Metris

Advanced Search

Need to Remove "Sign In To Edit This Site" from all pages

Permalink Browser Info Environment
I develop a site for a nonprofit dedicated to security of electronic voting systems. It is a a fairly large site with nearly 10 years of information collected. Earlier this year we migrated to the Concrete 5 platform and the Metris theme, and it is beautiful.

Unfortunately since launching the new site I have had several complaints that the link "Sign In To Edit This Site" appearing on every page is a security hole, the type of which this organization stands against.

Unfortunately we are beyond the 30-day support period.

Concrete 5 discussions online suggest following this Themes: Customize: Add your CSS:
.sign-in {display:none;}

But in Metris here is no "Add your CSS."

Can any other users help me please?

I either need to get this taken care of, or I will have to redo the entire site on another theme and abandon Metris, or perhaps even move it to another platform (resulting in 100s of hours or work lost.)

Thank you in advance!


PS -- I also need instructions as to how I will sign it to edit the site after this link is removed -- very important!
Type: Discussion
Status: In Progress
yellowpony
View Replies:
VidalThemes replied on at Permalink Reply
VidalThemes
Hi There,

To remove the sign in link please follow the below steps:

1/ Access your sites files via your FTP software or your hosting companies File Manager.

2/ Go to the following location:

packages ▸ metris_theme ▸ themes ▸ metris_theme ▸ inc - footer.php

3/ Open up footer.php and starting on line 119 you should see this code:

<?php                   
         $u = new User();
         if ($u->isRegistered()) { ?>
            <?php                    
            if (Config::get("ENABLE_USER_PROFILES")) {
               $userName = '<a href="' . $this->url('/profile') . '">' . $u->getUserName() . '</a>';
            } else {
               $userName = $u->getUserName();
            }
            ?>
            <?php                   echo t('Currently logged in as <b>%s</b>.', $userName)?> <a href="<?php                   echo $this->url('/login', 'logout')?>"><?php                   echo t('Sign Out')?></a>
         <?php                    } else { ?>
            <a href="<?php                   echo $this->url('/login')?>"><?php                   echo t('Sign In to Edit this Site')?></a>
         <?php                    } ?>


Delete or comment it out, and the login link will no longer be available. to login now you will have to place the following on the end of your URL, like so: MYSITE.COM/index.php/login

To address the security concern, Concrete5 is no more vulnerable than any other site that you log into, Amazon, Ebay, Facebook, Google, they all use a link to a page where you log in, like the above mentioned sites, the only way they can be compromised via the login page is if someone has your username and password, its not possible to inject these fields with any form of code as its filtered out if anyone was to attempt to do so, its also not possible to access the the database in that manner either.

Hope that helps.

Regards

David
yellowpony replied on at Permalink Reply
yellowpony
Thank you so much; this worked beautifully.

concrete5 Environment Information

Not sure what this means

Browser User-Agent String

not relevant

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You may not request a refund that is not currently owned by you.