(1) User's password on the server is encrypted by crypt().
(2) Uploaded files can be accessed without authentication by directly indicating their URLs. This problem can be avoided by using fileuploader.cgi. mod_rewrite is required for this purpose.
1. Set HTTP inaccessible path to $datapath in PositLogConfig.pm.
2. Set rewrite rules to .htaccess as follows :
(change the pass of fileloader.cgi according to the server environment)
RewriteRule ^(.*)([0-9]{6}[a-zA-Z]{2})(/Image/.+)$ /fileloader.cgi?page=$2&path=$3 [L]
RewriteRule ^(.*)([0-9]{6}[a-zA-Z]{2})(/File/.+)$ /fileloader.cgi?page=$2&path=$3 [L]
3. Set fileloader.cgi in the same directory of positlog.cgi
4. Set 1 to $filesecure in PositLogConfig.pm
Note that file access through fileuploader.cgi is slower than that by direct access.