Secure Client Login Action

Sometime around 21/4/09 (at 17:52 -0400) TeamSDA said:

I believe we would be able to use the C Panel of our ISP and create
such a secured folder. Not really warm to this idea as we want to
use freeway as our means of making changes and updates.

Securing http (web browser) access doesn’t lock Freeway out on the
FTP level. You’d carry on using the same Freeway-based FTP
username/password access as normal to design the site and manage
everything through the normal upload process, but viewing the
uploaded pages in a browser will bring up the password access dialog.

This security stuff is all handled by the web page-serving engine on
the server. If you want real security rather than just
difficult-to-guess locations then this is the only sensible solution
that I can think of.

k

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Thank You Tim and Walter,

You guy’s are awesome, this is why we came back to Freeway. When I looked at the link Delta Dave posted earlier in this thread it seemed to have several php scripts that were secure, i.e. log in and log outs directing varied users to specific pages and such. While we cold work through their tutorials and eventually get something to work this is not really why we decided to return to Freeway.

My question is, do either of you do freelance work as it appears you could very easily and quickly take our completed freeway document and include the necessary code into the markup and forms section to get things working.

What we would really like is to see more actions written with simple tutorials and examples published. This is what really makes Freeway shine.

Thank You, Team SDA

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

This is great Tim,

Looks like it may get us going right away as we wait for an Action that will give us actual page protection with log ins and log outs.

Are you planing on posting this to your site with a tutorial and such? Don’t fully grasp what is going on, how it is redirecting to the obscured pages “Pied Piper” “Big Inc” and such?

I’ve updated the example on FreewayActions.com for this to include a
download of the Freeway 5 Pro file and the action.
You can see the demo here;
http://www.freewayactions.com/test/password/

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

I’m glad things are working out for you.

Thankfully, Freeway has always benefited from a great user community who are
willing to share their knowledge, resources and time to empower others. This
general mantra of “Do good” is infectious and you’ll find users wanting to feed
back into this pool whenever they can.
</side note>

In answer to your question; I’m currently not looking for any freelance work at
the moment as I’ve a real lack of any free time as it is with work and family
commitments. With the economy as it is, things change and my situation may
change in the future.
There are plenty of very talented Freeway users who frequent this list who
should be contacting you now and should be able to offer help in setting up
your site if you don’t (or can’t) tackle it yourself.

On the actions front I’ve roughly 8.5 years worth of actions (several hundred)
that I’ve created and I’d love to find the time to dust them off, test and
document them and share them with you all. If it weren’t for the support
nightmares I would make them all available as they are.
Until that happens if there are problems that you can see actions eliminating
then this is the place to ask.
Regards,
Tim.

Quoting TeamSDA email@hidden:

Thank You Tim and Walter,

You guy’s are awesome, this is why we came back to Freeway. When I looked at
the link Delta Dave posted earlier in this thread it seemed to have several
php scripts that were secure, i.e. log in and log outs directing varied users
to specific pages and such. While we cold work through their tutorials and
eventually get something to work this is not really why we decided to return
to Freeway.

My question is, do either of you do freelance work as it appears you could
very easily and quickly take our completed freeway document and include the
necessary code into the markup and forms section to get things working.

What we would really like is to see more actions written with simple
tutorials and examples published. This is what really makes Freeway shine.

Thank You, Team SDA

–
Extend Freeway the way you want with FreewayActions.com
http://www.freewayactions.com

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

As I find time I’ll add this to FreewayActions.com but that won’t happen for a
while as I’ve a load of work to get through at the moment.

