webeno

OK, this is very confusing now, so let me try to clarify.

1. What happens to links that I marked “Not Broken”, you said they’re checked but not reported. So what does that mean? The plugin checks them in the background, but doesn’t report about them anymore, unless their response changes?
2. Going out from the above, if I do an individual “recheck” and nothing changes in the list, does that mean BLC detected them as broken again?
3. Also going out form point 1, if I do a “recheck all”, then I see the queue emptying, but remaining with the same list as before, does that mean BLC still sees all of them being broken still?

3+1. How can I clean this list (without touching the actual posts), and do a “fresh” recheck?

Thanks.

I did “re-check” all pages, it still brought up one more with a link that was already changed in the db.

You said “They’re still checked, but normally they won’t get reported again” – that doesn’t help me a lot, if I don’t know about the check.

I now tried the “recheck” option on an individual link that was reported as broken, it said “wait…”, then changed again to “recheck”, and the link remained there in the list, with the “last checked” column emptying, nothing else changing.

Note that all of these links now show up in the “All” tab, nothing is under “Broken (0) |Warnings (0) |Redirects (0) |Dismissed (0)”.

I now selected all (15 links, even the ones that are 200 OK), and chose “Recheck” bulk action. It says they’re in the queue.

How do I know when they’re finished? Can I not force it to be done there and then? No one is really using the site / db, so I am ok for it to run immediately.

How do you explain the fact that BLC still found old links following a re-check?

Also, are links marked as “Not Broken” ignored in the re-check?

Sorry, I don’t quite get that. When making changes to wp_post, it’s pretty much like if I made the same changes through WordPress, so that doesn’t really explain to me why BLC would see those links. Where is it looking, not in the DB?

Or are you saying these reports are ones that have been collected during those few minutes between the time I first uploaded the site, and my DB changes?

What I did trying to correct this was that I selected “Not Broken” for all the detected links, then I clicked “re-check”. Next time I logged in the plugin found another post with an old link, though, again, this did not have the old link in it.

Cheers, mate. Thanks for creating this plugin anyway, great work! ??

It’s really a nice thought that people wouldn’t bother breaking code, but it is actually happening. I’d rather take care of it now than having to think of what I have lost after it’s done.

To your question at the beginning: the server would know to extend the session has been described in my point 2: “check if the session variable for the timer being on is set” – this variable would be updated by javascript every time there is activity on client side. This step would basically also take care of javascript being deactivated, as in that case the server side code would make the user log out.

As to sending a GET to the server, doesn’t it need a page reload for it to work? Or else, considering the login time is stored in the server, wouldn’t you need a database connection made by the client-side script in order to know that you can keep the session alive…?

well, if I’m already allowing the user to extend their session with every page load, doing a similar action (extending the session) with a client side script (making sure it is built so that it does not to allow too much access to the server side stuff or sensitive info) shouldn’t be any less secure, right? the server side check would still remain and include a check to see if the client side code has been executed (ie. javascript enabled) at all or not.

so basically what i would do…

…if the user doesn’t reload the page:
1. at session start (successful login), i’d create a session variable (server side) with a token and add this token to the db along with the login time. setup a timer on client side ensuring user activity (mouse move, keystroke) reset the timer and updates a different session variable basically storing the info that the timer is on (not yet expired).
2. when close to end of time and no activity, pop-up coming up with a countdown and logout (this one would log the user out, both session variables are cleared, login time cleared from db) / continue options (latter one would reset the timer).
3. when time expires and no response, user is logged out, both session variables are cleared, login time is cleared from db.

…would the user reload the page:
1. check the first session variable with the token against the db
– if not present, log the user out (clearing everything)
– if present…
2. check if the session variable for the timer being on is set
– if not and time defined counted from login time stored in the db has expired, log the user out (clearing everything)
– if yes, keep the session alive

did i miss anything? where is the security flaw, to your opinion?

Don’t you have to load a page or reload at least in order to monitor clicks server side? I have seen a way around actually reloading the page using a self-closing pop-out that actually does the check and closes itself afterwards if the request is valid (user is a valid user). Were you referring to this?

Well, most of the web apps, even bigger ones, use some method of logging out clients after a certain time of inactivity and they seem to measure time by checking clicks and keystrokes, so it’s certainly a client side check that they’re making. How do they do it to remain secure?

any taker? ??

Alright, not sure why you have ‘code’ if you cannot paste it, but anyway, i used pastebin this time:

code of my blog.php page

Note: I tried to copy archive.php from where the category page seems to be called, but that didn’t do the trick either.

Thanks a lot for your help in advance!

cheers, mate ??

smart one, Curtiss, just one question: do you know if WordPress prevents you from doing the same thing on htaccess side? i mean, if i do not setup a page for start page but apply a htaccess redirection, it does not seem to do anything (like if it would completely disregard that part of the code).

note: i used the code in this article, but tried others too to include within the <IfModule> tags on the htaccess file in the root folder of my wordpress site.

I’m looking for a solution for the same thing. Thanks guys for your help in advance! ??