mgordon
DNN Creative Magazine Subscriber
Nuke Master
Posts:105
 |
| 27 Jun 2008 9:59 AM |
|
OK, I have a website setup, with a seasonal employee page that, when logged in, they are able to see their schedules and any calendar info important to them. No personal info is shown.
Here's the problem. Some of these kids cannot remember the username and password. However, when I setup the Username and Password, I put in the User info my Hotmail address (Didn't want to be bothered numerous times by kids who cannot remember the username and password). Trust me, 1 username and password for the 500 seasonal employees was the best route to go.
I'm noticing now, when I go into the User settings, that the email address and even Username keeps getting changed to different names and email addresses.
How is this possible?
I'm logged in right now with that Username and password and there is NOWHERE where I can get into User Settings to change it.
What gives?
Any ideas here?
In the User Settings, I put the Default Profile Visibility Mode to: Admin Only
Display Profile Visibility is unchecked.
Please help me out.
Thanks!
|
|
Mark Gordon
Webmonkey |
|
|
mgordon
DNN Creative Magazine Subscriber
Nuke Master
Posts:105
|
| 27 Jun 2008 10:40 AM |
|
OK, specifically, here is the deal:
If you login, then click back a few times until you see your "login" link again, click on the Login link and it will give you the screen where it says you are already logged in. From there, you can click on your user name and, voila, you have access to your User Profile, including the ability to change password.
Now, how de we disable them from being able to go this back-route?
Anybody?
|
|
Mark Gordon
Webmonkey |
|
|
jncraig
DNN Creative Staff
Nuke Master II
Posts:2371
|
| 28 Jun 2008 11:29 AM |
|
Hi, Mark!
Go to the User Settings page - it's a link at the bottom of the User Accounts page. Set the following:
Default Profile Visibility Mode - set to Admin only
Display Profile Visibility - remove the check box
Users profile Display Manage Service - remove the check box
That should keep your kids out of the liquor cabinet!
Are you going to LV in November again? |
|
Joe Craig
DNN Creative Support
Subscribe to the website |
|
|
mgordon
DNN Creative Magazine Subscriber
Nuke Master
Posts:105
|
| 28 Jun 2008 1:32 PM |
|
Hi Joe,
Actually, the settings you suggested were all the way you laid out.
Here's the deal. When a person logs in, IF they click the back button on the browser, the "logout" link changes to a login link. If you then click the "login" link again, it will bring up a screen that says "You are already logged in" and then it gives you your a link for your user name and an option to logout. If you click on your User Name, it brings you to the Profile management page where you can change the email address and even the password. To me, this is a big security violation.
If you have any further insight, let me know. I did ask Mitchell Sellers who is saying that this is a known security bug (I never knew, but hey, I can be oblivious sometimes). He is saying that a core revision of code is needed, which stinks because I hate having to change the core everytime I upgrade.
Let me know if you hear of anything.
Also, I'm not sure yet if I'll be able to go to Vegas again. We're having a severe budget crunch in Prince WIlliam County.
Thanks,
Mark
|
|
Mark Gordon
Webmonkey |
|
|
jncraig
DNN Creative Staff
Nuke Master II
Posts:2371
|
| 29 Jun 2008 8:57 AM |
|
| You can also change the profile properties so that they aren't visible. That might help |
|
Joe Craig
DNN Creative Support
Subscribe to the website |
|
|
leesykes
DNN Creative Staff
Nuke Master III
Posts:3375
|
| 01 Jul 2008 5:44 AM |
|
Do you require the register link in your skin?
If you remove the [USER] token from your skin and just have the [LOGIN] token I think this will solve the problem.
If you need the [USER] token to display first before a user logs in I have just discovered this solution:
< % If Not Request.IsAuthenticated Then % > < dnn:USER runat="server" id="dnnUSER" / > < % End If % >
Place this IF statement around the USER token in your skin (I have added spaces in so that it displays in the forum)
So if a user is NOT authenticated it will display the register link, if they are logged in it will disappear.
|
|
Lee Sykes
Site Administrator
Subscribe to the website : DotNetNuke Video Tutorials : The Skinning Toolkit : DotNetNuke Podcasts
Twitter: www.twitter.com/leesykes
 |
|
|
mgordon
DNN Creative Magazine Subscriber
Nuke Master
Posts:105
|
| 01 Jul 2008 8:02 AM |
|
Hi Lee,
I'm not using the USER token at all in the skin, that's the rub! The LOGIN.ascx file is the only one that I use in the skin and reference at the bottom for the login.
I'm going a bit whacky here. DotNetNuke Forum hasn't responded (within the sound.....of silence!).
I'm going to keep looking for an answer. If you can come up with anything else, please let me know, as I will let you know if I find anything.
Thanks,
Mark
|
|
Mark Gordon
Webmonkey |
|
|
mgordon
DNN Creative Magazine Subscriber
Nuke Master
Posts:105
|
| 01 Jul 2008 8:33 AM |
|
UPDATE! -
Thanks go out to Mitchell Sellers, who I must say, knows his stuff. He's bailed me out more than once on some very tricky issues.
What you have to do if you have a site where you are managing the login credentials like I am, where I have no need for any employee to be able to update a User Profile or change their passwords (I force password changes every three months because human behavior has shown that we are lazy people).
Go into Site Settings and change the "User" page to some random page on your site. In my case, I set it to my home page. Now, when the user logs in, clicks the back button, it takes them to the same page that says you are already logged in, but, this time, when the Username is clicked on, it just takes them to the Home Page with no User Profile showing at all.
Life is good once again.
Oh, and it appears as if I will be going to the next Dev Connections in Las Vegas after all. My boss is happy with the work I'm doing with DotNetNuke and sees it as a benefit. Yeehaw!
|
|
Mark Gordon
Webmonkey |
|
|
leesykes
DNN Creative Staff
Nuke Master III
Posts:3375
|
|