidden and then drag&drop it to the first position in site map root level.
The reason behind doing so is to achieve a certain appearance of portal navigation (which would otherwise require some mangling in theme), i.e. make home page redirect to one of it's children.
Going back to the topic, when /c/portal/login fails, there is one another, more reliable (yet more ugly) method of getting to what one would call a login page - append this: ?p_p_id=58&p_p_state=maximized to any non-redirecting Liferay page (and probably drop any other GET parameters if existent). This is also basically what /c/portal/login does - but it appends it to home page, so if home page is a redirect page it fails display login portlet in it's maximized state.
Related
I want to use FirebaseUI in redirect mode, as opposed to the current popup mode I'm using. But I don't want to have a separate dedicated login URL, instead I want the user to be able to log in from any URL (using a custom dialog as the UI container for FirebaseUI).
The problem I run into is that when starting the login process, I show the dialog and the user selects their auth provider, gets redirected to the auth website, but then they are redirected back to the original URL on my website.
Now the UI container dialog is not displayed and firebaseUI.start() doesn't get called because the webpage doesn't know that the user is in the process of logging in. The result is that nothing happens - the user is halfway through the login process.
Is there any way I can specify a URL for the first redirect? I'm not talking about the final signInSuccessUrl config parameter, but something similar for the first redirect back to my website?
That way I'd be able to send the original URL that started the login process along with a flag or something that tells the webpage that the user is in the middle of a login flow so that it can display the login process UI container and call firebaseUI.start() to perform the last redirect.
You can start FirebaseUI from any URL but the underlying signInWithRedirect always return to the same URL. Calling start on redirect will complete the sign in. If you have some condition, where you don't always display the sign in UI, you can use some flag pendingRedirect which you save in sessionStorage and check before rendering the UI to complete the sign-in on return. You would clear that after rendering.
I need help figuring out how to allow users who login go back to the page that they were on before being sent to the login page. Here is a quote from my boss:
Sometimes I forget to sign in and I go to a page, click and get the
notice about joining or signing in. That is fine, but is there a way,
once I sign in to open the page I was trying to open prior to signing
in, instead of having to go through all the navigation again?
I'm using PHP to do this project.
Whatever mechanism forwards the user to the sign-in page should include the original page's URL as a parameter. Something like:
header('Location: http://example.com/login.php?redirectTo=' + urlencode($_SERVER['REQUEST_URI']));
Then the login.php page can redirect to that page after the user authenticates:
header('Location: ' . $_GET['redirectTo']);
You may want to put in some checking on the redirectTo value in login.php to make sure nobody's trying to do anything malicious, I suppose. Though I can't currently think of anything malicious they could do. (Though you would want to include a default if no URL was provided.)
But the general idea is that the authentication mechanism provides the login page with a redirect URL when it detects that the user needs to login.
Whan any user is hitting url
http://abc.xyz.com/web/12345/home Liferay Welcome page is coming up where user can see options like calender, language, dictionary etc. I am using Liferay 5.2.3. Can anyone suggest me how to disable this URL?
Can the URL be blocked from Apache?
You're probably referring to a user's personal page - this is a public page and you can configure Liferay so that users don't have personal (public) pages. As long as the users have personal and public pages, they are, well, public: If you navigate to them, you'll get to see them. You can make them private pages (thus the URL will change to /group/12345/home) and - at least - require a login. But as long as you have a public page in your portal, it will be shown.
(You can also change permissions on every single page, but that's probably what you also don't want)
Can you block on apache level? Yes. But why change at the entry point when you can also get rid of the root cause - e.g. properly configure the pages and access levels.
Also, Liferay 5.2.3 is quite ancient now. You should really consider to upgrade
I'm writing a Web Application using ASP.NET 4.0 and C#. In my application when I logout the page redirects to the Default page. But when I click the back button in my browser, it goes back to the Web page that I was working even though I'm logged out.
How do I stop it doing this?
You could set cache headers in authenticated pages to avoid them being cached downstream on the client. Here's an article you may take a look at.
So you could set the following headers on authenticated pages:
Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
This could also be done in a custom HTTP module to avoid repeating the code in all pages.
I am using the Drupal Secure Pages module to secure sensitive pages (such as login and admin pages). I am running into two issues with this:
I am able to login securely on the login page using https. However when I traverse to a non-secure page such as the home page, the browser completely forgets that I am logged in (instead of my username, the login link shows up). (The problem goes away as soon as I disable the Secure Pages module.)
Since the secure pages are getting their images using non-secure URLs, the browsers are showing warning messages. For example, "The site uses SSL, but Google Chrome has detected insecure content on the page."
Is there any clean solution to these issues?
The recommendation here was to make the entire site secure, which seems like an overkill for my site (essentially an open source community). Having said that, how much of a performance hit does something like this incur, roughly?
Thanks.
I was able to solve the issue with non-secure pages not remembering the login state. The solution was to add this line to sites/default/settings.php: $conf['https'] = TRUE; You can see the details here.
As far as I can tell, issue #2 was a browser caching issue. I cleared all the caches and cookies and the problem seems to have gone away!