Website@School Users' Guide
Prev		Next

Logging in and out

1. Introduction
1.1 Features
1.2 Assumptions
1.3 Password requirements

2. Logging in and out
2.1 Logging in
2.2 Logging out

3. Forgotten your password?

4. Error messages
4.1 Wrong user name or password
4.2 Too many login attempts
4.3 Auto logout
4.4 Access denied

5. Concluding remarks

1. Introduction

This chapter describes the log in and log out procedure for the different users of website@School, password requirements and how to renew your password when you forgot it. This last procedure is rather well secured (thus complicated), because it is accessible via the web. You do not want someone to tamper with your valuable password.
Believe us, remembering your password is much easier than the password refresh procedure.
Furthermore some error messages are discussed.

1.1. Features

The password facility has the following features, in no specific order:

Strong password requirements: Please see paragraph 1.4 Password requirements.
Logging: Every successfull login, logout, login attempt and failed login is logged.
Configurable parameters: Several aspects related to the log in/log out procedure and the session management are configurarable, see chapter Configuration Manager, paragraph Site for details.
Here is a list:
- Session expiry interval: Defines when a user session is timed out. After a configurable time of user inactivity, the session is timed out, the user is logged out and an error message is displayed.
- Maximum allowed login attempts: After a configurable number of logins, the user is asked if he wants to go to the 'Forgotten your password? procedure. If he persists in logging in, he is blacklisted. See items below. This is a secruity feature.
- Login failures interval: The time window in which the blacklist is consulted before deleting a users failed login attempts. So, a user has to wait a configurable time before he can undertake new attempts. This is a security feature.
- Failed login attempts: After a configurable number of failed login attempts, the user automatically gets the Forgotten your password? dialogue.
- Valid bypass interval: This item refers to the 'Forgotten your password?' procedure.
  After sending the first mail, containing the one time code, the user has 30 minutes to read and enter the one time code. If the time is exceeded, the one time code expires.
- Blacklist interval: The time a user is put on the blacklist. In this period, the system is unaccessible for that user.

1.2 Assumptions

This chapter elaborates on other chapters. We assume you have read and done the General part of the Table of Contents.

1.3 Password requirements

Website@School does not accept simple passwords like 'helen' or 'maria2'. These simple passwords are easy to guess and using them endangers Website@School, the school server and the data on it. Passwords must have certain properties to make them difficult to guess. A Website@School password must:

have at least a minimum length of 6 (six) characters,
have at least 1 (one) uppercase character (A-Z).
have at least 1 (one) lowercase character (a-z).
have at least 1 (one) digit (0-9)
preferably have special character like: at-sign '@', hash '#', dollar '$', percentage sign '%', caret '^', ampersand '&', asterisk '*', left parenthesis '(', right parenthesis ')', dash '-', underscore '_', plus '+', equals '=', left curly brace '{', right curly brace '}', opening bracket '[', closing bracket ']', semicolon ';', slash '/', dot '.' and question mark '?'.

It is a good idea to choose a password of more than 6 characters long. A good password, as an example, is 'Mrbh3ws!' (omit the quotes). This password is easy to remember when you know it stands for the sentence: "My red bike has 3 wheels!". However, and that makes it a good password, it's very difficult to guess when you do not know the sentence. This 'sentence trick' is an easy way for pupils to create difficult passwords and remember them.

NOTICE:
When creating users and giving them passwords, the passwords must meet the above requirements.

(top)

2. Logging in and out

When trying to log in in, please bear in mnind that there are three types of users in Website@School:

Regular visitors of the site and areas, having no account to log in anywhere.
Users with an account with permissions only to read Private Area(s) (i.e.Intranet(s)).
Users with an account that permits them to perform management tasks in Website@School.

NOTICE:
Regular visitors (1) are just visitors, having no access at all.
Users with Intranet read access (2) can login via the site, i.e. via index.php.
Users (3) with enough permissions to do management tasks can login via the login dialogue, i.e. via admin.php.

A user with only Intranet read permissions, accidentally trying to log in via admin.php, is logged in, but encounters the Access denied dialogue:

login_access_not_valid.png

The user can now either:

Select the public site and access her Intranet(s) via the 'Select Area' dropdown menu, because she is already logged in, or
Select login, whereafter she first is logged out, to log in again with another account name or with sufficient permissions to enter Website@School management.

NOTICE:
Newly created users, whose access permissions are forgotten to be set, receive the same Access denied message. This results in a complaining user.

Logging in can be done via index.php and admin.php. When switching from the site to management or vice versa, the user does not have to login again. When logging out on the site, the user is also logged out in Website@School management and vice versa.

