WebDNA provides a few options for password protecting your pages, either with browser authentication, or with cookies.
numero = 81
interpreted = N
texte = [protect] and [authenticate] work with browser authentication, whereas using [getcookie] will allow you the flexibility of building a system just how you want it. This section only deals with [Protect] and [authenticate].
[protect] and [authenticate]These two tags will throw up the
browser's authentication box. The difference between the two is that the [protect] tag ties in directly to the built-in Users.db in your WebDNA admin area, whereas the [authenticate] tag is meant for developers who prefer to 'roll their own', such as if you have your own user database with more extensive fields and functionality than the simple users.db.
[Authenticate SomeText]Putting [Authenticate
SomeText] in your template causes the remote browser to display the Username/Password dialog with whatever text you specify. (Unlike the Protect tag, the parameter in authenticate doesn't make or break anything.) When the visitor types a username and password into their browser, the browser caches that information, so your templates can retrieve it by including the [username] and [password] tags. Normally you would put [authenticate] inside [ShowIf] or [HideIf] contexts comparing the username/password to your custom user database, otherwise the password dialog continues popping up forever, unlike the [protect] tag, which has the showif/hideif routines built into it already.[authenticate] is a low-level tool requiring further code to make it work for password protection schemes. You can see an example of how [protect] makes use of [authenticate] by inspecting the file "MultiGroupChecker" in the WebCatalogEngine folder, or in the Sandbox folder. Basically, here is how it works:
Example[showif (the [username] is NOT in your user database)][Authenticate Members Only][/showif][showif (the [password] does NOT match that of this user][Authenticate Members Only][/showif]
If the user enters an invalid username, then the first showif will display the authentication box, and they try again. If the user correctly enters a valid username but muffs on the password, then the second showif will display the authentication box. If the user correctly enters a valid username AND password, then the two showifs will be false and NOT show the authentication box, so the page can continue to load.
Example[showif [username]!actual_user][authenticate user][/showif][!][/!][showif [password]!actual_password][authenticate password][/showif]
Just replace "actual_user" and "actual_password" with their real value. [authenticate] checks that it does not already have these values and if it does not, then it shows the dialog box to get them.
Extra creditAt this point, now that you know you have a valid user, you can do a simple search using [username] on your database to get more information and act upon that. Suppose you have levels of membership directing users to different sections, or to a renewal page if their memberships have expired. You could do something like the following:
[search (search the database for [username])][founditems][showif [status]=expired][redirect renew.html][/showif][showif [status]=current]Welcome [first] [last]![/showif][/founditems][/search]
For the expired member, the redirect will immediately kill the rest of this page, and send the user to the specified page. For the member in good standing, the rest of the page will load as expected.
Directory ProtectionYou cannot protect directories with WebDNA, because the webserver does not return any processing data to WebDNA is a directory listing is requested, so if you think you're going to protect say, a directory of images, the answer is no. You need to control this with something like an .htpasswords file, or realm protection on a server level.
[protect] and
[authenticate] work with browser authentication, whereas using [getcookie] will allow you the flexibility of building a system just how you want it. This section only deals with
[protect] and
[authenticate].
[protect] and [authenticate]These two tags will throw up the
browser's authentication box. The difference between the two is that the
[protect] tag ties in directly to the built-in Users.db in your WebDNA admin area, whereas the
[authenticate] tag is meant for developers who prefer to 'roll their own', such as if you have your own user database with more extensive fields and functionality than the simple users.db.
[Authenticate SomeText]Putting [Authenticate
SomeText] in your template causes the remote browser to display the Username/Password dialog with whatever text you specify. (Unlike the Protect tag, the parameter in authenticate doesn't make or break anything.) When the visitor types a username and password into their browser, the browser caches that information, so your templates can retrieve it by including the
[username] and
[password] tags. Normally you would put
[authenticate] inside
[showif] or
[hideif] contexts comparing the username/password to your custom user database, otherwise the password dialog continues popping up forever, unlike the
[protect] tag, which has the showif/hideif routines built into it already.
[authenticate] is a low-level tool requiring further code to make it work for password protection schemes. You can see an example of how
[protect] makes use of
[authenticate] by inspecting the file "MultiGroupChecker" in the WebCatalogEngine folder, or in the Sandbox folder. Basically, here is how it works:
Example[showif (the [username] is NOT in your user database)]
[Authenticate Members Only]
[/showif]
[showif (the [password] does NOT match that of this user]
[Authenticate Members Only]
[/showif]
If the user enters an invalid username, then the first showif will display the authentication box, and they try again. If the user correctly enters a valid username but muffs on the password, then the second showif will display the authentication box. If the user correctly enters a valid username AND password, then the two showifs will be false and NOT show the authentication box, so the page can continue to load.
Example[showif [username]!actual_user][authenticate user][/showif][!]
[/!][showif [password]!actual_password][authenticate password][/showif]
Just replace "actual_user" and "actual_password" with their real value.
[authenticate] checks that it does not already have these values and if it does not, then it shows the dialog box to get them.
Extra creditAt this point, now that you know you have a valid user, you can do a simple search using
[username] on your database to get more information and act upon that. Suppose you have levels of membership directing users to different sections, or to a renewal page if their memberships have expired. You could do something like the following:
[search (search the database for [username])]
[founditems]
[showif [status]=expired]
[redirect renew.html]
[/showif]
[showif [status]=current]
Welcome [first] [last]!
[/showif]
[/founditems]
[/search]
For the expired member, the redirect will immediately kill the rest of this page, and send the user to the specified page. For the member in good standing, the rest of the page will load as expected.
Directory ProtectionYou cannot protect directories with WebDNA, because the webserver does not return any processing data to WebDNA is a directory listing is requested, so if you think you're going to protect say, a directory of images, the answer is no. You need to control this with something like an .htpasswords file, or realm protection on a server level.
Terry Wilson
DOWNLOAD WEBDNA NOW!
Top Articles:
WebDNA Libraries
A list of available libraries for WebDNA...
F.A.Q
A compilation of some user's questions...
Technical Change History
This Technical Change History provides a reverse chronological list of WebDNA changes...
WebDNA Modules
A list of the currently available modules...
Tips and Tricks
A list of user-submitted tips ...
[biotype]
BioType is a behavioral biometrics WebDNA function based on ADGS research and development (from version 8...
Related Readings:
[shownext]
[shownext] is a special context used to create links (or more accurately...
[username]
Using [password] and [username] is an easy was to show the browser login dialog box...
[deletefolder]
Deletes a folder from your website...
[elapsedtime]
...
[append]
[append db=base...
[listdatabases]
Lists all the currently-open databases...