Can a remote user (logged into my computer via LogMeIn) capture my password as I log into a website?

I work for a large company with IT support that uses LogMeIn to take control of our PCs when troubleshooting. Today while being assisted I was asked to log into an internal website during a LogMeIn sessions in which the support analyst had control of my computer (presumably through RDP). Is it possible for the support analyst to capture my keystrokes and steal my password?

php – How to save checkbox values for logged in users?

Hello~ How can I have checkboxes save their values for a logged in user?

My WordPress website features various checklists in a table format. When a user finishes a task on the list, they would be able to tick one of the boxes to signify completion. That value should then be saved to the database, either automatically or by clicking a save button. When the user returns to that page later on, the boxes that they selected should remain.

(Page Example)

I only know how to insert a clickable HTML box, but that’s the extent of my coding knowledge. (Although I’m not entirely sure what values to include in that HTML for saving purposes.)

<input id="example" name="example()" type="checkbox" value="example">

How would I accomplish this? If you could go into a bit of detail, I’d really appreciate it, I’m a code newbie. n.n”

functions – REST-API access only for logged in users and a specific plugin/namespace

I have the code below in use, to allow only logged in users to access the REST-API, and now need to give a plugin also access to it. What is the easiest way to solve this?

The namespace of the plugin is something like this:

wp-json/plugin-which-needs-access/v1/*

My code so far:

function only_allow_logged_in_rest_access( $access ) {
    if( ! is_user_logged_in() ) {
        return new WP_Error( 'rest_API_cannot_access', 'Only authenticated users can access the REST API.', array( 'status' => rest_authorization_required_code() ) );
    }
    return $access;
}
add_filter( 'rest_authentication_errors', 'only_allow_logged_in_rest_access' );

amazon web services – Can we find IP that logged into linux EC2 and ran particular command?

We have a linux ec2 instance.

One of us logged into our ec2 and

ran a command,
say python --version.

I know the date and time they have run this command.

Now, Is there a way I can

find the IP from which they logged into our ec2 and run this command?

P.S. We all share a common user to run all commands. And I know the user id as well. If this helps, Please consider this to find me IP.

Do help.

amazon ec2 – Keep desktop up and logged in without RDP on EC2?

We have a very important (third-party) app running on our EC2 server that auto-closes if the machine is locked, or any kind of log-off is detected (not sure how it’s doing it exactly, that’s what it says in the docs).

We have been keeping an RDP session up to maintain it running for a while now, but we need something more reliable. I have searched high and low, and at this point I think RDP should be cut from the picture entirely.

Is there any way on god’s green earth to keep the server’s desktop up indefinitely? Do I need to fool it into thinking there’s a monitor hooked up? I’m getting desperate here!

Thank you.

navigation – In the main drop-down menu for a logged in user, is it actually useful to have a link to the user’s own profile page?

The core question is: Is it useful for users to have easy access to their own profile page on a website or app? Do users view their own pages often enough to warrant spending navigation menu space on it?

In the web app I’m working on, a user can currently access their own profile page view by going to settings page first, and then clicking on a tab within the settings page (called “user activity” for reference).

This profile page view is essentially what another user would see when they click on the user’s avatar or username. There is nothing that can be changed about it on that page, it only displays the user’s post history, their bio and their profile photo – all things that can be accessed via the settings -> “user activity” path, or (in the case of profile pic and bio) edited directly from settings.

Meanwhile, I’m advocating for including a link to the “user activity” profile in the main navigation dropdown menu so that the user can go directly to their own profile page, rather than having to go through settings.

Drop-down menus with and without profile link

I realized that I’m thinking this way because every other web app, mobile app, etc. do this, but I’m no longer sure whether it’s necessary. Are there any principles, case studies, insights or research that indicate that users really want, use or visit their own profile page if there’s nothing they can edit on it?

We’re trying to be scrappy on resources, and I got some dev pushback on including the profile link, so I want to be certain of this decision before pushing it to the team.

Also – we haven’t launched the product yet, and don’t have any users, so I won’t be able to test this with user tests for a while.

forms – admin post redirects to localhost when not logged in

I have a form that i’m trying to run an action when it’s dont
I send it to admin-post like this:

<form action="<?php echo admin_url('admin-post.php'); ?>" method="post">
    <input type="hidden" name="action" value="asaf_reset_password">

    <p class="form-row form-row-wide">
        <label for="reset_password_email"><?php esc_html_e( 'email', 'tt' ); ?></label>
        <input class="input-text" type="text" name="reset_password_email" id="reset_password_email" />
    </p>
    
    <p class="form-row">
        <input type="submit" class="button btn btn-blue" value="<?php esc_attr_e( 'Reset password', 'woocommerce' ); ?>"></input>
    </p>
</form>

And the function that is supposed to happen when it runs

function reset_password_asaf_action()
{
    echo $_POST('reset_password_email');
    die("test");
    wp_die();
}

add_action('admin_post_nopriv_asaf_reset_password', 'reset_password_asaf_action');
add_action('admin_post_asaf_reset_password', 'reset_password_asaf_action');

When i’m logged in everything works, but when im not logged in (it’s supposed to only trigger when not logged in) i get 302 from my form submission and redirected to localhost

php – async upload not working when not logged

I use this code to upload file from the front end.

        formData = new FormData;
        formData.append('action', 'upload-attachment');
        fileInputElement = document.getElementById('file');
        formData.append('async-upload', fileInputElement.files(0));
        formData.append('name', fileInputElement.files(0).name);
        formData.append('type', fileInputElement.files(0).type);
        my_nonce = document.getElementById('my_nonce').value;
        formData.append('_wpnonce', my_nonce);
        
        axios.post('/wp-admin/async-upload.php', formData, {
          headers: {
            'Content-Type': 'multipart/form-data'
          }
        }).then(function(response) {
          infos_contact.file_uploaded = response.data.data.filename;
          infos_contact.file_uploaded_url = response.data.data.url;
        })("catch")(function(error) {
          console.log(error);
        });

It’s working fine when logged, but not anymore when I’m not logged. Since it’s for the front end, it’s useless if it doesn’t work when not logged. I guess WP protect the upload function if you’re not logged for security reason.

Can I use a hook to bypass this protection ?

Thanks !