Secure Zone login form logs user in who isn't registered for it?!

Similar Messages

• How do I redirect a secure zone login form with javascript?

  I would like to redirect what page a user goes to after filling out the secure log in form. I would change the landing page of the secure zone, but I need a log in form to go to a different page of the site. I would also create a seperate secure zone, but I have almost 3000 subscribers and it would be very time consuming to add all those users to this new zone.
  I would like to redirect the user (using the form from a secure zone) to a different page other than the landing page of the log in form. How do I do this with javascript?
  I saw this page: http://kb.worldsecuresystems.com/598/bc_598.html#main_Logging_into_different_Secure_Zones_ according_to_ID_number but couldn't make sense of it for my current situation. (I don't need multiple zones, just the form to redirect to a different page after submission)
  <form action="https://redlakewalleye.worldsecuresystems.com/ZoneProcess.aspx?ZoneID=12369&Referrer={module_siteUrl,true,true}&amp;OID={module_oid}&amp;OTYPE={module_otype}" method="post" onSubmit="return checkWholeForm52938(this)" name="catseczoneform52938">
              <div class="form">
              <div class="item"><label for="SZUsername">Username</label><br />
              <input type="text" maxlength="255" id="SZUsername" name="Username" class="cat_textbox_small" /></div>
              <div class="item"><label for="SZPassword">Password</label><br />
              <input type="password" autocomplete="off" maxlength="255" id="SZPassword" name="Password" class="cat_textbox_small" /></div>
              <div class="item"><input type="checkbox" id="RememberMe" name="RememberMe" /><label for="RememberMe">Remember Me</label></div>
              <div class="item"><input type="submit" value="Log in" class="cat_button" /> <a href="/_System/SystemPages/PasswordRetrieveRequest">Lost password?</a></div>
              </div>
              <script type="text/javascript" src="/CatalystScripts/ValidationFunctions.js"></script>
              <script type="text/javascript">
                  //<![CDATA[
                  function checkWholeForm52938(theForm){
                      var why = "";
                          if (theForm.Username) why += isEmpty(theForm.Username.value, "Username");
                          if (theForm.Password) why += isEmpty(theForm.Password.value, "Password");
                          if (why != ""){alert(why);
                              return false;
                     // Add the redirect code here?
                      theForm.submit();
                      return false;
                  //]]>
              </script>
          </form>

  I've been working on the same thing and have nearly solved it with these tutorials:
  http://www.bcgurus.com/tutorials/re-directing-users-to-the-correct-secure-zone
  http://www.bcgurus.com/tutorials/building-a-better-secure-zone-login-page
  The first tutorial will let a person continue on to the page he/she was attempting to access. For example, if your site offers learning lessons in a secure zone... A visitor could click on a lesson, get prompted to login and then be redirected to that particular lesson instead of the landing page for the secure zone.  The script in the tutorial also accommodates general logging in: "if the person wasn't going somewhere specific then send him/her here (landing page, user account, whatever).
  Might be worth checking out the free BCGurus trial or joining for a month.
  Brian

• Can you determine which secure zone you are logged into?

  Hi all,
  Is there a tag that tells you which secure zones you are logged into and display it on the screen. Or even javascript.
  Thanks

  Thanks Liam.
  I kind of worked out the you need to pull out the page id out of the URL and display it that way, but it fails if you have more than one page (you could check across all pages that are part of the secure zone I guess).
  Any other ideas would be appreciated.
  Anyway thanks again.

• Mobile - Secure zone login issues

  Hi All,
  I'm able to log in to BC sites with secure zones using a samsung galaxy s1 and iphone pretty consistently however when using a samsung galaxy s2
  I can't login - tested over 3 sites so I know it's not the code on the page interfering with login.
  Anyone else have issues logging in to secure zones with mobiles?
  Thanks,
  Nathan

