Creating Password-Protected Pages

From Documentation
Jump to: navigation, search

Creating Password-Protected Pages

The NetObjects Fusion Secure Site package has all the tools needed to build a secure site with password-protected pages. When you add password protection to pages, you protect the page content from being viewed by unregistered users. Visitors will have to sign-up and create a user account before gaining access to the protected pages.

All the information collected from users at signup will be stored permanently in a flat file database file which can easily imported into third-party applications, such as Microsoft Excel and Microsoft Access. The registered users will be able to change their passwords and request to have their forgotten passwords sent by e-mail. The site Administrator will be able to notify registered users regarding any changes in the user accounts.

The NetObjects Secure Site package consists of 7 components:

  • Admin Component, which allows the site owner to manage user accounts.
  • Signup Component, which allows the user to sign up for a new account with the user name, password, and additional data.
  • Secure Page Component, which prompts users for their user ID and password and denies access to the protected pages without that information.
  • Login Component, which handles the process of user sign in and validation.
  • Logout Component, which signs users out of their account.
  • Change Password Component, which users can use to change their passwords.
  • Get Password Component, which allows users to request their user name and password via e-mail if they cannot provide the information.

Placing the Admin Component on a Page

  1. In Page view, from the Custom Components menu, select NOF Secure Site > Admin.
  2. Draw a box on the Layout to indicate where you want to position the Secure Site Admin component.

The NOF Secure Site dialog appears.

  1. If you have not created a Component Suite, create a new one by typing a name for the suite in the New name field. To include the component as part of an existing suite, click the Existing radio button and select the Component Suite that you want to add the component to. See Using Component Suites.
  2. From the Profile drop-down list, select the settings profile that you want to use for the component. If you have not created a settings profile, the default profile will be used. See Creating Component Profiles.
  3. Click OK to close the NOF Secure Site dialog.

The Admin dialog box appears.

  1. On the Account tab, enter the user name and password that you to be used to log-in to the Admin area and manage user accounts.
  2. Click the New users login without administrator approval check box to allow visitors to access secure pages immediately after filling out the signup form.
  3. Click the Notify the admin in case of a new signup so the email that the user receives after signing up will also be sent to the administrator. The administrator email address is to be filled in on the General tab in the E-mail field.
  4. Click the Access Denied tab and choose the page in your site that will display when the visitor does not enter a valid user name or password. For example, you could have the log in page refresh, or you could direct visitors to the page containing the Secure Site Sign up component.
  5. On the General tab, configure the following settings:
  • Click the Publish scripts in debug mode check box to view in-depth troubleshooting information should the component not function properly when published.
  • Select the language (English or German) of your component script.
  • In the Path to database field, enter the path to the flat file database file where you registered users information is to be stored. The default database file is db/users.csv.
  • Click the Wizard button to launch the DB Creation Wizard. See Using the DB Creation Wizard.

If you do not use the Wizard button next to the Database field and you leave ../db/users.csv in the default value, then you will have to manually create the /db folder on the server (in the folder where you publish the site) and grant write permission to the /db folder.

  • Enter the Server (IP) address and Port of the server that will handle sending e-mails confirming new user accounts. Consult your host provider or site administrator to obtain this information.
  • In the E-mail field, enter the e-mail address to which you want new users' signup notifications to be sent. The Secure Site Administrator will receive an e-mail each time a new user creates an account.
  • In the From field, enter the e-mail address from which you want to send visitors e-mails confirming that their account has been successfully created.
  • If necessary check the smtp requires authentication check box and then fill in the Username and the Password fields with the SMTP user name and password.
  • Check the smtp requires ssl check box if the SMTP server requires a secure connection (SSL).

Note: Consult your host provider or site administrator to obtain details about the authentication and/or SSL possibly required by the SMTP server.

Note: The secure connection (SSL) and authentication for an SMTP server are used by some host providers to increase security and stem the flow of email messages propagating spam, viruses, and worms.

  1. To save the Admin Component settings as a profile that you can apply to additional NOF Secure Site components that you add to your site, click Save Profile. See Creating Component Profiles.
  2. Click OK to close the Admin dialog.

