A number of minor fixes
A number of minor fixes

--- a/Resources/info.php
+++ b/Resources/info.php
@@ -53,12 +53,12 @@
 
 
 
-// We only to do key generation if  we're not on a SSL connection
-if (!BTMain::getConnTypeSSL() && !BTMain::getConf()->forceTLS):
+// We only to do key generation if  we're not on a SSL connection or if the system is configured to force use
+if (!BTMain::getConnTypeSSL() || BTMain::getConf()->forceTLS){
 
 
 // If the key is still valid and we know the browser has already retrieved it, just tell the browser to use the cache
-if  ((time() < $expiry) && ($_COOKIE['PHPCredLockerKeySet'] == 1) && ($expiry) && (!empty($tls))){
+if  ((BTMain::getVar('forceload') != 'y') && (time() < $expiry) && ($_COOKIE['PHPCredLockerKeySet'] == 1) && ($expiry) && (!empty($tls))){
 header("HTTP/1.1 304 Not Modified");
 die;
 }
@@ -137,7 +137,7 @@
 
 
 
-else:
+}else{
 // We don't need to generate keys as we're on a SSL connection
 
      foreach ($apiterms as $value){
@@ -160,8 +160,7 @@
     header("Pragma: cache");
     header("Cache-Control: Private, max-age=$seconds_to_cache");
 
-
-endif;
+}
 
 
 

--- a/Resources/main.js
+++ b/Resources/main.js
@@ -511,7 +511,7 @@
   {
 if (xmlhttp.readyState==4 && xmlhttp.status==200)
     {
-    resp = decryptAPIResp(xmlhttp.responseText,key).split(getDivider());
+    resp = xmlhttp.responseText.split(getDivider());
     // Check for an invalid verb response
     if (resp[1] == 2){
      return unknownAPICommand(); 
@@ -519,7 +519,8 @@
     
     if (resp[1] == 0){
      // Session Invalid
-     
+    removeCurrKey(0);
+    
     cookies = document.cookie.split(";");
    
     for (var i = 0; i < cookies.length; i++){
@@ -772,8 +773,19 @@
 		   }
 		   
 		    if (table.rows[r].cells[6]){
+		     
+		      
+		     add = table.rows[r].cells[6].innerHTML.split("=");
+		      
+		     res.setAttribute('entid2',add[0]);
+		     res.setAttribute('entid2val',add[1]);
 		      
 		     add = "&"+ table.rows[r].cells[6].innerHTML;
+		     
+		     
+		     
+		     
+		     
 		    }else{
 		     add = ''; 
 		    }
@@ -839,6 +851,8 @@
   document.getElementById('SrchOpt').value = SearchResult.getAttribute('link');
   document.getElementById('SrchID').name = SearchResult.getAttribute('frmName');
   document.getElementById('SrchID').value = SearchResult.getAttribute('entID');
+  document.getElementById('SrchID2').name = SearchResult.getAttribute('entid2');
+  document.getElementById('SrchID2').value = SearchResult.getAttribute('entid2val');
   document.getElementById('SearchBox').focus();
  
 }
@@ -959,16 +973,7 @@
 function unknownAPICommand(){
  // The API reports that the verb used wasn't recognised. We need to refresh the key file  
   
-  var sess,sessid,parent,frm,notify;
-  
- 
-  
-  
-  
-  sess = document.getElementById("kFile");
-  sessid = sess.getAttribute('src');
-  parent = sess.parentNode;
-  notify = document.getElementById('NotificationArea')
+  var notify = document.getElementById('NotificationArea');
   
  clearInterval(sesscheck);
  
@@ -985,25 +990,37 @@
   notify.innerHTML = "<div id='apiError' class='alert alert-info'>Attempting to rectify API issue. Window will refresh when ready</div>";
  
   destroyKeys();
+  removeCurrKey(1);
+  
+}
+
+
+
+function removeCurrKey(n){
+  
+  var frm,
+  sess = document.getElementById("kFile"),
+  sessid = sess.getAttribute('src'),
+  parent = sess.parentNode;
+  
   parent.removeChild(sess);
   