NOTICE:
When you try to log in and are immediately redirected to the site, please read 4.4 After login attempt redirected to the website

2.1 Logging in

Open a browser and go to http://exemplum.eu/admin.php. This is a fictional URL, replace it with the real URL of your school. Only replace the URL, of the school, but keep the admin.php. Next, hit the [Enter] key to enter the login dialogue:

[ Exemplum Primary School, login page. username name, password ******** ]

login_logging_in.png Explanation:

Username: Enter the user name you created during installation or received from the web master. For example wblader, webmaster.
Password: Enter the password you created during the installation or received from the web master. The password is not shown, but ********. This is a security feature.
[OK] or [Enter]: Press the [Enter] key on your keybord, or click [OK] to enter Website@School Management; the Welcome page.
home: Link to the home page of the school site.
Forgotten your password?: When you forgot your password, use this link to obtain a new password. See paragraph 3. Forgotten your password? for further details.

After a succesfull login, you are on the Website@School Welcome page:

Xlogin_was_home_after_login.png

From this page Website@School is managed. See the Website@School Users Guide Table of contents for the respective chapters. or the Guided Tour for a brief overview.

NOTICE:
Please take notice at the yellow status bar. This is the place where you receive status reports from Website@school. Texts can be cut and past for support questions.

2.2 Logging out

After having done your job in Website@School you must log out to end your session.

NOTICE:
Do not terminate your session by exiting your browser or clicking the X in the upper right corner of your browser. This brute force action will indeed kill your session, but it does not unlock the materials you were working with. The next time you login, you may be confronted with locked pages, see paragraph 4.3 Locked pages.

To end your session in Website@School, click the link logout Full Name in the upper right corner of the screen to log out, wereafter the logout dialogue opens:

[ Exemplum Primary School, pop up: success, message= success ]

login_logged_out.png

After logging out, two possibilities are available:

You are taken back to the login dialogue and can login again after reading the pop up message and clicking the [OK] button, or
you are taken back to some other place. This depends on your account settings in the user properties. These are set in the account manager and are discussed in chapter Account Manager, paragraph 3.3 Edit user username (Full Name ).

3. Forgotten your password?

When you have forgotten your password, try to remember it, but do not try it out endlessly. This results in error messages.
Better try to get a new password from the web master. This is really the easiest ways to obtain a new password. If that's not possible, follow the inconvenient but secure procedure described below.

Click the Forgotten your password? link in the login dialoge to enter the Please enter your username and e-mail address and press the button. dialogue:

[ Exemplum Primary School, logout, username user, e-mail address 'e-mail address' ]

login_forgotten_password.png

Enter your user name and the e-mail address that was used when the account was created. Press the [Enter] key on your keyboard or click the [OK] button.
The Please see your e-mail for further instructions. dialoge opens:

[ Exemplum Primary School, pop up: see e-mail, see e-mail, message= see e-mail ]

login_forgotten_password_email_1.png

NOTICE:
When you, at this very moment, remember your old password, you can lick away the pop-up windown, but do not press the [OK] button in the Please see your e-mail for further instructions. dialoge. After pressing that [OK] button, your old password will not be usable anymore!

Please check the e-mail like the following:

Subject: One-time login code request
Date: Fri, 17 Dec 2010 22:27:16 +0100
From: Exemplum Primary School <webmaster@exemplum.eu>
To: w.bladergroen@exemplum.eu (Wilhelmina Bladergroen)

Here is a link with a one-time code that will allow you to
request a new, temporary password. Copy the link below to
the address bar in your browser and press [Enter]:

http://exemplum.org/index.php?login=4&username=hparkh&code=BEJZ51CYT9F6KPHPS05W

Alternatively, you can go to this location:

    http://exemplum.org/index.php?login=4

and enter your username and this one-time code:

    X8XDCOE2X0M2RYQRGJLY

Note that this code is valid for only 30 minutes.

The request for this one-time code was received from this
address:

    172.17.2.23

Good luck!

Your automated webmaster

As written, copy the link location or use the one time code.

Press the [OK] button, whereafter the Please enter your username and one-time code and press the button. dialogue opens:

[ Exemplum Primary School, username 'user', one time code X8X...JLY ]

login_forgotten_password_enter_one_time_code.png

Enter the one-time code and press the [Enter] key on your keyboard or use the [OK] button, to enter the Please see your e-mail for your new temporary password. dialogue:

[ Exemplum Primary School, pop up: see e-mail, message= see e-mail ]

login_forgotten_password_email_2.png

Another mail is sent to you, containing the temporarily password:

Subject: One-time login code request
Date: Fri, 17 Dec 2010 22:30:17 +0100
From: Exemplum Primary School <webmaster@exemplum.eu>
To: w.bladergroen@exemplum.eu (Wilhelmina Bladergroen)

Here is your temporary password:

    9Y5tUk4q

Note that this password is valid for only 30 minutes.