  Sure,
  Using the Default browser on
  Samsung Galaxy s2
  firmware version : PDA:LP8 / PHONE:LPS / CSC:LP4 (XSA)
  firmware version : PDA:LPW / PHONE:LQ6 / CSC:LP6 (XSA) upgraded to see if it would help but no luck
  1. Click the link to login (either on login form or just clicking on a link to a page within the zone I'm trying to log in to).
  2. Enter correct username and password (multiple testings and changes of password have been tested)
  3. In either case, URL will change to /Default.aspx?PageID=######
  Sometimes it will show /Default.aspx?PageID=######&Error=Thank+you+for+logging+in.
  On some of the websites I've tried - Creating a new customer on the samsung galaxy s2 will register the new user for the zone - but the form will not allow the user to be logged directly in on submission - error page " We're not able to log you in "  appears however the user is created, assigned to zone and can be used fine on a desktop.
  Content that should be accessible once logged in - isn't (example. Login changes to logout, customer name "Hi Firstname lastname" won't display etc. because it's just not logging in.)
  Zone subscription is checked, works on Samsung Galaxy s1 as it should.
  Galaxy S
  Operating System
  Linux Android
  Screen Resolution
  800 x 1130
  Web Browser
  Android Webkit 4.0
  Browser Size
  800 x 1130
  IP Address
  withheld
  Color Depth
  32
  Javascript
  Enabled
  Flash Version
  11.1.111
  Cookies
  Enabled
  User Agent
  Mozilla/5.0 (Linux; U; Android 2.3.3; en-au; GT-I9000 Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
  Galaxy S2
  Operating System
  Android Android4.0.4
  Screen Resolution
  480 x 800
  Web Browser
  Android Webkit Browser --
  Browser Size
  320 x 456
  IP Address
  withheld
  Color Depth
  32
  Javascript
  Enabled
  Flash Version
  11.1.115
  Cookies
  Enabled
  User Agent
  Mozilla/5.0 (Linux; U; Android 4.0.4; en-au; GT-I9100 Build/IMM76D) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30

• Secure Zone Login Reporting

  Question:
  I have searched but can not find anyway to do this.  I have a school site that has sent out secure zone passwords to all the parents.  They would like to know which parents have actually logged in to check out the secure zone.  Is there anyway to run a report on this?
  I know this info shows up in the live feed but only recent activity shows there so that is not much help.  Any ideas?
  Answer:
  There is no way you can view who is logging in other than in the live feed or recent activity in the customer tab. However you can view the secure zone usage which is under the secure zone action box.

  Hi,
  Inspect the form and you'll see that it draws its style from ModuleStyleSheets.css. Update those styles in any way you want: http://goo.gl/T0We6
  Kind Regards,
  Alex Pavelescu

• Reply to Open Case inside Secure Zone via Form Instead of Email?

  I also asked this on the LinkedIn group - any help appreciated!
  I was wondering if anyone has done this? I heard on chat it cannot be done, but I was wondering if anyone has a workaround.
  I have set up a CST system behind a secure zone for a client. They are using it for private communication, not support, so I am looking for a way to allow registered users to view their cases created via the CST in the secure zone (got that all set), but then be able to respond to an open case via a form inside the secure zone and have it append to the existing case, instead of via email.
  I asked if the Case # could be appended to a URL to pre-fill a form field (mimic the format of the CST email), but I was told no go.
  Any ideas? Alternative approaches? The goal is to allow people to correspond solely inside the secure zone if they want for privacy.
  Thanks,
  Kristen

  Hi Liam,
  Thanks! Yes - I have that all working inside the admin. What I was trying to do was have website visitors have the ability to reply inside the secure zone after logging in (not the CSR) so that they do not have to use email if they don't want to.
  Here was an idea I had, not sure if it would work:
  Here is the case list in the secure zone with a "reply" hyperlink: http://www.screencast.com/t/fZjzVLIt
  Here is the reply form, with some fields already preloaded through secure zone modules. Would it be possible to build a string using tags for the subject line that would mimic the case subject line in the email so that the form submit would append to the existing case?
  Here is the form: http://www.screencast.com/t/sFPObjAiYVJ
  Here is the case in the system: http://www.screencast.com/t/KdhjlKuEjh
  I don't know if this is specifically possible (can tags render like that?), or if you have any other ideas.
  Thanks!

• Secure Zone Login Issues:  It worked great and now just stopped.

  The secure zone on my client's site worked great for about a month and now it just stopped.  All of a sudden it won't let us type into the username and password boxes.  We can click on the "remember me" button and the "submit button" but not type.  I've tried deleting and redoing the code and still nothing.  Our issue is occuring most when used with Chrome's browser.  Any thoughts or suggestions?

