Logging in and out

Contents

1. Introduction
    1.1 Features
    1.2 Password requirements
    1.3 Conventions

2. Logging in and out
    2.1 Logging in
    2.2 Logging out

3. Forgotten your password?

4. Error messages
   
4.1 Wrong username or password
    4.2 Too many login attempts
    4.3 Auto logout

5. Concluding remarks

1. Introduction

This chapter describes the login and logout procedure, password requirements and how to renew your password when you forgot it. This proceduure is rather well secured (thus complicated), because it is accesible via the web. You do not want someone to tamper with your valualble password.
Believe us, remembering your password is much easier than the password refresh procedure.
Furthermore some error messages are discussed.

1.1. Features

The password facility has the following features, in no specific order:

1.2 Password requirements

Website@School does not accept simple passwords like 'helen' or 'maria2'. These simple passwords are easy to guess and using them endangers your complete system and the data. Passwords must have certain properties to make them difficult to guess. A Website@School password must:

It is a good idea to choose a password of more than 6 characters long. A good password, as an example, is 'Mrbh3ws!' (omit the quotes). This password is easy to remember when you know it stands for the sentence: "My red bike has 3 wheels!". However, and that makes it a good password, it's very difficult to guess when you do not know the sentence. This 'sentence trick' is an easy way for pupils to create difficult passwords and remember them.

NOTICE:
When creating users and giving them passwords, the passwords must meet the above requirements.

1.3 Conventions

Some general features of W@S are not that easily found. Some corrrespond with the markup of this manual text, so we explain them both here.

(top)

2. Logging in and out

In this paragraph both procedures are discussed.

2.1 Logging in

We assume you have either installed Website@School yourself, thus having full access permissions, or your webmaster has given you a username and passwoord and sufficient access permissions to W@S management. If you cannot get access to Website@School, you probably do no thave enough permissions and may end on the webiste. Try the login link at the bottom of the screen.

After opeinng your browser and going to http://exemplum.eu/admin.php (a fictional URL, replace this example with the URL of your school) and htit [Enter] to enter the login dialogue:

[ Login dialogue ]
login_logging_in.png
Explanation:

After a successfull login, you are on the Website@School Welcome page:

[ w@s home after login ]
Xlogin_was_home_after_login.png

From this page Website@School is managed. See the Website@School Users'Guide Table of contents for the resprective chapers. or the Guided Tour for a brief overview.

NOTICE:
Please take notice at the yellow status bar. This is the place where you receive status reports from Website@school. The text is cut & pastable; useable for support questions.

2.2 Logging out

After having done your job in Website@School you must logout to end your session.

NOTICE:
Do not terminate your session by exiting your browser or clicking the X in the upper right corner of your browser. This brute force action will indeed kill your session, but it does not unlock the materials you were working with. The next time you login, you may be confronted with locked pages, see paragraph 4.3 Locked pages.

To end your session in Website@School, click the link logout Full Name to log out, whereafter the logout dialogue opens:

[ Logged out successfull ]
login_logged_out.png

After logging out, two possibilities are available:
1. You are taken back to the login screen and can login again after reading the popup messagen and clicking [OK] or
2. You are taken back to some other plae. This depends on your account settings in the user properties. This is discussed in chapter Account Manager, paragraph 3.3 Edit user username (Full Name ).

3. Forgotten your password?

When you have forgotten your password, try to remember it, but do not try it out endlessly. This results in error messages. Or try to get a new password from the webmaster. Those are the easiest ways. If these are not possible, follow the inconvenient but secure procedure described below.

Click the Forgotten your password? link in the login dialoge to enter the ... username and e-mail ... dialogue:

[ Login: forgotten your password? ]
login_forgotten_password.png

Enter your username and the e-mail address used when creating the account. Press the [Enter] key on your keyboard or click the [OK] button. The ...see your e-mnail... dialoge opens for further instructions:

[ Login: Email 1 ]
login_forgotten_password_email_1.png

NOTICE:
When you, at this very moment, remember your old password, then do not press the [OK] button. After pressing the [OK] button, your old password will not be usable anymore!

Please check the e-mail like the following:

Subject: One-time login code request
Date: Fri, 17 Dec 2010 22:27:16 +0100
From: Exemplum Primary School 
To: w.bladergroen@exemplum.eu (Wilhelmina Bladergroen)

Here is a link with a one-time code that will allow you to
request a new, temporary password. Copy the link below to
the address bar in your browser and press [Enter]:

    http://exemplum.org/index.php?login=4&username=hparkh&code=BEJZ51CYT9F6KPHPS05W

Alternatively, you can go to this location:

    http://exemplum.org/index.php?login=4

and enter your username and this one-time code:

    X8XDCOE2X0M2RYQRGJLY

Note that this code is valid for only 30 minutes.