   // We need to delete the cookie, but can't do that from the current location
   frm = document.createElement('iframe');
   frm.setAttribute('id','kfile');
-  frm.setAttribute('src',sessid);
+  frm.setAttribute('src',sessid+'&forceload=y');
   frm.style.width = '0px';
   frm.style.height = '0px';
   frm.style.border = '0px';
   document.body.appendChild(frm);
   // Wait 500 milliseconds so we can be sure it's loaded
-  interval = setInterval("reloadKeyf('"+sessid+"')",500);
-  
- 
-}
-
-
-
-function reloadKeyf(sessid){
+  interval = setInterval("reloadKeyf('"+sessid+"',"+n+")",500);
+  
+}
+
+
+
+function reloadKeyf(sessid,n){
   var frm, date, notify;
   
   clearInterval(interval);
@@ -1018,12 +1035,13 @@
   frm.setAttribute('id','kFile');
   
   // Append a string to ensure the browser doesn't use the cache.
-  frm.setAttribute('src',sessid+date.getTime());
+  frm.setAttribute('src',sessid+'&forceload=y'+'&rand='+date.getTime());
   
   document.getElementsByTagName("head")[0].appendChild(frm);
   
  
-  if (window.getKey != ''){
+  if (window.getKey != '' && n == 1){
+    
     notify = document.getElementById('apiError');
     notify.parentNode.removeChild(notify);
     
@@ -1102,7 +1120,7 @@
   
  if(typeof getKey != 'function') {
    
-   if (confirm("Key retrieval failed - Attempting to rectify, Click OK to continue - Screen will refresh")){
+   if (confirm("Key retrieval failed - Attempting to rectify, Click OK to continue - Screen may refresh")){
    
    var i,
 	cookies = document.cookie.split(";");
@@ -1111,7 +1129,15 @@
     KillCookie(cookies[i].split("=")[0]);
     }
    
-   window.location.href = location.reload();
+   removeCurrKey();
+   
+    if(typeof getKey == 'function') {
+      alert("Keys retrieved successfully");
+      return true;
+      
+    }
+   
+   window.location.reload(true);
   return false; 
   }
  }

--- a/conf/plugins.php
+++ b/conf/plugins.php
@@ -17,6 +17,7 @@
 $plugins->Creds = array('AutoAuth');
 $plugins->CredTypes = array('AutoAuth');
 $plugins->Cron = array();
+$plugins->Resources = array('ExternalResources');
 
 
 

--- /dev/null
+++ b/conf/plugins/ExternalResources/config.php
@@ -1,1 +1,20 @@
+<?php
+/** ExternalResources plugin Config
+*
+* Copyright (C) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/
+defined('_CREDLOCK') or die;
 
+// Set this to false to disable the plugin
+$this->active = false;
+
+
+// URL to prefix resources with (don't include a trailing slash)
+$this->url = "";
+
+
+?> 
+

--- /dev/null
+++ b/conf/plugins/ExternalResources/index.html
@@ -1,1 +1,2 @@
+ 
 

--- a/lib/API.php
+++ b/lib/API.php
@@ -38,14 +38,7 @@
    if (empty(BTMain::getUser()->name)){
     
     ob_end_flush();
-    $op = BTMain::getip().$opDivider."0".$opDivider."Access Denied".$opDivider;
-
-
-    if (!BTMain::getConnTypeSSL()){
-    $op = base64_encode($crypt->xorestring(base64_encode($op),$tlskey));
-    }
-
-    echo $op;
+    echo BTMain::getip().$opDivider."0".$opDivider."Access Denied".$opDivider;
     die;
     }
    
@@ -115,7 +108,9 @@
 
 
 case 'checkSess':
-    echo "OK";
+    ob_end_clean();
+    echo BTMain::getip().$opDivider."1".$opDivider."OK".$opDivider;
+    die;
     break;
 
 

