2. Logging in and out
2.1 Logging in
2.2 Logging out
3. Forgotten your password?
4. Error messages
4.1 Incorrect User name or password
4.2 Too many login attempts
4.3 Auto logout
4.4 Access denied
4.5 One-time code error
5.1 A link from public- to a private Area
5.2 Do not change a password!
6. Concluding remarks
Remembering your password and keeping it safe, or asking for a new one directly from the webmaster, is always much easier than using the Internet password renewal procedure.
It is a good idea to choose a password of more than six characters long. A good password, for example, is 'Mrbh3ws!' (omit the quotes). This password is easy to remember when you know it stands for the sentence: "My red bike has 3 wheels!". This makes it a good password because it is quite difficult to guess when you do not know the original sentence. Using this method is an easy way for pupils to create difficult passwords and yet still remember them.
NOTE: When creating Users and assigning them passwords, the passwords must meet the above requirements.
NOTE: Regular visitors (1) are just visitors, having no
access at all.
Users with Intranet read access (2) can login via the site, i.e. via
Users (3) with sufficient permissions to undertake management tasks can login via the standard login dialogue, i.e. via
A User with only Intranet read permissions, who
accidentally or deliberately tries to log in using
admin.php, is allowed to log in, but encounters
the Access denied dialogue:
The User can now either:
NOTE: Newly created Users, whose access permissions have not been set, receive the same Access denied message.
Logging in can be done via
admin.php. When switching from site access to
management access or vice versa, the User does not have to
login again. When logging out of the site, the User is also
logged out of Website@School management mode, and vice
NOTE: When the User tries to log in again, he can be immediately redirected to another site, please read 4.4 After login attempt redirected to the website
Open a browser and go to http://exemplum.eu/admin.php. This
is a fictional URL, replace it with the real URL of your
school. Only replace the URL of the school,
but keep the
Next, [Enter] To start the login dialogue:
After a successful login, you are positioned on the Website@School Welcome page:
The Website@School is managed from this page.
NOTE: The following URL opens the login screen in a
particular language (in this case Finnish):
For details on the country codes to choose for the desired language, see: http://www.w3.org/WAI/ER/brIG/ert/iso639.htm.
Ignore the 'obsolete' in the above web page as it works fine.
For further details on this matter, see Wikipedia on http://en.wikipedia.org/wiki/ISO_639.
NOTE: Do not terminate your session by exiting your browser or clicking the X in the upper right corner of your browser. This drastic action will indeed terminate your session, but it does not unlock the items you were working with. On the next login attempt, you may be confronted with locked pages, see paragraph 4.3 Locked pages.
To end your session in Website@School, click the link logout Full Name in the upper right hand corner of the screen to log out. The logout dialogue opens:
After logging out, two possibilities are available:
Click the Forgotten your password? link in the login dialogue to enter the Please enter your username and email address and press the button. dialogue:
Enter your username and the email address that was used when
the account was created. Press the [Enter] key on your keyboard
or click the [OK] button.
The Please see your email for further instructions. dialogue opens:
NOTE: If at this point, you suddenly remember your old password, you can close the pop-up window by clicking on the X in the upper right corner, but do not press the [OK] button in the Please see your email for further instructions. dialogue. After pressing the [OK] button, your old password will not be usable anymore!
Here is an example of the email that will be sent to you:
Subject: One-time login code request Date: Fri, 17 Dec 2010 22:27:16 +0100 From: Exemplum Primary School <email@example.com> To: firstname.lastname@example.org (Wilhelmina Bladergroen) Here is a link with a one-time code that will allow you to request a new, temporary password. Copy the link below to the address bar in your browser and press [Enter]: http://exemplum.org/index.php?login=4&username=hparkh&code=BEJZ51CYT9F6KPHPS05W Alternatively, you can go to this location: http://exemplum.org/index.php?login=4 and enter your username and this one-time code: X8XDCOE2X0M2RYQRGJLY Note that this code is valid for only 30 minutes. The request for this one-time code was received from this address: 172.17.2.23 Good luck! Your automated webmaster
If the first URL fails (see 4.5 One-time code error), copy the one-time code and use the second URL.
Press the [OK] button, then the Please enter your username and one-time code and press the button. dialogue opens:
Enter the one-time code and press the [Enter] key on your keyboard or use the [OK] button, to enter the Please see your email for your new temporary password. dialogue:
A second email is sent to you containing a temporary password. The password is temporary because it can only be used for one login and then it expires.
Subject: One-time login code request Date: Fri, 17 Dec 2010 22:30:17 +0100 From: Exemplum Primary School <email@example.com> To: firstname.lastname@example.org (Wilhelmina Bladergroen) Here is your temporary password: 9Y5tUk4q Note that this password is valid for only 30 minutes. The request for this temporary password was received from this address: 172.17.2.23 Good luck! Your automated webmaster
Enter the username and copy and paste the one-time password into the password field:
Press Enter or the [OK] button, to enter the You have to change your password now. dialogue:
NOTE: The new password may not be the same as the one-time password or the previous forgotten password!
In the pop-up window, click [OK] to close it. Next, click [OK] and enter the site. Go to My page, select admin.php and you are in Website@School management.
An email confirming the change of password will also be sent to you.
Subject: One-time login code request Date: Fri, 17 Dec 2010 22:33:18 +0100 From: Exemplum Primary School <email@example.com> To: firstname.lastname@example.org (Wilhelmina Bladergroen) Your password has been changed. The password change request was received from address 172.17.2.23 on 2010-12-17 22:35:48. Kind regards, Your automated webmaster.
As you may have noticed, changing your password is, for security reasons, a long process. It is far easier to remember your secure password, or request a new one directly from the webmaster.
If an incorrect username/password combination has been entered, the following pop-up window with an error message will be displayed.
NOTE: Do not continue to try entering a password which you may have forgotten. After ten attempts (by default), you are taken to the Forgotten your password? dialogue. See paragraph 3. Forgotten your password? for renewing it.
The forgotten password procedure requires a username and email address. If a incorrect username/email combination has been entered, an alert box with an error message 'Invalid username and email address' is displayed. After pressing the [OK] button to close the alert window, there is another chance to enter the correct username/email combination. The number of attempts allowed is limited (by default only a maximum of ten reties).
If more than the allowed login attempts are exceeded, the username will be locked out for a configurable amount of time (default is eight minutes) and no login attempts can be made.
When the maximum log on attempts have been exceeded, the following message is displayed:
And if further login attempts are made, the following message is displayed:
This Login denial is a security feature to protect Website@School against automated password cracking attempts. After the default time period has passed (default eight minutes), logins can again be attempted.
If a login session lasts longer than twenty-four hours, the User is automatically logged out.
Close the pop-up message window and attempt a login again. This feature can be set in 'Session expiry interval', see chapter Configuration Manager, paragraph Site.
This message is displayed when the User has no permission to enter Website@school Management function. Click on one of the displayed link to continue.
Another frequent reason for this error can be when the webmaster has created a new User account, but has forgotten to assign the permission to the User to enter the Website@School management function.
Some browsers and some email clients have problems with the full URL sent with the one-time code email. In that case, the following message is displayed:
If this happens, simply copy the second URL into your browser and copy and paste the one-time code into the One-time code field.
If a User has been found to be guilty of malicious conduct
then it is advisable not to change the User's password to
prevent logging in, but simply make this User inactive or
delete the User's account completely.
The reason behind this advice is: if the administrator changes the password, the User still can request a new password and log in again.
Bear in mind that deleting the account also deletes everything in the User's 'My Files' directory.