WebSite X5Help Center

 
Mike G.
Mike G.
User

Reserved Areas Problem  en

Autor: Mike G.
Visitado 3479, Seguidores 4, Compartilhado 47  

I have created a website for a garage and set up 4 sub folders for their customers with reserved areas for them to login. The problem is that even though they have different reserved area names and different usernames & passwords, once a customer has logged in to their own area they have access to all the other areas in the other folders!! Can anyone help please?

Publicado em
12 RESPOSTAS - 1 ÚTIL
BmT 3000
BmT 3000
User

V8 or V9 ?

Bernard

Ler mais
Publicado em de BmT 3000
Mike G.
Mike G.
User
Autor

Version 8

Ler mais
Publicado em de Mike G.
Cheeky Man
Cheeky Man
User

Wink

Look at your locked pages and take off the other customers!!

www.frankscybercafe.com

Ler mais
Publicado em de Cheeky Man
Mike G.
Mike G.
User
Autor

Hi, thanks for the reply, bu my locked pages don't have the other customers on, it is by navigating back to the main garage site (www.diatech-automotive.co.uk) that they are then able to go to another customers sites. My question is as the other sites have different reserved area names.user&password, how are they able to see them?

Ler mais
Publicado em de Mike G.
BmT 3000
BmT 3000
User

Not sure if I got your problem right, so I'll show you how I manage my reserved areas in V8. It could help you anyway.

If your locked pages are correctly set, what you describe should not happen.

As an example, let's say that if you have set a  locked page (let's call page_1) that is only available for user #1 and a second locked page (let's call it page_2), that should be available only available for user#2. If user #1 logins, he should have access to page_1, but if he tries to access page_2, then he wont be able to do it. Same thing for user#2, if he tries to access page_1.

You achieve that by correctly managing your users and your locked pages.

As shown here, I have a website built in v8 with 3 reserved areas (3 locked pages)

zone_4

Each of thes pages can be accessed only by the users that are allowed to.  For instance, the locked page called Section privée, can be accessed by some members of the website, but not by the others.

To do that, you have to build the list of people who who will be able to connect to your reserved area(s). First, you go  in step 4, Advanced settings, Reserved Areas (if I remember, my software is in French). That's where you manage tour users, and where you set the login page they can access. The followin screenshot is an example of a new  user, added to the reserved area.

zone_2 

In this example, the user named Group 1, username "testeur", password 123, has been added, and I have decided thas he will have access a reserved area thru the page called "Section privée". This mean that when he needs to log in, he will have to do so by using the page Section privée, in the main menu. WX5 will show a login form on that page, to do so.

In my website, since I have more than one reserved area, I have to determine what access page has to be linked with each user. That's the first step in reserved areas customization in V8.

Next, you go back in step 2, and you select the relevant locked page and click on the LOCK icon, on the top menu, as in the following example:

zone_2

In the example aboive, I want to manage the access to the reserved area named Section privée, so I've selected it, and next I've clicked on  the Lock Icon, as shown, and I was granted granted with this dialog box:

zone 3

I was able to scroll among  all the users currently registered on the website. All I need to do was to select the correct user, in this case Group 1, and tick the checkbox on the left of the name to give him access to this particular reserved area. I then clicked ok, saved and export.

When he logs in, the user called Group1 has the right to access the reserved area called Section privée. During the time he stays logged in, however, he cannot access the two other reserved areas of the website, because I didn't gave him the permissions to do so. If would be able to do it if I repeat the process described above with any of the other reserved areas - or locked pages- of the website.

If your users van access all of your reserved areas, the I assume that they are allowed to, in each of your different locked pages. Simply do as I did and uncheck the relevant users in the different locked pages, as you need.

Dont forget to save and upload, unless your changes wont be taken in charge on your website.

Please note that as long as an user is logged in on your website, he'll be able to navigate in his allowed reserved area without having to log in again.

Feel free to come back if my explanations are not clear, since English is not may language, as you can see with my screenshots.

Bernard

Ler mais
Publicado em de BmT 3000
Mike G.
Mike G.
User
Autor

Hi, Many thanks for taking the time to reply at length. However my problem is a little different. I have 4 different sites in different folders in the main /web folder.

Each site has only one user and one reserved area which have different reserved area names and passwords. If I create different reserved ares on the one site, it does work correctly like you describe.

What happens is if I log into one site then navigate to an other site all the pages of the second site are open to me even though they have been set op with different area user & password!

Hope this makes sense.

You can see how I use the different folder onwww.diatech-automotive.co.ukI have /da1 /da2 /da3 etc.

regards, Mike.

Ler mais
Publicado em de Mike G.
BmT 3000
BmT 3000
User

Are you checking that feature with your own username and password as administrator or as a regular user ?

Ler mais
Publicado em de BmT 3000
Mike G.
Mike G.
User
Autor

Hi, as a user, with the username and password defined by the customer.

I have spent sometime in conversation with Frank who was amazingly helpful, it seems that this architecture lets you bypass the security. I am going to try and put login pages on the main site not a direct link to the customer sites.

Ler mais
Publicado em de Mike G.
Mike G.
Mike G.
User
Autor

Put login pages on the main site with a reserved area for each, when logged in the page has a link over to the customer site. This prevents any customer getting at the other sites now. Only catch is sometimes you have to log in again when you are redirected, but not always. Puzzling, but I will let it lie. BTW None of these pages are bookmarked.

Ler mais
Publicado em de Mike G.
ken M.
ken M.
User

how can we create a way to register new users to access locked pages

Ler mais
Publicado em de ken M.
Brian McCarthy McCarthy
Brian McCarthy McCarthy
User

Hi everyone. My question is simple. I want to give new users access to locked pages. I have done this and when I have uploaded I have access to the login page but when I attempt to log in with my new password it goes to Forbidden area 403. Can anywone help me on this. You can check out the websitewww.catenians.organd attempt to log in

Ler mais
Publicado em de Brian McCarthy McCarthy
Incomedia
Claudio N.
Incomedia

@Mike G.: I think that's the normal behavior of V8. It checks username and password only at login and then it establishes a session which allow the user to access to all its private areas.

Skipping to other sites placed into subfolders of the same domain, the user can access to other private areas as long as he has the same userid of the other site's user.

It quite complicated to explain. The best way to solve this is to upload the 4 sites on 4 different domains.

Of course, this problem does not occur if the sites are on different domains (different servers).

We have solved this in V9.

Brian McCarthy McCarthy
Hi everyone. My question is simple. I want to give new users access to locked pages. I have done this and when I have uploaded I have access to the login page but when I attempt to log in with my new password it goes to Forbidden area 403. Can anywone help me on this. You can check out the website www.catenians.org and attempt to log in

To me, it seems that PHP cannot be run on your site. Did you already try to contact your hosting provider?

Ler mais
Publicado em de Claudio N.