--- a/lib/output.php
+++ b/lib/output.php
@@ -109,8 +109,9 @@
 
 global $notifications;
 $nots = $notifications->getNotifications();
-
-  if ($notifications){
+$str = array();
+
+  if ($nots){
   
       foreach ($nots as $not){
       $id='';
@@ -140,26 +141,47 @@
 global $notifications;
 $page = $notifications->getPageInfo();
 $conf = BTMain::getConf();
+
+
+$plg = new Plugins;
+
+
+    $resourcespath = "Resources";
+
+
+// Call any configured plugins
+     $data->resourcespath = $resourcespath;
+     $data->action = 'loadresource';
+
+       
+    $plgoutput = $plg->loadPlugins("Resources",$data)->plgOutput;
+    
+    if (!empty($plgoutput)){
+    $resourcespath = $plgoutput;
+    }
+
+
+
 ?>
       <title><?php echo $conf->ProgName;?> - <?php echo htmlentities($page->title);?></title>
-      <link rel="stylesheet" type="text/css" href="Resources/jquery.tooltip<?php echo $conf->JSMinName;?>.css" />
-      <link rel="stylesheet" type="text/css" href="Resources/bootstrap/css/bootstrap<?php echo $conf->JSMinName;?>.css" />
-      <link rel="stylesheet" type="text/css" href="Resources/bootstrap/css/bootstrap-responsive<?php echo $conf->JSMinName;?>.css" />
-      <link rel="stylesheet" type="text/css" href="Resources/jquery.tooltip<?php echo $conf->JSMinName;?>.css" />
+      <link rel="stylesheet" type="text/css" href="<?php echo $resourcespath; ?>/jquery.tooltip<?php echo $conf->JSMinName;?>.css" />
+      <link rel="stylesheet" type="text/css" href="<?php echo $resourcespath; ?>/bootstrap/css/bootstrap<?php echo $conf->JSMinName;?>.css" />
+      <link rel="stylesheet" type="text/css" href="<?php echo $resourcespath; ?>/bootstrap/css/bootstrap-responsive<?php echo $conf->JSMinName;?>.css" />
+      <link rel="stylesheet" type="text/css" href="<?php echo $resourcespath; ?>/jquery.tooltip<?php echo $conf->JSMinName;?>.css" />
 
     <?php foreach ($page->css as $css):?>
-	    <link rel="stylesheet" type="text/css" href='Resources/<?php echo $css;?>.css'/>
+	    <link rel="stylesheet" type="text/css" href='<?php echo $resourcespath; ?>/<?php echo $css;?>.css'/>
     <?php endforeach;?>
 
       <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
-      <script type="text/javascript" src="Resources/bootstrap/js/bootstrap<?php echo $conf->JSMinName;?>.js"></script>
-      <script type="text/javascript" src="Resources/jquery.tooltip.min.js"></script>
+      <script type="text/javascript" src="<?php echo $resourcespath; ?>/bootstrap/js/bootstrap<?php echo $conf->JSMinName;?>.js"></script>
+      <script type="text/javascript" src="<?php echo $resourcespath; ?>/jquery.tooltip.min.js"></script>
       <script id='kFile' src="Resources/info.php?<?php echo md5(session_id().$_SERVER['REMOTE_ADDR']); ?>" type="text/javascript"></script>
-      <script src="Resources/main<?php echo $conf->JSMinName;?>.js" type="text/javascript"></script>
-      <script src="Resources/base64<?php echo $conf->JSMinName;?>.js" type="text/javascript"></script>
+      <script src="<?php echo $resourcespath; ?>/main<?php echo $conf->JSMinName;?>.js" type="text/javascript"></script>
+      <script src="<?php echo $resourcespath; ?>/base64<?php echo $conf->JSMinName;?>.js" type="text/javascript"></script>
 
     <?php foreach ($page->reqscripts as $script):?>
-      <script src="Resources/<?php echo $script;?><?php echo $conf->JSMinName;?>.js" type="text/javascript"></script>
+      <script src="<?php echo $resourcespath; ?>/<?php echo $script;?><?php echo $conf->JSMinName;?>.js" type="text/javascript"></script>
     <?php endforeach;  if (!empty($page->custJS[0])):?>
 
       <script type="text/javascript">

--- a/modules/search-table/search-table.php
+++ b/modules/search-table/search-table.php
@@ -317,6 +317,48 @@
       endif;
 
