Reserved Areas Problem
Autor: Mike G.
Visitado 3479,
Seguidores 4,
Compartilhado 47
I have created a website for a garage and set up 4 sub folders for their customers with reserved areas for them to login. The problem is that even though they have different reserved area names and different usernames & passwords, once a customer has logged in to their own area they have access to all the other areas in the other folders!! Can anyone help please?
Publicado em
V8 or V9 ?
Bernard
Autor
Version 8
Look at your locked pages and take off the other customers!!
www.frankscybercafe.com
Autor
Hi, thanks for the reply, bu my locked pages don't have the other customers on, it is by navigating back to the main garage site (www.diatech-automotive.co.uk) that they are then able to go to another customers sites. My question is as the other sites have different reserved area names.user&password, how are they able to see them?
Not sure if I got your problem right, so I'll show you how I manage my reserved areas in V8. It could help you anyway.
If your locked pages are correctly set, what you describe should not happen.
As an example, let's say that if you have set a locked page (let's call page_1) that is only available for user #1 and a second locked page (let's call it page_2), that should be available only available for user#2. If user #1 logins, he should have access to page_1, but if he tries to access page_2, then he wont be able to do it. Same thing for user#2, if he tries to access page_1.
You achieve that by correctly managing your users and your locked pages.
As shown here, I have a website built in v8 with 3 reserved areas (3 locked pages)
Each of thes pages can be accessed only by the users that are allowed to. For instance, the locked page called Section privée, can be accessed by some members of the website, but not by the others.
To do that, you have to build the list of people who who will be able to connect to your reserved area(s). First, you go in step 4, Advanced settings, Reserved Areas (if I remember, my software is in French). That's where you manage tour users, and where you set the login page they can access. The followin screenshot is an example of a new user, added to the reserved area.
In this example, the user named Group 1, username "testeur", password 123, has been added, and I have decided thas he will have access a reserved area thru the page called "Section privée". This mean that when he needs to log in, he will have to do so by using the page Section privée, in the main menu. WX5 will show a login form on that page, to do so.
In my website, since I have more than one reserved area, I have to determine what access page has to be linked with each user. That's the first step in reserved areas customization in V8.
Next, you go back in step 2, and you select the relevant locked page and click on the LOCK icon, on the top menu, as in the following example:
In the example aboive, I want to manage the access to the reserved area named Section privée, so I've selected it, and next I've clicked on the Lock Icon, as shown, and I was granted granted with this dialog box:
I was able to scroll among all the users currently registered on the website. All I need to do was to select the correct user, in this case Group 1, and tick the checkbox on the left of the name to give him access to this particular reserved area. I then clicked ok, saved and export.
When he logs in, the user called Group1 has the right to access the reserved area called Section privée. During the time he stays logged in, however, he cannot access the two other reserved areas of the website, because I didn't gave him the permissions to do so. If would be able to do it if I repeat the process described above with any of the other reserved areas - or locked pages- of the website.
If your users van access all of your reserved areas, the I assume that they are allowed to, in each of your different locked pages. Simply do as I did and uncheck the relevant users in the different locked pages, as you need.
Dont forget to save and upload, unless your changes wont be taken in charge on your website.
Please note that as long as an user is logged in on your website, he'll be able to navigate in his allowed reserved area without having to log in again.
Feel free to come back if my explanations are not clear, since English is not may language, as you can see with my screenshots.
Bernard
Autor
Hi, Many thanks for taking the time to reply at length. However my problem is a little different. I have 4 different sites in different folders in the main /web folder.
Each site has only one user and one reserved area which have different reserved area names and passwords. If I create different reserved ares on the one site, it does work correctly like you describe.
What happens is if I log into one site then navigate to an other site all the pages of the second site are open to me even though they have been set op with different area user & password!
Hope this makes sense.
You can see how I use the different folder onwww.diatech-automotive.co.ukI have /da1 /da2 /da3 etc.
regards, Mike.
Are you checking that feature with your own username and password as administrator or as a regular user ?
Autor
Hi, as a user, with the username and password defined by the customer.
I have spent sometime in conversation with Frank who was amazingly helpful, it seems that this architecture lets you bypass the security. I am going to try and put login pages on the main site not a direct link to the customer sites.
Autor
Put login pages on the main site with a reserved area for each, when logged in the page has a link over to the customer site. This prevents any customer getting at the other sites now. Only catch is sometimes you have to log in again when you are redirected, but not always. Puzzling, but I will let it lie. BTW None of these pages are bookmarked.
how can we create a way to register new users to access locked pages
Hi everyone. My question is simple. I want to give new users access to locked pages. I have done this and when I have uploaded I have access to the login page but when I attempt to log in with my new password it goes to Forbidden area 403. Can anywone help me on this. You can check out the websitewww.catenians.organd attempt to log in
@Mike G.: I think that's the normal behavior of V8. It checks username and password only at login and then it establishes a session which allow the user to access to all its private areas.
Skipping to other sites placed into subfolders of the same domain, the user can access to other private areas as long as he has the same userid of the other site's user.
It quite complicated to explain. The best way to solve this is to upload the 4 sites on 4 different domains.
Of course, this problem does not occur if the sites are on different domains (different servers).
We have solved this in V9.
To me, it seems that PHP cannot be run on your site. Did you already try to contact your hosting provider?