For increased protection from unauthorized access, you can exclude the admin page from navigation so that visitors will not see the page in the navigation bar. To exclude a page from navigation, select the page in Site View and click the Exclude from Navigation check box on the Page Properties panel.

Adding the Signup Component to a Page

Using the Signup component, you can create the form that visitors need to create an account and gain access to secure pages.

  1. In Page view, from the Custom Components menu, select NOF Secure Site > Signup.
  2. Draw a box on the page where you want to place the Secure Site Signup component. The NOF Secure Site dialog appears.
  3. If you have not created a Component Suite, create a new one by typing a name for the suite in the New name field. To include the component as part of an existing suite, click the Existing radio button and select the Component Suite that you want to add the component to. See Using Component Suites.
  4. From the Profile drop-down list, select the settings profile that you want to use for the component. If you have not created a settings profile, the default profile will be used. See Creating Component Profiles.
  5. Click OK to close the NOF Secure Site dialog.

The Signup dialog appears.

  1. Follow the steps for configuring the Signup Component settings as described in this section.

Configuring the Secure Site Form Labels and Objects

After you have placed the Signup Component on your site, you can customize the form that visitors fill out to sign up for access to password-protected pages. You can modify text labels and apply CSS styles to the default form labels. You can also add additional form labels and corresponding objects-such as text boxes, check boxes, and radio buttons-to collect additional information. For example, if you wanted to obtain additional information from visitors who are registering to use your site, you can add an additional text box in which the user can enter that information.

Usually, when you first place a Signup component on the Layout of a page in NetObjects Fusion, the Signup dialog box appears. If you close the dialog box and you want to configure the component setting in a future moment of time, follow the next steps:

  1. Select the component on the Layout. You will see the NOF _Name of the Component_Properties window.
  2. Click on Click to edit and then press the (..) button.

Customizing Secure Site Form Labels

On the Fields tab of the Signup dialog, configure the labels that will appear on the signup form next to the corresponding form object. The default labels are listed in the left-hand pane of the Signup dialog box.

  1. Edit the default label text by selecting the label you want to change and replacing the text in the Label field.
  2. Add a new label and form object by clicking the add (+) button, selecting Standard Controls and entering a name for the field in the Name text field.

If you remove the Captcha label, you can add it back by clicking the add (+) button, and selecting Captcha from the Custom Controls section.

When you add a new form label, a corresponding form object is also created. Select the desired form object type from the Type drop-down menu. Form objects are used to define the type of input a user enters in a form. For example, a visitor can type text in a text field or select a check box to respond to questions on a form. Text fields and check boxes are types of form objects.

The default form object for new items is a single-line text field, but you can also choose to add a text box, radio button, check box, and button.

  1. To remove a label and its form object, select the label and click the remove (-) button.
  2. To change the order in which form elements will appear on the Signup form, click the label name and move the label on the form using the up and down arrows.
  3. On the Field tab of the Signup dialog, configure the labels that will appear on the form, as well as the appearance of the Submit button.

Customizing Secure Site Form Objects

On the Field tab of the Signup Page dialog box, you can set the properties for the form objects corresponding to the labels that appear on the signup form. The Control Settings section will display the properties for each label relative to the form object type.

Specifying Error Events for Signup Form Elements

You can assign validation requirements for each form field so that the form cannot be successfully submitted unless all of the required fields are completed correctly. For example, you can apply a rule for a text box so that the site visitor is required to enter text before submitting the form. If the site visitor leaves the text field blank and submits the form, the form will refresh with error markers, and the visitor will not be able to submit the form until all fields with errors are completed correctly.

  1. In the Signup dialog, click the label for the form element that you want to apply validation options.
  2. Click the Error events tab.
  3. Select a validation requirement from the Error event drop-down list.Available error events will vary depending on the type of form object to which the error event is being applied.
  4. Click the Active to check box so that the error event will be activated on the form.
  5. You can also suspend validation requirements for the form element by clearing the Active check box.
  6. Edit the default error message text by replacing the default text in the Message field.
  7. Error messages for each form element that did not meet validation requirements will appear below the form.
  8. To apply a custom CSS style to the form object, type the name of the CSS style in the text box or select the style from the drop-down list.