 
+    if (isset($plugins->CredTypes)):
+  foreach($plugins->CredTypes as $plugin=>$status){
+	  ?>
+
+  <tr>
+    <td><?php echo $plugin; ?> (<?php echo Lang::_('Credential Type');?> Plugin)</td>
+    <td>Plugin:</td>
+    <td><?php echo $plugin; ?></td>
+    <td></td>
+    <td>plg</td>
+    <td>plgInfo</td>
+    <td>type=CredTypes</td>
+  </tr>
+
+	<?php
+	  }
+
+
+      endif;
+
+
+
+ if (isset($plugins->Resources)):
+  foreach($plugins->Resources as $plugin=>$status){
+	  ?>
+
+  <tr>
+    <td><?php echo $plugin; ?> (Resources Plugin)</td>
+    <td>Plugin:</td>
+    <td><?php echo $plugin; ?></td>
+    <td></td>
+    <td>plg</td>
+    <td>plgInfo</td>
+    <td>type=Res</td>
+  </tr>
+
+	<?php
+	  }
+
+
+      endif;
+
   endif;?>
 
 

--- a/modules/search/search.php
+++ b/modules/search/search.php
@@ -21,6 +21,7 @@
 <form class="navbar-search hidden-phone" id='SearchForm' name='SearchForm'>
 <input type="hidden" name="option" value="" id="SrchOpt">
 <input type="hidden" name="id" value="" id="SrchID">
+<input type="hidden" name="tmp" value="" id="SrchID2">
 
 
 <input type="text" 

--- /dev/null
+++ b/plugins/Blargle/ExternalResources/ExternalResources.php
@@ -1,1 +1,89 @@
+<?php
+/** ExternalResources plugin - Allows static assets (JS and CSS) normally in the resources directory to be stored on a seperate server
+*
+* Copyright (C) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/
+defined('_CREDLOCK') or die;
 
+
+/**                            Resources PLUGIN STARTS                            **/
+
+
+
+/** Credentials Plugin class
+*
+*/
+class plugin_ExternalResources_Resources{
+/** Load the plugin configuration
+*
+*/
+function config(){
+require 'conf/plugins/ExternalResources/config.php';
+}
+
+
+
+/** Return the plugin details
+*
+*/
+function getDetails(){
+$details->Name = "plg_ExternalResources";
+$details->Description = "Allows the contents of the Resources directory (excluding info.php) to be moved to another server";
+$details->Author = 'B Tasker';
+$details->License = 'GNU GPL V2';
+return $details;
+}
+
+
+/** Get current status
+*
+*/
+function getPlgStatus(){
+$this->config();
+return $this->active;
+
+}
+
+/** Class Entry Point
+*
+* @arg data - object, will contain
+*
+*/
+function PlgCall($data){
+// Load the plugin config
+$this->config();
+
+// Check the plugin is actually enabled
+if (!$this->active){ return; }
+
+
+
+
+
+  switch($data->action){
+
+    case 'loadresource':
+  
+    if ($this->url && (!empty($this->url))){
+    return $this->url;
+    }
+    return false;
+    break;
+
+
+    
+    }
+
+
+
+}
+
+
+}
+
+
+
+?>

--- /dev/null
+++ b/plugins/Blargle/ExternalResources/README.html
@@ -1,1 +1,98 @@
+<h2>Contents</h2>
 