Technically here’s how the system works (it sounds more complicated than it is.
Also you don’t actually need to know this to use the action!);

1. Create your log-in page in Freeway and add a standard form to it, including
   text field and submit button and change the page file extension to .php
2. Apply the action to the text field
3. In the action set if you want it to redirect to single .html pages or
   directories. You can also specift the warning text and css style that the user
   sees when they enter an invalid password.
4. In your site add a single page or folder (depending on the setting you chose
   in step 3) for each client. For example a page or folder called ‘4d5w3r’ should
   do the trick.
5. In the Inspector palette it is best if the page title isn’t the same as the
   document name so change this to something more meaningful (‘Welcome to your
   page… etc’ for example). The page name should still remain as 4d5w3r.html (in
   our example).
6. Make sure that something on your log-in page uses the css style defined in
   the action. Without it Freeway won’t publish the style and the warning will
   look unstyled (or display in the wrong style). In the example I posted there is
   a small text box to the right of the main page that contains nothing but a
   styled blank space.
7. Publish and upload your site
8. When a user enters a password in the log-in form the form data is posted back
   to the same page (it looks like the page simply refreshes). The php in the page
   checks to see if an html page with that password exists and if it does it
   ingests it into the current page (more on this in a moment). If the page cannot
   be found then the warning is shown.
   Working with directories (step 3) is slightly different as we can’t do the
   ingesting so the user is redirected to the chosen directory.

When I say target html pages are ingested what happens is that the PHP code
locates the html page, and them opens it up and reads it’s contents into the
log-in page. If you check the source code for the page once you’ve logged in it
will look exactly like the target page but the URL will remain as the log-in
page. This has the benefit of obscuring the final page location from the user
and means if they bookmark the page they will have to log-in again before they
can see any of the content.

Download the sample file and have a look at how it is constructed. It should be
quite easy to follow.
Regards,
Tim.

Quoting TeamSDA email@hidden:

This is great Tim,

Looks like it may get us going right away as we wait for an Action that will
give us actual page protection with log ins and log outs.

Are you planing on posting this to your site with a tutorial and such? Don’t
fully grasp what is going on, how it is redirecting to the obscured pages
“Pied Piper” “Big Inc” and such?

I’ve updated the example on FreewayActions.com for this to include a
download of the Freeway 5 Pro file and the action.
You can see the demo here;
http://www.freewayactions.com/test/password/

---

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

–
Extend Freeway the way you want with FreewayActions.com
http://www.freewayactions.com

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

OK I believe I get what you are doing and thank you for being so descriptive.

Just for clarification, This Action allows the user to link to any page in the folder containing the login page, they just need to have the file name of the page? As far as they are concerned this is their password?

Are you are using just numbers and letters so search engine bots don’t list the actual page?

Do you know of an action that will keep the search engine bots from seeing the page allowing us to give our clients more relevant logins i.e. Company Acronym and Job Number?

Just so we are aware of the level of security this offers, what are the risks?

Thank You Tim, Team SDA

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Quoting TeamSDA email@hidden:

Just for clarification, This Action allows the user to link to any page in
the folder containing the login page, they just need to have the file name of
the page? As far as they are concerned this is their password?

Correct.

Are you are using just numbers and letters so search engine bots don’t list
the actual page?

Search engines shouldn’t find the pages unless you either link to them or submit
them to be indexed manually. There has been talk in the past that some search
engines will look at the referring page (the page you last visited before going
to the search engine) and will trawl that without asking but I’ve yet to see
this proved.

Do you know of an action that will keep the search engine bots from seeing
the page allowing us to give our clients more relevant logins i.e. Company
Acronym and Job Number?
You can use any name you like but, obviously, if someone can guess it then they
can get in.

To stop search engines from indexing the target pages simply add a robots
exclusion meta tag to each hidden page.

Page menu, Meta Tags, User Tab, New…
Name: ROBOTS
Value: NOINDEX, NOFOLLOW

OK, and OK again to get out of the dialogs.
(I do have an action to apply these but just not online or to hand at the
moment).

All search engine spiders worth their salt will see these tags and skip past the
pages without indexing them or the links they contain.

Just so we are aware of the level of security this offers, what are the
risks?

The biggest risk is exposing content to a wider audience. Only you can judge how
bad that might be. In my opinion the action, a good password, and use of the
robots meta tags should offer you a more than reasonable level of protection
from prying eyes. If you are hoping to protect state secrets then look for
something a little stronger. If nothing else it will help you sleep at night.

Regards,
Tim.