Adding the Secure Page Component

You can easily add password protection to your site pages by dropping the Secure Page component on any site pages you want to protect.

  1. In Page view, click the page you want to protect.
  2. From the Custom Components menu, select NOF Secure Site > Secure Page.
  3. Draw a box on the Layout to indicate where you want to position the Secure Page component.

The NOF Secure Site dialog appears.

  1. If you have not created a Component Suite, create a new one by typing a name for the suite in the New name field. To include the component as part of an existing suite, click the Existing radio button and select the Component Suite that you want to add the component to. See Using Component Suites.
  2. From the Profile drop-down list, select the settings profile that you want to use for the component. If you have not created a settings profile, the default profile will be used. See Creating Component Profiles.
  3. Click OK to close the NOF Secure Site dialog.

The Secure Page dialog appears.

  1. On the Security tab, configure the following settings:
  • Show secure logo. Allows you to add an image that indicates that the page is secure from entry.
  • Users that can access this page. Indicates if the page is accessible for administrators only or normal users.
  1. On the Access Denied tab, select the page of your site to which visitors will be redirected if they do not enter a valid user name or password.

For example, you could place both the Signup and Login components on the same page and choose this as the page that refreshes in the browser so that visitors can either re-enter their user name and password or sign up for access.

  1. On the General tab, configure the following settings:

Script type displays either ASP or PHP, depending on settings from the General tab of the Current Site Options dialog.

  • Click the Publish scripts in debug mode check box to view in-depth troubleshooting information should the component not function properly when published.
  • Select the language (English or German) of your component script.
  • In the Path to database field, enter the path to the flat file database file where you registered users information is to be stored. The default flat file database file is db/users.csv.
  • Click the Wizard button to launch the DB Creation Wizard.

If you do not use the Wizard button next to the Database field and you leave ../db/users.csv in the default value, then you will have to manually create the /db folder on the server (in the folder where you publish the site) and grant write permission to the /db folder.

  • Enter the Server (IP) address and Port of the server that will handle sending e-mails confirming new user accounts. Consult your host provider or site administrator to obtain this information.
  • In the E-mail field, enter the e-mail address to which you want new users' signup notifications to be sent.The Secure Site Administrator will receive an e-mail each time anew user creates an account.
  • In the From field, enter the e-mail address from which you want to send visitors e-mails confirming that their account has been successfully created.
  • If necessary check the smtp requires authentication check box and then fill in the Username and the Password fields with the SMTP user name and password.
  • Check the smtp requires ssl check box if the SMTP server requires a secure connection (SSL).

Note: Consult your host provider or site administrator to obtain details about the authentication and/or SSL possibly required by the SMTP server.

Note: The secure connection (SSL) and authentication for an SMTP server are used by some host providers to increase security and stem the flow of email messages propagating spam, viruses, and worms.

  1. To save the Secure Page Component settings as a profile that you can apply to additional NOF Secure Site components that you add to your site, click Save Profile. See Creating Component Profiles.
  2. Click OK to close the Secure Page dialog.

Adding the Login Component

The Login component is used to create the form in which visitors will enter their user name and password to gain access to your protected pages.

  1. In Page view, from the Custom Components toolbox, select NOF Secure Site > Login.
  2. Draw a box on the Layout to indicate where you want to position the Login component.

The NOF Secure Site dialog appears.

  1. If you have not created a Component Suite, create a new one by typing a name for the suite in the New name field. To include the component as part of an existing suite, click the Existing radio button and select the Component Suite that you want to add the component to. See Using Component Suites.
  2. From the Profile drop-down list, select the settings profile that you want to use for the component. If you have not created a settings profile, the default profile will be used. See Creating Component Profiles.
  3. Click OK to close the NOF Secure Site dialog.

The Login dialog appears.

  1. On the Fields tab of the Login dialog, you can set the properties for the form labels and objects that appear on the Login form, as well as establish the error events.
  2. Click the Page tab to configure error and success handling events:
  • In the Error Handling section, Check the Show error messages check box to display error messages when the site visitor enters incorrect log-in information. The log-in form will display error messages beneath the controls at the bottom of the page.