The request for this temporary password was received
from this address:

    172.17.2.23

Good luck!

Your automated webmaster

Enter the user name and copy & paste the one time password in the password field:

[ Exemplum Primary School, username name, password *******, message= see e-mail ]

login_forgotten_password_enter_temp_password.png

Press Enter or the [OK] button, to enter the You have to change your password now. dialogue:

[ Exemplum Primary School, username name, password ******, new password *******, confirm new password ******* ]

login_forgotten_password_enter_new_password.png

Username: Enter your username.
Password: Copy and paste the one time password you received in the second mail.
New password: Enter a new secure passowrd, see paragraph 1.4 Password requirements to create a secure password. Write the new pasword on a piece of paper, remember it, wereafter you eat the paper.
NOTICE:
The new password may not be equal to the one time password and the old password!
Confirm new password: Retype the new password.
OK: Press the [Ok] button to send the new password.

After clicking the [OK] button, the ...successfully changed. dialogue opens:

[ Exemplum Primary school, pop up: success, message= succes ]

login_forgotten_password_successfull_change.png

In the pop up window, click [OK] to remove it and. Next, click [OK] and enter enter the site. Go to My page, select admin.php and you are in Website@School management.

You also receive an e-mail, confirming the change of your password.

Subject: One-time login code request
Date: Fri, 17 Dec 2010 22:33:18 +0100
From: Exemplum Primary School <webmaster@exemplum.eu>
To: w.bladergroen@exemplum.eu (Wilhelmina Bladergroen)

Your password has been changed.

The password change request was received
from address 172.17.2.23 on 2010-12-17 22:35:48.

Kind regards,

Your automated webmaster.

As you may have noticed, changing your password is, for security reasons, a complicated process. It's easier to remember your secure password, or humbly address the webmaster.

(top)

4. Error messages

Below some of the most common erro messages during loing are summed up.

4.1 Wrong username or password

If you have entered a wrong username/password-combination, you see an alert box with an error message 'Invalid credentials, please try again'. After pressing the [OK] button to remove the alert, you get another chance to enter the correct combination. The number of attempts is limited; by default you can retry 10 times.

[ Exemplum Primary School, pop up: invalid creentioals, message= invalid credentials ]

login_wrong_user_password.png

NOTICE:
Do not try endlessly to find your forgotten password, but try to remember it. After 10 attempts, you are taken to the Forgotten your password? dialogue. See paragraph 3. Forgotten your password? on renewing it.

4.2 Too many login attempts

The forgot password procedure asks your username and email address. If you have entered a wrong username/email-combination, you see an alert box with an error message 'Invalid username and email address'. After pressing the [OK] button to remove the alert, you get another chance to enter the correct combination. The number of attempts is limited; by default you can retry 10 times.

[ Exemplum Primary School, pop up: invalid credentials, message= invalid credentials ]

login_too_many_attempts_forgot_password.png

If you persist and enter an incorrect combination for the 11th time, you will be locked out for a configuratble amount of time (default 8 minutes).

[ Exemplum Primary School, pop up: invalid username, messge=invalid username ]

login_wrong_user_and_mail.png

After yet 10 more failed logins, you get:

[ Exemplum Primary Schoo, pop up: too many attempts, messge= toom many attempts ]

login_too_many_attempts.png

And if you persist, clicking the [ok] button:

[ Exemplum Primary School, pop up: access denied, message= access denied ]

login_access_denied.png

This is a feature to protect Website@School against automated password cracking attempts. Wait 8 minutes and try again.

4.3 Auto logout

When a login lasts more than 24 hours, the user is automatically logged out:

[ Exemplum Primary School, pop up: forcefully logged out, message= forcefully logged out ]

login_forcefully_logged_out.png

Remove the pop up message and log in again. This feature can be set in 'Session expiry interval', see chapter Configuration Manager, paragraph Site.

4.4 Access disabled

login_access_disabled.png

You probable have no or not enough permissions to enter Website@school Management. Please use one of the links.

Another often occuring reason for this error is when the webmaster has created your account, but forgot to give you (enogh) permissions to enter Website@School management.

(top)

5. Concluding remarks

To summarise this chapter: it's much easier to remember your password than to change it.

(top)

Prev	Home	Next
Installation		Guided Tour

Author: Dirk Schouten <schoutid (at) Knoware (dot) nl >

Last updated: 2012-02-22