I've put together a sidebar login/logout plugin that I'd like to share and get some feedback on - in particular, from a security perspective.
Available here: http://www.pigslipstick.com/_product/se ... rlogin.zip
I'm doing this to more elegantly handle non-admin user's who don't need to see the admin backend, but have read permissions to certain non-public categories.
I've read quite a few posts dealing with login/logout and taken a slightly different approach (sort of...I think) whereby I POST serendipity[user] and serendipity[pass] to serendipity_admin.php in a hidden iframe in the sidebar panel.
For logout, I simply load serendipity_admin.php?serendipity[adminModule]=logout into the same iframe.
In both cases, I reload the window: window.location.href=serendipity_currentURL().
If there's a simpler way to manage a login from the front page, without having to direct the user to the backend first, I'm all ears, but as far as I can tell, there is no api that does this.
Speaking of which, I've read a little (only one post seems to exist) about the checkPermission hook, but can't get it to function/return anything. It would be nice, without having to setup a very long IF condition, as in:
Code: Select all
if(serendipity_checkPermission('adminUsers') || serendipity_checkPermission('adminUserGroups') || and so on) { show button } else { don't }
Thanks in advance,
Adam