Today I bent the GUI so that my button changes to a new cgi file after the status image.
Now I am looking for a basic cgi file to output an HTML page.
The existing ones use a common template, which is of no use to me.
How did yo âbentâ the GUI?
A change to index.cgi uses the standards of IPFire ( CSS, ⌠). Where is then the problem?
Or did you only change the produced HTML? This isnât enough for many reasons. The GUI isnât just a static page ( this is the main purpose of HTML ).
In the index.cgi I donât see a way to insert a javescript, and there are several CSS but they all donât contain Java.
When I look at the page source code, Java script is indeed used. But I canât find out in which file it is stored to find out how to insert my code.
Under php I would have finished a long time ago, itâs just annoying.
index.cgi does contain javascript!
The plain *.cgi files do not contain the whole source, you must look at included files also ( as is obvious in a greater project, there are commonly used modules, header.pl for example ).
Concerning PHP, there are discussions about pros and cons here in the community ( and elsewhere ).
And no, IPFire doesnât contain java. The reason is obvious ( for me 
).
BTW: Did you read and comprehend Peterâs post above?
Yes, but thatâs no use if you only have the browser window.
A VM is already running on it.
Java script is very well contained in the transmitted html pages.
If I knew where it was in the directories, I could simply attach my function() for testing purposes.
It wonât work this week anyway, I have other things to do.
What about the idea of using a different type of browser, say if the main one is Firefox, are you able to install Chrome? Independent browsers use their own cache directories, and so you wouldnât need to close the main browser the IPC is using to run and you can do everything on a separate one and close that when you are done
1 Like
I fear the rights on the IPC are very restricted. That may be a good design, if the IPC is a system dedicated to special tasks. But we donât know, because @pic18f2550 isnât willing to tell us more about it. 
Nevertheless it is urgent to have a seperate maintainance access to IPFire ( dedicated for network security ). For emergency tasks a real console access ( not SSH, but monitor/keyboard or serial ), for all-day tasks an independent WUI access ( IPFire is designed for configuration through WUI mainly).
Hello Bernhard,
sorry that Iâm only now reporting but Iâve caught the witch, now I binn equal times 20 years older.
I really only have the open browser (Firefox âGot sei Dank was gescheitesâ) as access.
A detailed description of the system is not purposeful because that optiohnen are, which are unfortunately not available to me.
If you donât really know your system to maintain, you cannot really configure it.
And, as stated above, it is necessary ( use the german mathematical term ânotwendigâ ) to have a dedicated access to the firewall. It isnât sufficient, to do this from client in the LAN only.
Bernhard,
I donât know what you want.
There is only the GUI, the rest is closed and not accessible without tools in explosion-proof design. End of the useless discussion.
You are right! In this case the discussion is really useless.
If your only device to administer the internet access device ( IPFire ) is a dedicated process control display ( with associated IPC ), you cannot really configure the firewall.
In terms of security it isnât acceptable, that IPFire configurations are done from an normal user device. Those tasks should be done by the administrator only from his own device. Access to this device must be controlled by policies ( not in the electronic system ).
Regards,
Bernhard
So because I canât get a logout in the GUI, I made a USB dongle.
About a cronjob the presence is checked.
If no, the authorization list is deleted.
If it is plugged in, the authorization list is transferred from the dongle to the IPFire.
1 Like
Thatâs getting more and more obscure.
You are not allowed to fully administer IPFire with an extra PC, but you can plug in an USB stick for authorization and add an arbitrary cron job.
If all this is possible, why canât you open a second browser window?
Sorry, if my post may offend you. But I want to understand your situation and configuration, to be able to help you.
Because I canât/arenât allowed to change anything on the PC.
But the IPFire is mine.
I have the rights here because it has nothing to do with the control.
I thought that was already clear because I was already screwing around in the cgi.
Hi @pic18f2550
I found links that might be interesting for you:
Enable log-out from Apache 2.4
Apache Module mod_auth_form
Apache Module mod_session_crypto
mod_auth_form looks very interesting as the login function is still handled by Apache. It seems that the existing CGIs wonât need to be changed for this.
But it stores the authentication info in a session cookie. This might introduce other security risks and should only be used with mod_session_crypto enabled.
@pmueller do you have any insight into how safety-critical this change would be? The Apache modules look promising to me, but I donât want to recommend anything unsafe.
Kind regards
Leo
So the dongel solution works.
If the dongle is plugged in, you can log in; if it is not plugged in, the GUI jumps to the login screen after the refresh time.
Thatâs all I want.
Now the dongle will get an RFID interface so that I can also use it in ex-zones.
Congrats!
Could you please provide more details for other users?
Our community lives from those suggestions.
-Bernhard
I donât think anyone is interested in such a crooked crutch.
I would have preferred a button on the GUI.
The only advantage now is that I can control some things:
PWM outputs: 2x max. 10 bit resolution, 3kHz ⌠480kHz
LCD connection: 2x each up to 2x40 or 4x20 characters with HD44780 control
Stepper motors: 4x 4-phase 4 HzâŚ10000 Hz half step/full step (unipolar motor)
4x L297 interface 4 HzâŚ1000 Hz
Model servos: 13x Setting in 100 steps each
These all are no IPFire functions. How is this related to your original question?
Surely you can mix this up, but I think it is a problem of the design of the system you are working with.