Check the Show error marker check box to display an error marker (symbol) to indicate the invalid input text, where the site visitor has incorrectly filled in a field. The error marker will be displayed between the field's label and the field.

Use the browse button to choose a different image for the error marker.

  • In the Success Handling Section, Set the Success-Handling Options:
  • In the Success Handling field, choose the page where the site visitor will be redirected after successfully logging in to the site. If a valid user name and password are entered, the site visitor will automatically be redirected to the selected success page. For example, you could choose to have the Home page refresh in the browser after visitor logs in successfully.
  1. On the General tab, configure the following settings:
  • Click the Publish scripts in debug mode check box to view in-depth troubleshooting information should the component not function properly when published.
  • Select the language (English or German) of your component script.
  • In the Path to database field, enter the path to the flat file database file where you registered users information is to be stored. The default database file is db/users.csv.
  • Click the Wizard button to launch the DB Creation Wizard. See Using the DB Creation Wizard.

If you do not use the Wizard button next to the Database field and you leave ../db/users.csv in the default value, then you will have to manually create the /db folder on the server (in the folder where you publish the site) and grant write permission to the /db folder.

  • Enter the Server (IP) address and Port of the server that will handle sending e-mails confirming new user accounts. Consult your host provider or site administrator to obtain this information.
  • In the E-mail field, enter the e-mail address to which you want new users'signup notifications to be sent.The Secure Site Administrator will receive an e-mail each time anew user creates an account.
  • In the From field, enter the e-mail address from which you want to send visitors e-mails confirming that their account has been successfully created.
  • If necessary check the smtp requires authentication check box and then fill in the Username and the Password fields with the SMTP user name and password.
  • Check the smtp requires ssl check box if the SMTP server requires a secure connection (SSL).

Note: Consult your host provider or site administrator to obtain details about the authentication and/or SSL possibly required by the SMTP server.

Note: The secure connection (SSL) and authentication for an SMTP server are used by some host providers to increase security and stem the flow of email messages propagating spam, viruses, and worms.

  1. To save the Login Component settings as a profile that you can apply to additional NOF Secure Site components that you add to your site, click Save Profile. See Creating Component Profiles.
  2. Click OK to close the Login dialog.

You cannot add the Login component to a page containing a Secure Site component.

Adding the Logout Component

The Logout component adds a button that allows a user to "sign out" of your site.

  1. In Page view, from the Custom Components toolbox, select NOF Secure Site > Logout. The NOF Secure Site dialog appears.
  2. If you have not created a Component Suite, create a new one by typing a name for the suite in the New name field. To include the component as part of an existing suite, click the Existing radio button and select the Component Suite that you want to add the component to. See Using Component Suites.
  3. From the Profile drop-down list, select the settings profile that you want to use for the component. If you have not created a settings profile, the default profile will be used. See Creating Component Profiles.
  4. Click OK to close the NOF Secure Site dialog.

The Logout dialog appears.

  1. On the Fields tab of the Logout dialog, you can choose to display the log-out button as a text button, image button, or text link.
  2. Click the Page tab to configure error and success handling events for the log-out button.
  3. On the General tab, configure the following settings:
  • Click the Publish scripts in debug mode check box to view in-depth troubleshooting information should the component not function properly when published.

Script type displays either ASP or PHP, depending on settings from the General tab of the Current Site Options dialog.

  • Select the language (English or German) of your component script.
  • In the Path to database field, enter the path to the flat file database file where you registered users information is to be stored. The default database file is db/users.csv.
  • Click the Wizard button to launch the DB Creation Wizard. See Using the DB Creation Wizard.

If you do not use the Wizard button next to the Database field and you leave ../db/users.csv in the default value, then you will have to manually create the /db folder on the server (in the folder where you publish the site) and grant write permission to the /db folder.

