Logging in and out

Contents

2. Logging in and out
    2.1 Logging in
    2.2 Logging out

3. Forgotten your password?

4. Error messages
    4.1 Wrong user name or password
    4.2 Too many login attempts
    4.3 Auto logout
    4.4 Access denied

5. Concluding remarks

1. Introduction

1.1. Features

• Strong password requirements: Please see paragraph 1.4 Password requirements.
• Logging: Every successfull login, logout, login attempt and failed login is logged.
• Configurable parameters: Several aspects related to the login/logout procedure and the session management are configurarable, see chapter Configuration Manager, paragraph Site for details.
  Here is a list:
  • Session expiry interval: Defines when a user session is timed out. After a configurable time of user inactivity, the session is timed out, the user is logged out and an error message is displayed.
  • Maximum allowed login attempts: After a configurable number of logins, the user is asked if he wants to go to the 'Forgotten your password? procedure. If he persists in logging in, he is blacklisted. See items below. This is a secruity feature.
  • Login failures interval: The time window in which the blacklist is consulted before deleting a users failed login attempts. So, a user has to wait a configurable time before he can undertake new attempts. This is a security feature.
  • Failed login attempts: After a configurable number of failed login attempts, the user automatically gets the Forgotten your password? dialogue.
  • Valid bypass interval: This item refers to the 'Forgotten your password?' procedure.
    After sending the first mail, containing the one time code, the user has 30 minutes to read and enter the one time code. If the time is exceeded, the one time code expires.
  • Blacklist interval: The time a user is put on the blacklist. In this period, the system is unaccessible for that user.
• Developer manual: For all features, also the self evident ones, see the developers manual and read the source (to Luke).

1.2 Assumptions

1.3 Password requirements

• have at least a minimum length of 6 (six) characters,
• have at least 1 (one) uppercase character (A-Z).
• have at least 1 (one) lowercase character (a-z).
• have at least 1 (one) digit (0-9)
• preferably have special character like: at-sign '@', hash '#', dollar '$', percentage sign '%', caret '^', ampersand '&', asterisk '*', left parenthesis '(', right parenthesis ')', dash '-', underscore '_', plus '+', equals '=', left curly brace '{', right curly brace '}', opening bracket '[', closing bracket ']', semicolon ';', slash '/', dot '.' and question mark '?'.

It is a good idea to choose a password of more than 6 characters long. A good password, as an example, is 'Mrbh3ws!' (omit the quotes). This password is easy to remember when you know it stands for the sentence: "My red bike has 3 wheels!". However, and that makes it a good password, it's very difficult to guess when you do not know the sentence. This 'sentence trick' is an easy way for pupils to create difficult passwords and remember them.

NOTICE:
When creating users and giving them passwords, the passwords must meet the above requirements.

(top)

2. Logging in and out

NOTICE:
When you try to log in and are immediately redirected to the site, please read 4.4 After login attempt redirected to the website

2.1 Logging in

login_logging_in.png

• Username: Enter the user name you created during installation or received from the web master.
• Password: Enter the password you created during the installation or received from the web master.
• [OK] or [Enter]: Press the [Enter] key on your keybord, or click [OK] to enter Website@School Welcome page.
• home: Link to the site home page.
• Forgotten your password?: When you forgot your password, use this link to obtain a new password. See paragraph 3. Forgotten your password? for further details.

After a succesfull login, you are on the Website@School Welcome page:

Xlogin_was_home_after_login.png

From this page Website@School is managed. See the Website@School Users Guide Table of contents for the respective chapters. or the Guided Tour for a brief overview.

NOTICE:
Please take notice at the yellow status bar. This is the place where you receive status reports from Website@school. Texts can be cut and past for support questions.

2.2 Logging out

NOTICE:
Do not terminate your session by exiting your browser or clicking the X in the upper right corner of your browser. This brute force action will indeed kill your session, but it does not unlock the materials you were working with. The next time you login, you may be confronted with locked pages, see paragraph 4.3 Locked pages.

To end your session in Website@School, click the link logout Full Name to log out, wereafter the logout dialogue opens:

login_logged_out.png

After logging out, two possibilities are available:
1. You are taken back to the login dialogue and can login again after reading the pop up message and clicking [OK] or
2. You are taken back to some other place. This depends on your account settings in the user properties. This is discussed in chapter Account Manager, paragraph 3.3 Edit user username (Full Name ).

3. Forgotten your password?

Click the Forgotten your password? link in the login dialoge to enter the Please enter your username and e-mail address and press the button. dialogue:

login_forgotten_password.png

Enter your user name and the e-mail address used when creating the account. Press the [Enter] key on your keyboard or click the [OK] button. The Please see your e-mail for further instructions. dialoge opens for further instructions:

login_forgotten_password_email_1.png

NOTICE:
When you, at this very moment, remember your old password, then do not press the [OK] button. After pressing the [OK] button, your old password will not be usable anymore!

