Search…

X3 Photo Gallery Support Forums

Search…
 
CrisC
Experienced
Topic Author
Posts: 59
Joined: 23 Oct 2018, 05:13

Changeing Login to Database

26 Oct 2018, 03:03

Hi,

is there a documentation available about what needs to be done when I want to change the Logins to a Database?
Or are there some things I need to asure when I change the login methods to Database?
Does this also apply for the accounts I have created under "Protect" - and does the website then provide something like a "built in" Login form instead of showing the browsers own login dialog box?

What are the benefits for having a DB-based login?
- Multi User Login for the Panel, as far as I could read somewhere... but it does only affect the panel, and not the page itself, right?
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Changeing Login to Database

27 Oct 2018, 00:12

CrisC wrote:is there a documentation available about what needs to be done when I want to change the Logins to a Database?
Or are there some things I need to asure when I change the login methods to Database?
DB login only controls the login method, so there is nothing you need to do/prepare apart from the database installation setup itself. That is explained in the panel help:
Image
Image
CrisC wrote:Does this also apply for the accounts I have created under "Protect" - and does the website then provide something like a "built in" Login form instead of showing the browsers own login dialog box?
No, DB login does not affect "protected" pages, and it does not change the design or technical implementation of protected pages.
CrisC wrote:What are the benefits for having a DB-based login?
- Multi User Login for the Panel, as far as I could read somewhere... but it does only affect the panel, and not the page itself, right?
Correct. Currently only multi-users and edit user "profile".
 
CrisC
Experienced
Topic Author
Posts: 59
Joined: 23 Oct 2018, 05:13

Re: Changeing Login to Database

27 Oct 2018, 05:48

Hi :)
Thanks!

What I've noticed - and what I would think about:

If using the DB - I would also try to implement the "protected" settings into the Database.
While I have protected the "download" area for each model with an "account" for them - I always need to use their settings to login to the page and test something.

OK - password is visible in plain-text within the panel (I'm not a fan of this at all) - I need to copy and past these settings before I can do some tests.
It is not possible to create another user e.g. "tester" and apply this settings to the same page.

Now, the following:
All my passwords are random generated ones with letters, numbers and special characters.
The best thing for me would be:

1) Create an account (maybe with an email)
2) Create an password (masked with ****)
3) send an email to the account owner
4) allow that the account owner can change the password if needed
5) allow that the page admin can use his credentials for accessing the protected area

At least, that is something I would expect from a system which does have some kind of "usermanagement" and a database working in the background.

I know, that this is not that easy and also needs some kind of Session handling... and so on...

My workaround for now will be, that I change the password to something else which I can remember easily during my setup and then I will change the password again after finishing the work...
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Changeing Login to Database

27 Oct 2018, 06:43

CrisC wrote:If using the DB - I would also try to implement the "protected" settings into the Database.
While I have protected the "download" area for each model with an "account" for them - I always need to use their settings to login to the page and test something.
Nothing wrong with using DB for protected pages, but I don't see what advantages it provides. We certainly don't want to mix PANEL users with PAGE users, which are two separate topics.

As for logging in with "their settings", I don't see why you need to do that. First of all, that's why there is a USER system, where you can allow multiple users access.You create a "user" for yourself, and then give access to the segment you are protecting, to the user AND your own user.
Image

Or even easier, create a superuser with access to all pages. Did you click the [?] in "protected section btw, where you can read about all the features? Superuser:
X3 Help wrote:Super Users
There is a special superuser user, which can access ALL password-protected pages without even being assigned specifically for the link. A super-user should normally be reserved for gallery-owners who want to remember a single login that works on all password-protected pages. Create a super-user in the users-section by simply appending an asterisk* behind the username, for example superuser*. Since super-users are allowed access to ALL password-protected pages, they do not show up in the list of available users to assign from the links tab.

* The asterisk* character is part of the username, and needs to be included when logging in.
CrisC wrote:OK - password is visible in plain-text within the panel (I'm not a fan of this at all) - I need to copy and past these settings before I can do some tests.
It is not possible to create another user e.g. "tester" and apply this settings to the same page.
I don't understand what the question is here. For protected pages YES passwords are visible to you as the panel manager. How else are you going to read and manage passwords. Furthermore, this is only protection for PAGES, and it's not like any "hackers" have any interesting in just "viewing" a page. Why complicate things?
X3 Help wrote:Now, the following:
All my passwords are random generated ones with letters, numbers and special characters.
The best thing for me would be:

1) Create an account (maybe with an email)
2) Create an password (masked with ****)
3) send an email to the account owner
4) allow that the account owner can change the password if needed
5) allow that the page admin can use his credentials for accessing the protected area
Trying to understand if you mean ADMIN login or protected pages, which of course is two entirely different levels of protection. When you say "page admin", it seems you are referring to a user who can login and administrate the page, yet in the same sentence you mention "user his credentials for accessing the protected area" ... A bit dodgy if you allow users access to the panel if they shouldn't have.

Please let me make one thing clear: Simple passwords/logins for website pages and PANEL USERS are two entirely different things, technical and in terms of security, and of course will be. We won't be mixing them, as most users with access to a page, should have nothing to do in the panel.
CrisC wrote:My workaround for now will be, that I change the password to something else which I can remember easily during my setup and then I will change the password again after finishing the work...
You really need to check the HELP section for "protect". As mentioned, you can have your own "user" with access to any page where you add this user. Thus, you only need to remember your own password.

Is not not primarily a user-system. It is for creating nice fast modern gallery websites.
 
CrisC
Experienced
Topic Author
Posts: 59
Joined: 23 Oct 2018, 05:13

Re: Changeing Login to Database

27 Oct 2018, 08:07

:) I should remember myself more often to use the litte "?" symbol... but to be honest - I just went through the settings and totally missed this part :-(
Also, I was trying to ADD a new User+Page combination and tried to link to the same page as I did for another user.
You are right - adding the user just into the existing protected area was something I didn't thought about... :-( Sorry...

About the other things:
I'm just not a fan of "knowing" user-passwords.
The way I would like to go would be: Setup the user with a system generated password - let the user know what password it is (maybe allow him to change the password) - and then forget about it.
If the user is loosing his password - it is his problem - and I could create him a new one.
But I don't want to have any possibility to "know" what his password could be... ;)

But - just ignore this from my previous post :)
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: Changeing Login to Database

27 Oct 2018, 11:09

CrisC wrote:I'm just not a fan of "knowing" user-passwords.
The way I would like to go would be: Setup the user with a system generated password - let the user know what password it is (maybe allow him to change the password) - and then forget about it.
If the user is loosing his password - it is his problem - and I could create him a new one.
But I don't want to have any possibility to "know" what his password could be... ;)
That's an acceptable request, but currently this just isn't the emphasis of the X3 application. Maybe in the future ...