Extend Freeway the way you want with FreewayActions.com
http://www.freewayactions.com

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Tim,

Thank you so much, you have been very helpful.

Team SDA

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi Tim,

It appears that we need just a little more of your expertise. Noticed that the style needs to be assigned to a blank space in the HTML box and that you have padding of 20px applied to the extended section of the style. Also noticed 5 spaces in the Actions field for the error prompt. It appears that the waring icon is assigned in the style.

1 - What is the 20px padding for in the style?

2 - What are the 5 spaces in the Action field for?

3 - We have assigned the warning icon through the style but it wants to tile when the warning appears. Cant find a way to not have it tile. How do we do this?

Thank You, Team SDA

PS: Quick separate question: Softpress makes an action “Upload Extra Resources” that seems to be very similar to your “Upload Stuff”. Is one more up to date than another and would you recommend one over the other?

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

1 - What is the 20px padding for in the style?
The warning triangle is part of the CSS style for the error message and is
placed in the background of the element. The 20px padding simply pushes the
text along so that it doesn’t sit on top of the image behind it.

2 - What are the 5 spaces in the Action field for?
Sorry this is my mistake. I was hoping to simply pad the warning value without
using the 20px padding (see above). You can remove these spaces as they don’t
actually do anything useful.

3 - We have assigned the warning icon through the style but it wants to tile
when the warning appears. Cant find a way to not have it tile. How do we do
this?

In the Edit Styles dialog there are options in the background image element to
set the position and repeat for the image. You can choose to have the image
repeat or not or repeat ver5tically or just horizontally. In my example the
image was told not to repeat in either direction.
The options are;
repeat,
no repeat,
repeat x and,
repeat y.

Thank You, Team SDA

PS: Quick separate question: Softpress makes an action “Upload Extra
Resources” that seems to be very similar to your “Upload Stuff”. Is one more
up to date than another and would you recommend one over the other?

I would recommend my action. It is far superiour to theirs!
I’m joking (or am I?) as the two actions are pretty much identical in what they
do. I think Upload Stuff may be a little older but other than that they do the
same job.
Regards,
Tim.

Extend Freeway the way you want with FreewayActions.com
http://www.freewayactions.com

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

And what Tim didn’t say in his reply is that the 20px of padding moves the error text right 20px to allow room for the error image to fit in.

David

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Erm, well I did say something about the padding but just not as well as you put
it!
Thanks for the clarity David.
Regards,
Tim.

Quoting DeltaDave email@hidden:

And what Tim didn’t say in his reply is that the 20px of padding moves the
error text right 20px to allow room for the error image to fit in.

David

–
Extend Freeway the way you want with FreewayActions.com
http://www.freewayactions.com

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Thank You,

Appreciate both of your input. That did it, all is good.

Team SDA

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi, Tim, Walter and Team SDA –

I’ve read through the stream above and you may have what I’m looking for (I’ll have to print this out to study it later to know for sure).

That said, here’s what I’m looking for:

• A way to require a password/login for a “members only” section of my site.
• That way, people who have paid me a monthly fee will be able to access the “in depth” section of my site.

(You can take a look at the site in its current form by going to www (dot) 60SecondOnlineUniversity.com)

Is the system outlined above a system I can use to do this? If not, where would I find software/plugin/action that could do what I’m looking for?

Thanks,
Jamie
P.S. I agree with Team SDA – you guys rock and you’re part of why I’m such a fan of Softpress/Freeway. It’s great to have a place to turn to when I get stuck.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

My two cents here:

A lot of the answer depends on how many people you expect to use your
system. If it’s more than a couple of handfuls, you are going to want
to automate the process somehow, so you don’t inadvertently give away
the store or keep someone from their purchases.

If it’s only a few or 20 or something like that, then you can probably
get away with using cPanel to make logins for them, and disabling the
logins of people who don’t renew.

If it’s more than that, then you need to do a little application
design. Start with some questions: How are you doing the commerce
part? Are you setting up recurring payments using Paypal or another
processor that supports this feature? What sort of notification do you
get each month that the bill has been paid?