Please check the e-mail like the following:

Subject: One-time login code request Date: Fri, 17 Dec 2010 22:27:16 +0100 From: Exemplum Primary School To: w.bladergroen@exemplum.eu (Wilhelmina Bladergroen) Here is a link with a one-time code that will allow you to request a new, temporary password. Copy the link below to the address bar in your browser and press [Enter]: http://exemplum.org/index.php?login=4&username=hparkh&code=BEJZ51CYT9F6KPHPS05W Alternatively, you can go to this location: http://exemplum.org/index.php?login=4 and enter your username and this one-time code: X8XDCOE2X0M2RYQRGJLY Note that this code is valid for only 30 minutes. The request for this one-time code was received from this address: 172.17.2.23 Good luck! Your automated webmaster

As written, copy the link, or use the alternative method to enter the one-time code. Press the [OK] button, whereafter the Please enter your username and one-time code and press the button. dialogue opens:

login_forgotten_password_enter_one_time_code.png

Enter the one-time code and press the [Enter] key on your keyboard or use the [OK] button, to enter the Please see your e-mail for your new temporary password. dialogue:

login_forgotten_password_email_2.png

Another mail is sent to you, containing the temporarily password:

Subject: One-time login code request Date: Fri, 17 Dec 2010 22:30:17 +0100 From: Exemplum Primary School To: w.bladergroen@exemplum.eu (Wilhelmina Bladergroen) Here is your temporary password: 9Y5tUk4q Note that this password is valid for only 30 minutes. The request for this temporary password was received from this address: 172.17.2.23 Good luck! Your automated webmaster

Enter the user name and copy & paste the one time password in the password field:

login_forgotten_password_enter_temp_password.png

Press Enter or the [OK] button, to enter the You have to change your password now. dialogue:

login_forgotten_password_enter_new_password.png

• Username: Enter your username.
• Password: Copy and paste the one time password you received in the second mail.
• New password: Enter a new secure passowrd, see paragraph 1.4 Password requirements to create a secure password. Write the new pasword on a piece of paper, remember it, wereafter you eat the paper.

  NOTICE:
  The new password may not be equal to the one time password and the old password!

• Confirm new password: Retype the new password.
• OK: Press the [Ok] button to send the new password.

After clicking the [OK] button, the ...successfully changed. dialogue opens:

login_forgotten_password_successfull_change.png

In the pop up window, click [OK] to remove it and. Next, click [OK] and enter enter the site. Go to My page, select admin.php and you are in Website@School management.

You also receive an e-mail, confirming the change of your password.

Subject: One-time login code request Date: Fri, 17 Dec 2010 22:33:18 +0100 From: Exemplum Primary School To: w.bladergroen@exemplum.eu (Wilhelmina Bladergroen) Your password has been changed. The password change request was received from address 172.17.2.23 on 2010-12-17 22:35:48. Kind regards, Your automated webmaster.

As you may have noticed, changing your password is, for security reasons, a complicated process. It's easier to remember your secure password.

(top)

4. Error messages

4.1 Wrong username or password

If you have entered a wrong username/password-combination, you see an alert box with an error message 'Invalid credentials, please try again'. After pressing the [OK] button to remove the alert, you get another chance to enter the correct combination. The number of attempts is limited; by default you can retry 10 times.

login_wrong_user_password.png

NOTICE:
Do not try endlessly to find your forgotten password, but try to remember it. After 10 attempts, you are taken to the Forgotten your password? dialogue. See paragraph 3. Forgotten your password? on renewing it.

4.2 Too many login attempts

The forgot password procedure asks your username and email address. If you have entered a wrong username/email-combination, you see an alert box with an error message 'Invalid username and email address'. After pressing the [OK] button to remove the alert, you get another chance to enter the correct combination. The number of attempts is limited; by default you can retry 10 times.

login_too_many_attempts_forgot_password.png

If you persist and enter an incorrect combination for the 11th time, you will be locked out for a configuratble amount of time (default 8 minutes).

login_wrong_user_and_mail.png

After yet 10 more failed logins, you get:

login_too_many_attempts.png

And if you persist, clicking the [ok] button:

login_access_denied.png

This is a feature to protect Website@School against automated password cracking attempts. Wait 8 minutes and try again.

4.3 Auto logout

When a login lasts more than 24 hours, the user is automatically logged out:

login_forcefully_logged_out.png

Remove the pop up message and log in again. This feature can be set in 'Session expiry interval', see chapter Configuration Manager, paragraph Site.

4.4 Access disabled

login_access_disabled.png

You probable have no or not enough permissions to enter Website@school Management.

Another often occuring reason for this error is when the webmaster has created your account, but forgot to give you (enogh) permissions to enter Website@School management.

(top)

5. Concluding remarks

To summarise this chapter: It's easier to remember your password than to change it.

(top)

---

Prev	Home	Next
Installation		Guided Tour

Author: Dirk Schouten <schoutid (at) Knoware (dot) nl >

Last updated: 2011-08-08