The request for this one-time code was received from this
address:

    172.17.2.23

Good luck!

Your automated webmaster

As written, copy the link, or use the alternative method to enter the one-time code. Do not press the [OK] button.

NOTICE:
When you, at this very moment, remember your old password, then do not press the [OK] button. After pressing the [OK] button, your old password will not be usable anymore!

Press the [OK] button, whereafter the ...one-time code... dialogue opens:

[ forgotten password: enter one time code ]
login_forgotten_password_enter_one_time_code.png

Enter the one-time code and press the [Enter] key on your keobyerd or use the [OK] button, to enter the ... new temporary password. dialogue:

[ Login: forgotten your password? ]
login_forgotten_password_email_2.png

Another mail is sent to you, containing the temporarily passowrd:

Subject: One-time login code request
Date: Fri, 17 Dec 2010 22:30:17 +0100
From: Exemplum Primary School 
To: w.bladergroen@exemplum.eu (Wilhelmina Bladergroen)

Here is your temporary password:

    9Y5tUk4q

Note that this password is valid for only 30 minutes.

The request for this temporary password was received from this address:

    172.17.2.23

Good luck!

Your automated webmaster

Enter the user name and copy & paste the one time password in the password field:

[ Login: enter e-mail password ]
login_forgotten_password_enter_temp_password.png

Press Enter or the [OK] button, to enter the ...change your password... dialogue:

[ Enter new password ]
login_forgotten_password_enter_new_password.png

  • Username: Enter your username.
  • Password: Copy and paste the one time password you received in the second mail.
  • New password: Enter a new secure passowrd, see paragraph 1.2 Password requirements to create a secure pasword. Write the new pasword on a piece of paper, remember it, whereafter you eat the paper.

    NOTICE:
    The new password may not be equeal to the one time password and the old password!

  • Confirm new password: Retype the new password.
  • OK: Press the [Ok] button to send the new password.

After clicking the [OK] button, the ...successfully changed. dialogue opens:

[ Login: forgotten your password? ]
login_forgotten_password_successfull_change.png

In the popup window, click [OK] to remove it and. Next, click [OK] and enter enter the site. Go to My page, select admin.php and you are in Website@School management.

XXXXXXXXXBUGJE?

You also receive an e-mail, confirming the change of your password.

Subject: One-time login code request
Date: Fri, 17 Dec 2010 22:33:18 +0100
From: Exemplum Primary School 
To: w.bladergroen@exemplum.eu (Wilhelmina Bladergroen)

Your password has been changed.

The password change request was received 
from address 172.17.2.23 on 2010-12-17 22:35:48.

Kind regards,

Your automated webmaster.

As you may have noticed, changing your password is, for security reasons, a complicated process. It's easier to remember your secure password.

(top)

4. Error messages

4.1 Wrong username or password

When you entered a wrong username/password combination, the Invalid credentials... dialogue opens:

[ Login: wrong user or password ]
login_wrong_user_password.png

A message is displayed in two ways: as text in a yellow bar that can be copied (for error reporting) and as a popup window.

After reading the popup message and clicking [OK], you can try again with the right username/password combination. If that attempt fails too, and a third one as well, maybe you have forgotten your password.

NOTICE:
Do not try endlessly to find your forgotten password, but try to remember it. After 10 attempts, you are taken to the Forgotten your password? dialogue. See paragraph 3. Forgotten your password? on renewing it.

4.2 Too many login attempts

After trying 10 times (why?), the system gives you a warning:

[ Login: too many attempts forgot password ]
login_too_many_attempts_forgot_password.png

When you still enter wrong data (why, why?), you get:

[ Login: wrong user and email ]
login_wrong_user_and_mail.png

After yet 10 more failed logins (why, why, why?), you get:

[ Login: too many attempts ]
login_too_many_attempts.png

And if you persist, clicking the [ok] button:

[ Login: access denied ]
login_access_denied.png

This is a feature to protect Website@School against automated password cracking attempts. Wait 8 minutes and try again.

4.3 Auto logout

When a login lasts more than 24 hours, the user is automatically logged out:

[ login: forcefully logged out ]
login_forcefully_logged_out.png

Remove the pop up message and log in again. This is a feature.

XXXXXXXx WAAROM?

It can be set in 'Session expiry interval', see chapter Configuration Manager, paragraph Site.

Remove the pop up message and log in again. <

(top)

5. Concluding remarks

To summarise this chapter: It's easier to remember your password than to change it.

(top)

Author: Dirk Schouten <schoutid (at) Knoware (dot) nl >
Last updated: 2011-01-30