  Thanks for your reply, Liam.  Oddly enough I was just reading your expectional contributor profile that popped up in my side collumn.
  Here is the link to the site.  The login works fine in Safari, it's just a problem with Chrome I believe.
  www.myadvancedpt.com
  The login area is in the bottom right of the footer titled "Employee Login."

• Internet Security Zone Settings - Computer or User?

  I've seen it in both places USER and COMPUTER; but what do YOU
  say? Is there a "best practices" that someone can point to that explains the advantages/disadvantages of either? 
  WINDOWS COMPONENTS/INTERNET EXPLORER/INTERNET CONTROL PANEL/SECURITY PAGE/INTERNET ZONE
  "" ""... /TRUSTED SITES ZONE, ETC. 
  Charlie Newman

  Hi,
  It is better to go with computer configuration option as it will not impact user logons.
  Checkout the below link for more information,
  http://deployhappiness.com/managing-internet-explorer-trusted-sites-with-group-policy/
  Regards,
  Gopi
  JiJi
  Technologies

• Multiple Secure Zones with a Single Login Form

  Hello, I've created a login form and 20 different secure zones. I am needing to redirect users to their own personal secure zone automatically once they login (without the need for them to choose the secure zone) Can you please let me know how this can be done? Thank you much

  Hi
  The main difference is :
  Using generic secure zone login option : When customer logs in , he stays on the same page. I mean , Generic secure zone in BC doesn't support redirect to other pages . However, he will have access to all the pages that were in other secure zones to which he actually subscribed to.
  Using Specific secure zone login form, you have option to redirect the user to specific landing page and user will have access to data that is placed in this specific secure zone.
  You may locate the Generic secure zone login form in toolbox > site modules > secure zones > sign in form >  as shown in below screenshot :

• Secure Zone Customer Activity Tracking

  I'm new to Business Catalyst, so this may be obvious to some of you, but I have a question about tracking customer activity on my Business Catalyst site. I can track logins into Secure Zones, but only whether/not the customer has logged into the site.
  What I'd really like to do is track a customer's usage of the site - in other words, I'd like to see what a customer's activity looks like on the site. So if a customer goes from Home (secure zone login), to About, to whatever other page. I suppose how much time they spend is too granular, but if I could figure out how to track their site usage, it'd really help me with a client. The only way I can see how to do it on my own is to require users to log in to every single page, which compromises far too much usability.
  So, how about it? Is there anyone that can provide a suggestion, either using the BC interface, or using some other type of tracking mechanism?

  BC can't do that out of the box. You may want to use Google Analytics for that.
  Cheers,
  -m

• Best practice for secure zone various access

  I am setting up a new site with a secure zone.
  There will be a secure zone. Once logged in, users will have access to search and browse medical articles/resources
  This is how an example may go:
  The admin user signs up Doctor XYZ to the secure zone.
  The Doctor XYZ is a heart specialist, so he only gets access to web app items that are classified as "heart".
  However, he may also be given access to other items, eg: "lung" items.
  Or, even all items. It will vary from user to user.
  Is there any way to separate areas within the secure zone and give access to those separate areas (without having to give access to individual items - which will be a pain because there will be hundreds of records; and also without having the user log out and log into another secure area)

  my only issue with this is that I have no idea how to open up File Sharing to ONLY allow users who are connecting from the VPN
  Simple - don't expose your server to the outside world.
  As long as you're running on a NAT network behind some firewall or router that's filtering traffic, no external traffic can get to your server unless you setup port forwarding - this is the method used to run, say, a public web server where you tell the router/firewall to allow incoming traffic on port 80 to get to your server.
  If you don't setup any port forwarding, no external traffic can get in.
  There are additional steps you can take - such as running the software firewall built into Mac OS X to tell it to only accept network connections from the local network, but that's not necessary in most cases.
  And 2. The best way to ensure secure AND encrypted file sharing via the server...
  VPN should take care of most of your concerns - at least as far as the file server is concerned. I'd be more worried about what happens to the files once they leave the network - for example have you ensured that the remote user's local system is sufficiently secured so that no one can get the documents off his machine once they're downloaded?

• Auto-Fill Secure Zone Members' Information to a webform?