  • Enter the Server (IP) address and Port of the server that will handle sending e-mails confirming new user accounts. Consult your host provider or site administrator to obtain this information.
  • In the E-mail field, enter the e-mail address to which you want new users'signup notifications to be sent.The Secure Site Administrator will receive an e-mail each time anew user creates an account.
  • In the From field, enter the e-mail address from which you want to send visitors e-mails confirming that their account has been successfully created.
  • If necessary check the smtp requires authentication check box and then fill in the Username and the Password fields with the SMTP user name and password.
  • Check the smtp requires ssl check box if the SMTP server requires a secure connection (SSL).

Note: Consult your host provider or site administrator to obtain details about the authentication and/or SSL possibly required by the SMTP server.

Note: The secure connection (SSL) and authentication for an SMTP server are used by some host providers to increase security and stem the flow of email messages propagating spam, viruses, and worms.

  1. To save the Logout Component settings as a profile that you can apply to additional NOF Secure Site components that you add to your site, click Save Profile. See Creating Component Profiles.
  2. Click OK to close the Logout dialog.

Adding the Secure Site Admin Component

This Secure Site Admin component allows the site administrator to view a table containing information about registered site visitors, such as personal data and account status. The administrator can log in to this page from the published site to validate and invalidate user accounts, add and remove users accounts, view and edit the user details, and also provide administrative rights to a regular user.

There are 3 types of users of a website:

  • Visitors, who will not have access to the restricted pages.
  • Registered users, who have access to the restricted pages, except for the site administrator's page.
  • Administrators, who have access to all the pages of the site, including the Admin component.

The page that hosts the Admin Component is a secure page, which can be viewed by the administrator on a published site. This component has the ability to send an e-mail to the user when the administrator validates/invalidates a user account.

Adding the Change Password Component

By adding the Change Password component on your site, you can allow visitors to change their account password directly on the published site. With the Change Password component, visitors can change their password automatically without having to contact the site administrator.

  1. In Page view, from the Custom Components menu, select NOF Secure Site > Change Password.
  2. Draw a box on the Layout to indicate where you want to position the Change Password Component.

The NOF Secure Site dialog appears.

  1. If you have not created a Component Suite, create a new one by typing a name for the suite in the New name field. To include the component as part of an existing suite, click the Existing radio button and select the Component Suite that you want to add the component to. See Using Component Suites.
  2. From the Profile drop-down list, select the settings profile that you want to use for the component. If you have not created a settings profile, the default profile will be used. See Creating Component Profiles.
  3. Click OK to close the NOF Secure Site dialog.

The Change Password dialog appears.

  1. On the Fields tab of the Change Password dialog, you can set the properties for the form labels and objects that appear on the Change Password form, as well as establish the error events.
  2. Click the Page tab to configure error and success handling events:
  • In the Error Handling section, Check the Show error messages check box to display error messages when the site visitor fills in the form incorrectly. The Change Password form will display error messages beneath the controls at the bottom of the page.
  • Check the Show error marker check box to display an error marker (symbol) to indicate the invalid input text, where the site visitor has incorrectly filled in a field. The error marker will be displayed between the field's label and the field.
  • Use the browse button to choose a different image for the error marker.
  • In the Success Handling Section, Set the Success-Handling Options.
  • In the Success Handling field, choose the page where the site visitor will be redirected after changing their password.
  1. On the General tab, configure the following settings:
  • Click the Publish scripts in debug mode check box to view in-depth troubleshooting information should the component not function properly when published.
  • Select the language (English or German) of your component script.
  • In the Path to database field, enter the path to the flat file database file where you registered users information is to be stored. The default database file is db/users.csv.
  • Click the Wizard button to launch the DB Creation Wizard .

If you do not use the Wizard button next to the Database field and you leave ../db/users.csv in the default value, then you will have to manually create the /db folder on the server (in the folder where you publish the site) and grant write permission to the /db folder.

  • Enter the Server (IP) address and Port of the server that will handle sending e-mails confirming password changes. Consult your host provider or site administrator to obtain this information.
  • In the E-mail field, enter the e-mail address to which you want new users' signup notifications to be sent. The Secure Site Administrator will receive an e-mail each time a new user creates an account.
  • In the From field, enter the e-mail address from which you want to send e-mails confirming successful password changes to users.
  • If necessary check the smtp requires authentication check box and then fill in the Username and the Password fields with the SMTP user name and password.
  • Check the smtp requires ssl check box if the SMTP server requires a secure connection (SSL).