+<ul>
+  <li><a href="#about">About AutoAuth</a></li>
+  <li><a href="#plgConfig">Plugin Configuration</a>
+  <li><a href="#CredType">CredType Configuration</a></li>
+      <ul><li><a href="#examples">Example Values</li></ul>
+  </li>
+  <li><a href="#unsupported">Known incompatible systems</a></li>
+
+</ul>
+
+
+<h3><a name="about">About AutoAuth</a></h3>
+AutoAuth Plugin is a plugin allowing system admins to configure PHPCredLocker to
+display a 'Log In' button for specific credtypes. When enabled, the plugin
+simply generates a form containing the credentials so that users can log into
+linked systems with one click.
+<br />
+<br />
+
+Thanks to <a href="http://www.joomlasuffolk.co.uk/" target=_blank>Joomla User
+Group Suffolk (JUGS)</a> for the feature suggestion!
+<br />
+
+
+
+<h3><a name="plgConfig">Plugin Configuration</a></h3>
+
+The configuration file contains two options<br />
+
+<ul>
+  <li><b><i>active</i></b> - Is the plugin enabled?</li>
+  <li><b><i>warnredirect</i></b> - Should a Javascript confirm box be displayed before redirecting the user</li>
+</ul>
+
+
+
+<h3><a name="CredType">CredType Configuration</a></h3>
+
+When enabled, the plugin will display additional fields when adding or editing a Credential Type. 
+The settings specified in these will define how credentials are passed to the login script of the linked system, 
+getting them wrong will result in a failed login.<br />
+
+<ul>
+<li><b><i>Enable Auto Login button:</b></i> Should the plugin be enabled for this CredType?</li>
+<li><b><i>Additional address path: </b></i> Specifies any additional URL params that need to be specified to enable login</li>
+<li><b><i>User Field:</b></i> The field name used by the login form of the linked system</li>
+<li><b><i>Password Field:</b></i> The field name use by the login form of the linked system</li>
+<li><b><i>Requires Cookies:</b></i> Some systems require a specific cookie to exist. If this is checked, the target page will be loaded as part of the form (the user won't see it) to ensure all relevant cookies are set. </li>
+<li><b><i>Additional Fields:</b></i> Some systems require additional hidden fields to be submitted. This field allows you to specify names and values in CSV format using key=value (i.e. <i>page=home,action=login</i>)
+</ul>
+<br />
+<h4><a name="examples">Example configurations</a></h4>
+
+<br /><i>Note: These examples assume you've stored the address of the server without a trailing slash (i.e. mysite:2082 rather than mysite:2082/)</i><br />
+
+
+<table class="table table-hover">
+<tr><th></th><th>CPanel</th><th>Webmin</th><th>WordPress</th></tr>
+
+<tr class='confVal'><th>Additional Address Path</th><td>/login</td><td>/session_login.cgi</td><td>/wp-login.php</td></tr>
+
+<tr class='confVal'><th>User Field</th><td>user</td><td>user</td><td>log</td></tr>
+
+<tr class='confVal'><th>Password Field</th><td>pass</td><td>pass</td><td>pwd</td></tr>
+
+<tr class='confVal'><th>Requires Cookie</th><td>No</td><td>Yes</td><td>Yes</td></tr>
+
+<tr class='confVal'><th>Additional Fields</th><td>none</td><td>page=/,</td><td></td></tr>
+</table>
+
+
+
+<h3><a name="unsupported">Known Incompatible</a></h3>
+
+Systems known not to be compatible with AutoAuth's one-click login are
+
+<ul>
+<li>Joomla! - Requires a unique form token to be submitted</li>
+<li>PHPCredLocker - Requires a unique form token to be submitted</li>
+</ul>
+
+Any system which requires a unique form token to be submitted (such as Joomla!) cannot be supported as the token changes with each session/request.
+Systems which simply require a specific cookie to be set (such as Webmin) are supported however, as are those which allow login details 
+to be submitted without further information (such as CPanel/WHM).
+
+
+
+<h3>Login button not displaying</h3>
+
+There are essentially three reasons why the login button may not display after a user has clicked 'Display Password'.<br>
+
+<ol>
+  <li>Plugin not enabled - Check plugins.conf and conf/plugins/AutoAuth/config.php</li>
+  <li>Required field not included - Credential must have URL, User and Password stored for the plugin to trigger</li>
+  <li>Internal plugin fault - Sorry! These have been well tested for, but it's possible something's been missed</li>
+</ol>

--- /dev/null
+++ b/plugins/Blargle/ExternalResources/index.html
@@ -1,1 +1,8 @@
-
+<html>
+  <head>
+    <title></title>
+    <meta content="">
+    <style></style>
+  </head>
+  <body></body>
+</html>

--- a/views/plugins/loaded.php
+++ b/views/plugins/loaded.php
@@ -164,3 +164,29 @@
 
 
 }
+
+
+
+if (isset($plugins->Resources)){
+
+?>
+<h2>Resources Plugins</h2>
+<table class="table table-hover">
+<tr><th>Plugin</th><th>Status</th><th></th></tr>
+<?php
+
+    foreach($plugins->Resources as $plugin=>$status){
+
+    ?>
+    <tr>
+	<td><?php echo $plugin; ?></td><td><?php echo Plugins::transStatus($status);?></td><td><a href="index.php?option=plgInfo&plg=<?php echo $plugin;?>&type=Res">View ReadMe</a></td>
+    </tr>
+    <?php
+    }
+?><table><br /><br /><?php
+
+
+}
+
+
+