  Hi, everyone:
  I'm working with webforms in a secure zone and the system is insisting on having users enter their information - name & e-mail address.  Since they've already provided this information when registering for the secure zone, I'd prefer to use a {module_firstname} etc. insert for their information rather than ask them to type it repeatedly.  I've tried removing the input fields and replacing them with the tags, but this results in an error message.  Is there any way to do this?
  Thanks!
  Linda

  Hi Linda,
  If customer is logged into a secure, the data can be pulled from the customer's info and can be populated in the form fields. Please refer to the following article : http://kb.worldsecuresystems.com/924/cpsid_92481.html
  The above mentioned article has the steps to achieve this. If you still face the problem, please reply with the exact error message you get and your site's URL.
  You can also contact support directly via Chat from http://helpx.adobe.com/contact.html and select Business catalyst from the dropdpwn or log a ticket.
  Cheers,
  Aishvarya Raj Rastogi

• Include Secure Zone name in Order Workflow Notification

  Hi All,
  Hoping that someone can help me with a solution for the following:
  We have a site that has a number of secure zones, each secure zone has an individual product catalogue assigned to it.
  The problem we have is that when someone does an order from within the secure zone, the Workflow notification does not contain any information about which secure zone the order came from.
  So I'm wondering if it is possible to write some code that will query what secure zone you are logged in to and have this as a hidden field on the Order page, to be included in the Workflow Notification.
  Does anyone know if this is possible?
  Cheers,
  Emily

  You can parse the user's securezone subscriptions out of {module_subscriptions,true,true,,true}, or you could look for an attribute unique to each catalogue, like <div data-catalogue="{{tag_somethingUnique">...catalogue template code...</div> plus jQuery('[data-catalogue]').data('catalogue');

• Web App {tag_edit} doesn't render in web Web App search results within secure zone?

  We have secure zones that are to display certain web app items to be filtered by Category. The secure zone members need to filter through web app items and edit these items from the list view. We've set it up accordingly and the list view is exactly how it should be when it is simply displaying on a page within the secure zone, however when the web app search/filtering is applied the "edit" tag doesn't display. Is there anyway to have this work or does it simply not? Please tell me it is possible to filter and edit web apps.
  Thanks in advance,

  Hi The Bowery, the edit tag will not show in general web app item search results unless the owner of that web app item is logged in to a secure zone to view it.
  However, if you are happy for anyone looking at the website to edit all web app items, you can set that in the properties of the web app itself. Then I think the edit tag will show to anyone looking at the web app items.
  If you only want the web app item owner to edit the web app item then you need to set up a secure zone for them to log in and view it.
  It will show when the web app item owner is logged in and viewing the web app items, if the edit tag has been added to the layout customisations. So it will only show to the web app item owner.
  You need to set up a secure zone for the web app item owners to upload and edit their web app items.
  Search results on a webapp use the List template layout  for the webapp to show a summary of the search results and the detail Template Layout is what shows when you click on the search result summary item. In webapp setups I usually put the edit tag in the List template

• Customize expired password login form

  Hi,
  On the expired login form I don't want to display the resource accounts table so the user can change only Lighthouse password if the password is expired.
  since expired login form uses User Form Library, I copied the default one and renamed it and modified the customized User Form Library accordingly. I managed to removed the resource accounts table so that it displays only 2 text boxes Confirm Password and Confirm New Password. After entering the password and when I click on the Change Password button it displays error "Must Select Atleast one resource account".
  The Change Password button is doing some validation, and I am not sure in which form library this button is defined. I checked in Change Password Form it contains buttons but I don't see any validation on these buttons.
  Where exactly the Change Password button is defined?
  Is there any other way to customize the expire login form?
  Any ideas please..
  Thanks
  Edited by: idmus on May 19, 2010 1:24 PM

  What you describe should work, you just need to simulate the user selecting one or more resources.
  So somewhere on the form put code like:
      <Field name='resourceAccounts.currentResourceAccounts[RESOURCE].selected'>
          <Expansion>
              <s>true</s>
          </Expansion>
      </Field>This acts as if the user has selected a resource. Kind of a weird way to do it, but there you go.
  Edited by: etech on May 24, 2010 4:38 PM
  Edited by: etech on May 24, 2010 4:39 PM