Secure Login

There are a few steps that need to happen in order to secure a page:

  1. Create new Secure Login module from a template.
  2. In the Module Controls box, Entity Type needs to be Member. Check the box Can Login? and save changes.
  3. Click on the Components tab and edit the Login Box component. Be sure the box next to "Is Form" is checked, the Handler Member should be set to Login. Click Save Changes. (If you don't see a choice for Login, you need to be sure the Entity Type is set to Member in the Module Controls first.)
  4. Create a page called Login and place the new Secure Login module on the page. (As a note, the page URL must be Login. That is what the secure function is looking for.)
  5. Go to the page you would like to secure. In the flyout menu, select Secured from the dropdown next to "Secured" and save the page. If you are linking to the secure page, use the link of the page that has content on it, not the login page URL.
  6. You will also want to create the following pages:
    • Reset Password: The URL path will need to be resetpassword. This can be used when a user wants to change their password, and currently knows what their password is. You do not need to add any modules or content to the this page. There is automatic content that is generated when the user is directed to /resetpassword.
    • Change Password: The URL path will need to be changepassword. This page is used when you want to force a password change. A user would be sent a link to this page if you click on the Send Registration button in a contact profile (the module would need to be set to type Member). They would initially be sent a temporary password, then asked to change it once they get to this page. You do not need to add any modules or content to the this page. There is automatic content that is generated when the user is directed to /changepassword.
    • Forgot Password: The URL path will need to be forgotpassword. You can add a link below the login box that links to this page to allow a user to request a forgot password email. They do need to have an email address in the contact manager entity to be sent the forgot password information. You do not need to add any modules or content to the this page. There is automatic content that is generated when the user is directed to /forgotpassword.
  7. Logging out: If you'd like to add a logout button, it just needs to be set to /logout. You don't need to create a page for this. 

Usernames and passwords are set up by adding entities to the Secure Login module.

Sessions

When someone logs in, it creates a session that lasts for 12 hours, and add a cookie. To clear a session, at the end of the URL on the site type in: ?reset=true

Login and Logout Buttons

You can add login and logout buttons that will only show depending on the users status.