I would start from this notification, and see if you can “pipe” it
into your access control system somehow. If you get a mail message, I
can share a bit of code (the robot that “reads” this mailing list and
turns messages into forum threads for the Web site). You will need to
have cpanel access to your server so you can set up a mail address on
your domain that will divert messages to your robot on the PHP command
line, but that’s fairly normal stuff, even on a shared server.

Once you have a way to get these messages, you will need to synch them
to your authorization system. To protect an entire folder full of
files, without needing to do any manual work, I would use an .htaccess
file to redirect all requests to that folder’s contents into a script
which could check to see if the user is authorized and signed in. This
script would check the same database that your payment system updated
when they made their purchase, so the two would never be out of date
with one another.

I can give you the bones of this solution if you want to build it
yourself, or you can spend a pleasant several days looking on
HotScripts for something that suits, and then spend a bunch of time
trying to make it look like the rest of your site.

Please do let me know what your comfort level is with code, and what
flavors you like.

Walter

On May 17, 2009, at 3:00 PM, Jamie Turner wrote:

• A way to require a password/login for a “members only” section of
my site.
• That way, people who have paid me a monthly fee will be able to
access the “in depth” section of my site.

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hi, Walt –

Thanks for your follow-up.

The short answer to your question is that, yes, this would have more than 20 people using it, so it would need to be automated.

Based on your feedback, it’s clear to me that this would be something that would require some custom work. I don’t have the expertise or bandwidth to make that happen, so I’ll probably have to outsource it.

I work at an ad agency with a pretty robust interactive department, so I’m going to check with them about doing the work. That said, they aren’t Freeway Pro folks, so that opens up a whole new can of worms.

Is this the kind of thing that you would be able to do for a fee? If so, can you send me your email address so we can begin a dialogue about it? There’s still a chance that I decide not to do it, but I’d like to have options available in the event that I decide to move forward.

By the way, the site in question is 60SecondOnlineUniversity.com. The shopping cart on the site is Clear Cart, which is a third-party shopping cart and hosting service.

Thanks!

– Jamie

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

since i follow this discussion ( while i had one sort of started to ) with much interest, i want so much an action like this.

the problem with Tim’s action is, for me, that it has one or two ( perhaps 3) passwords i could give away.
and yes i also need a sollution that can help me login a few more people

My english leaves me sometime ( ok, most of the time) in the dark, but i could realy appreciate a not so little help.
And yes, please!!!

who can/will/could help me create a section for more than 50 persons, to be able to login in to 2 different area’s. ( where the one should not get to the other)

I realise i have to come up with php? but i will work my … of to provide what is neccesery, but i realy need help…

And yes Walt, i know it would cost more than 2 cent, i count on it HAHAHAHAHA!

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Could anyone PLX suggest a Secure Client Login Action that is UP TO Date today? March 26 2015 ? And in line w. FW 7.04 capabilities?

Quite frankly I do dislike scripting VERY much…, so if anyone could suggest something that is easy to use & implement and FREE, I´d be most happy!

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

There are NO secure login actions.

Javascript isn’t really a secure way of doing this (most actions use JS in some way)

The real question is “How secure does it need to be?”

Answer that and then we can point you in the right direction.

Other factors to consider are - How many unique users?

David

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options

Hello Arne…

I was in the middle of what was a very long day, working on a new venture aimed at giving back to the next generation of designers, when I saw your post come through, hence my late reply.

My company had an action developed by one of the finest developers of actions here in the Freeway community (Tim Plumb). As of a year ago we gave him permission to distribute this and all the other actions he built for us, some very cool stuff. Tim is on this post and my recommendation is you reach out to him directly.

The action did a superb job of securing pages and opened the door for us to create many unique business and operational solutions for our company over the years.

As for the “FREE” request, I want to encourage you to contribute to those who make up the core of this Freeway Talk community. People like Tim, Walter, Max and others. They are generous with their time and give so much to make the Freeway tool the great resource that it is. They deserve our gratitude and respect.

Kind Regards, Dave Sutherland

freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options