Blogs

As you can see I have made some more changes to this website. The new menu structure was quite beautiful but it didn't navigate very easy. So I created a new menu containing all content on this site, previously each content type had its own separate menu. Then I used the JQuery Menu module to export this menu as a JQuery menu block which I placed in the left sidebar. After that of course I disabled the suckerfish menu in the top except for the user menu for logged on users. I also did some restyling of the new menu, mainly the colors.

So now I have a working menu with several collapsible layers in it. Unfortunately I still cannot auto sort on published or created date in the menu so I still have to manually adjust the weigths of menu items, this still bothers me.

All of this sounds quite simple of course but I had to manually edit each item on this site to change the menu location. Luckily I have the menu clone module so I could clone the biggest menu as a start and work from there but trust me, that isn't the only big menu I had! This took quite a lot of time of boring repetitive work. Next I'll code something to do it for me

Anyway, due to this the layout changed a bit, the sidebar on the right is now empty, the latest blogs block there became quite pointless and by having both sidebars filled the site became quite narrow. So I moved the latest drawing and random picture and the Sonad Ad also to the left sidebar.

A while ago I decided it was easier for people who have an account on this site to get redirected to a kind of overview page which shows the latest content (kind of like the block on the front page but with some more options). So I googled and found a very easy way to do this, with Triggers and Actions, the Triggers module is part of the Drupal 7 core so I didn't have to bother with extra modules, it looked like perfect solution.

1. Define an action which redirect the user to a certain page
2. Connect the trigger "After a user logs in" to the action defined in step 1

Easy right? Until someone forgets his password!

Forgotten password

So I had this user who forgot her password, she used the password reset option on my website and got a nice email giving her a 'one time login link' (I'll get back to that). After a few days she told me she didn't get to the one time password change option but got redirected to the overview page. And when she navigates to her user profile she needs to enter the old (forgotten) password to change it.

Of course this is not how it was meant to be! I did the quick and dirty fix and changed her password and e-mailed this to her but still, this made me annoyed, people would always need my intervention if they forgot their password. No big deal on this site with a total of 5 user accounts but not a solution you want on a site with 500+ users.

Login Destinations

So I started using my good old friend Google again today and found this module: Login Destination. From the description this was exactly what I was looking for, giving multiple redirect options. After installing I went to configure it and it didn't really give me different options as triggers, login, registration and one-time login link where bundled in one check-box. It does allow for multiple rules and for rules for different user roles but it doesn't allow for a rule for one-time login and a separate rule for normal login. So my first reaction was 'close, but no cigar.'

Luckily I still took the effort of testing and to my very pleasant surprise the developers had actually thought about this part and the module actually first redirected to the password change option and only after saving the new password it redirected to overview page I created. This was exactly what I needed. Kuddos for the developers of this module.

One-time login links

To my surprise, before the user who has a problem with her password actually told me about it she had already used here 'one-time' login link several times! Of course I looked in to this. My first theory was they might only remove the one-time link after the password was changed by the user. So I created a test account, activated this and used the one-time link. Immediately after clicking the link I knew why it wasn't a one time link. It actually says so on the login screen, the link is valid for one month.

Even with my background in security I don't see this as high security risk since the link contains a 43 characters long randomly generated string and the user ID. The user ID is guessable, the string, you'll have to find a user with a reset link enabled and still valid and then guess the string, not very likely, not even with a lot of computers trying. What is a little more risk is if someone manages to get this link from a mailbox or browser history. So I would like to argue for a trigger on a password change which deletes the one-time link from the database since this would be the most secure option in my opinion.

Ik herken het gevoel wel een beetje

Songtekst van 'From Afar' door Ensiferum:

A raven came to me,
Spoke to me in my dream.
A long lost prophecy,
A forgotten legacy.

Echoes of yesterday,
Won't let these dreams fade away.
All the beauty I adored,
At the edge of the world.

Across the universe,
Time is to be reversed.
No shelter can be found,
To this fate, we are bound!

Behold the final hour,
The last times will be dour.
All life falls into gorge
Of the end of the world!

"Burning skies
On the vengeances night.
Devastating scythe,
Of the ancient Light."

I saw the might,
Of the ancient Light!
And the beauty of the perishing world,
There's no tomorrow.
We have been warned.

"The sky's bird struck fire,
Made a flame flare up.
The north wind burnt the clearing.
The north-east quite consumed it:
It burnt all the trees to ash and reduced them to dust."

Songtekst van 'A rose for Epona' van de band Eluveitie:

Do you feel the thorns?
Do you see the tears?
Do you see the bloodshed in this fell war?

Have you forsaken us?
Have you forgotten our faithful men calling your name?

While I stand before you
While we perish
While I lay down a crimson rose
While holding hands are forced apart
While hopes bog like condemned men
Were you there?

The sky is falling on me
As your hand's turning old and weak
I'm giving myself upon to thee
A futile sacrifice gone sere

In your nemeton
These grey stone walls are cold and silent
As the fallen mother gone deaf
Mistress of shattered hopes
And forever broken dreams
Were you there?

The sky is falling on me
As your hand's turning old and weak
I'm giving myself upon to thee
A futile sacrifice gone sere

Epo, Epo, why has thou forsaken me?
Together we go unsung
Into thy hand I commend my spirit
Together we go down with our people

Were you there?
Were you there?

The sky is falling on me
As your hand's turning old and weak
I'm giving myself upon to thee
A futile sacrifice gone sere

Falling on me...