Note: Consult your host provider or site administrator to obtain details about the authentication and/or SSL possibly required by the SMTP server.

Note: The secure connection (SSL) and authentication for an SMTP server are used by some host providers to increase security and stem the flow of email messages propagating spam, viruses, and worms.

  1. To save the Change Password component settings as a profile that you can apply to additional NOF Secure Site components that you add to your site, click Save Profile. See Creating Component Profiles.
  2. Click OK to close the Change Password dialog.

Adding the Get Password Component

By adding the Get Password component on your site, you can allow visitors to receive their log-in information via e-mail if they either forget or do not have access to this information. With the Get Password component, visitors can receive the log-in information automatically without having to contact the site administrator.

  1. In Page view, from the Custom Components menu, select NOF Secure Site > Get Password.
  2. Draw a box on the Layout to indicate where you want to position the Get Password Component.

The NOF Secure Site dialog appears.

  1. If you have not created a Component Suite, create a new one by typing a name for the suite in the New name field. To include the component as part of an existing suite, click the Existing radio button and select the Component Suite that you want to add the component to. See Using Component Suites.
  2. From the Profile drop-down list, select the settings profile that you want to use for the component. If you have not created a settings profile, the default profile will be used. See Creating Component Profiles.
  3. Click OK to close the NOF Secure Site dialog.

The Get Password dialog appears.

  1. On the Fields tab of the Get Password dialog, you can set the properties for the form labels and objects that appear on the form, as well as establish the error events.
  2. Click the Page tab to configure error and success handling events:
  • In the Error Handling section, Check the Show error messages check box to display error messages when the site visitor incorrectly fills in the form. The form will display error messages beneath the controls at the bottom of the page.
  • Check the Show error marker check box to display an error marker (symbol) to indicate the invalid input text, where the site visitor has incorrectly filled in a field. The error marker will be displayed between the field's label and the field.

Use the browse button to choose a different image for the error marker.

  • In the Success Handling Section, Set the Success-Handling Options.

In the Success Handling field, choose the page where the site visitor will be redirected after successfully requesting their user name and password. For example, you could choose to have the a page refresh in the browser letting the visitor know that their account information will be sent to them via e-mail.

  1. On the General tab, configure the following settings:
  • Click the Publish scripts in debug mode check box to view in-depth troubleshooting information should the component not function properly when published.
  • Select the language (English or German) of your component script.
  • In the Path to database field, enter the path to the flat file database file where you registered users information is to be stored. The default database file is db/users.csv.
  • Click the Wizard button to launch the DB Creation Wizard. See Using the DB Creation Wizard.

If you do not use the Wizard button next to the Database field and you leave ../db/users.csv in the default value, then you will have to manually create the /db folder on the server (in the folder where you publish the site) and grant write permission to the /db folder.

  • Enter the Server (IP) address and Port of the server that will handle sending e-mails with requested account information. Consult your host provider or site administrator to obtain this information.
  • In the E-mail field, enter the e-mail address to which you want new users'signup notifications to be sent. The Secure Site Administrator will receive an e-mail each time a new user creates an account.
  • In the From field, enter the e-mail address from which you want to send users their log-in information.
  • If necessary check the smtp requires authentication check box and then fill in the Username and the Password fields with the SMTP user name and password.
  • Check the smtp requires ssl check box if the SMTP server requires a secure connection (SSL).

Note: Consult your host provider or site administrator to obtain details about the authentication and/or SSL possibly required by the SMTP server.

Note: The secure connection (SSL) and authentication for an SMTP server are used by some host providers to increase security and stem the flow of email messages propagating spam, viruses, and worms.

  1. To save the Get Password Component settings as a profile that you can apply to additional NOF Secure Site Components that you add to your site, click Save Profile. See Creating Component Profiles.
  2. Click OK to close the Get Password dialog.