SENDSAFE LOGIN CONTROL AND MYACCOUNT
The system has many different means of logging in. Login can be automatic via a token saved in a cookie. Login can also occur from a login session token in a URL. Customer login can be used to restrict access control to specific puplic pages. By add a SID to a customer account you are adding admin login control.
User names and password must be 7 characters or longer (alphanumerics plus @ and '.' only).
See also: customer login
Duplicate Entries
Duplicate usernames are never allowed. Duplicate passwords are by default not allowed but the system can be
configured to allow duplicate passwords by setting Application("securityAllowDupPassword") = true.
Disable New Account Creation
You can disable the creation of new customer accounts by setting Application("securityDisableNewCustAccountCreation") = true.
This is very useful for sites where all vistors must login and the MyAccount page is setup as a registration page.
Login Vectoring
Login vectoring controls where the login page will redirect the user after successful login.
One frequent use of this setting is to load the MyAccount page after new account creation or login. This vector is controlled
by hard coded options which can be overridden with two different URL parameters: NVector and GVector.
gvector = relative SSL location to proceed to after login (overrides default) javascript:gotoSSLURLWOEDI( 'store.customerlogin.asp?GVector=Store.myaccount.asp' )
nvector = relative NON-SSL location to proceed to after login (overrides default) javascript:gotoSSLURLWOEDI( 'store.customerlogin.asp?NVector=Store.myaccount.asp' )
If no login vector is provided via URL parameters then the customer login will vector to the location specified by Application("DefaultCustomerLoginRedirect").
Examples:
Application("DefaultCustomerLoginRedirect") = "browser.asp?Lev2List=LARGE+JACKETS&Start=0"
Application("DefaultCustomerLoginRedirect") = "browser.asp?TopList=subcat&brandsTL=ARMY+NAVY"
This login vector can be overriden by NVector or GVectors. The only exception to this override is for NVectors when Application("DefaultCustomerLoginRedirect") = the myaccount page and a new customer account is being created. In this case the vector will go to the myaccount page.
Suppressing Help Text
The help text displayed on the customer login pages can be suppressed by setting: Application("SupressHelpText") = true. This can be useful
if custom text is to be displayed or horizontal space is limited. The login help buttons are not affected this setting.
Display of login MI Marketing Information
MI Marketing Information can be displayed and entered into the create new account dialog on the customer login page.
Setting Application("securityIncludeMIInLogin") = true will enable the display.
Login Handing of Null Shoppng Carts
Null shopping carts are carts that are filled with items by a null customer. This can occur with both
new and returning customers. A null customer is a customer which has not logged in yet and had been
assigned a temporary customerid. The function isNullCustomer( customerId ) is used to identify null customers.
When a login occurs and a null cart exists, that null cart is assigned the customerId of the visitor logging in and control variables are set to use this null cart as the current-working order. The null customer login is deleted after the order is reassigned.
This null cart handling is managed by the function doLogon( userid, password ) in SendSafe.loginManagement.inc.asp. Please see audit file entries tagged: "NULL CART HANDLED AND ASSIGNED"
MyAccount Self-Creation and other Tweaks
There are many different settings and tweaks for the myaccount page. The page can be setup as a standard e-commerce account page or tweaked into a page used for site signup and anything in between.
| cna=1 | The MyAccount page can be setup to self-create an account. This can be useful for site which have discount plans or other reasons for customers to create an account before purchasing. To use this function simply append the URL parameter ?cna=1 to any MyAccount URL. Enable account self creation mode: <a HREF="javascript:gotoSSLURL( 'store.myaccount.asp?cna=1' )">Customer Signup</a> |
| Application("MyAccountBottomMenu") = true/false | Enables toolbar menu in myaccount |
| Application("MIInfoEnabled") = true/false | Enables the display of MI information in the MyAccount page. |
| Application("SplitMIInfoEnabled") = true/false | Splits the MI information in the MyAccount page. The content is marked for splitting with a special FFP Entry: __FFP__RMarker[:RMarker:]. The second section will be labeled "Additional Information" regardless the setting of Application("MISectionLabel"). |
| Application("MISectionLabel") = "Information" | This is the label used for the MI (information) sections. |
| Application("MyAccountMinRangeCheck") = true/false | The default value is false. Setting this value true will turn off entry range checking for all fields except: username, password, fullname, and phone. This means these unchecked fields can be empty. |
| Application("MyAccountShippingAddress") = true/false | The default value is true. Setting this value false will turn off the display and entry of shipping address information. |
| Application("ShowDiscountPlanInMyAccount") = true/false | Displays discount plan information (readonly). |
| Application("ShowLastActivityInMyAccount") = true/false | Displays last activity information (readonly). |
| Application("ShowInternationalAddressField") = true/false | Displays International Address entry field. Affects all occurance of this field in the SendSafe system. |
| Application("ShowProviceAddressField") = true/false | Displays Province Address entry field. Affects all occurance of this field in the SendSafe system. |
| Application("ShowURLAddressField") = true/false | Displays my website (URL) entry field. Affects all occurance of this field in the SendSafe system. |
| Application("BillingAddressSectionLabel") = "Billing" | Change the label for the billing address section. |
| Application("AgreementOptInLabel") = "E-Mail Settings" | Configures label for optin field on MyAccount and agreement page. |
| Application("AgreementOptInDescription") = "Add me to your e-mail list?" | Configures descritive text for optin field on MyAccount and agreement page. |
There are many different settings and tweaks for the login page. Listed below are some tweaks other settings can be found elsewhere on this manual page.
| Application("LogonMsgRetCustomer") = "I am a returning customer..." | Change the return customer login section title. |
| Application("LogonMsgNewCustomer") = "I am a new customer..." | Change the new customer login section title. |
| Application("LogonPageMessageSize") = "5" | Change the font size for the login page section headers. |
| Application("SupressHelpText") = true/false | Enable/Disable the display of help text which appears on the login page. |
| Application("securityDisableNewCustAccountCreation") = true/false | Enable/Disable the creation of new accounts on the login page. This is very useful for sites where all vistors must login and the MyAccount page is setup as a registration page. |
The configuration securityAllowUserAccountBypass allows account creation to be bypassed and an automated userid and name to be created.
Account creation bypass will only work if Nvector references the Application("urlfor_CHECKOUTSTEP1") file OR if a GVector is specified.
When SendSafe is intitially installed a default "superuser" account is setup in the system. A superuser account means you have authority to change anything you like in the entire system. Permission is controlled on the CustomerSID record admin page.
Login Requirements for admin pages (not customer pages) are:
The default credentials are:
Userid: userid
Password: password
Hint 1: If you are having problems logging in, uncheck the box labeled "Hide Password." This will allow you to see the password you are typing (instead of the masking *** characters; see the illustration above.
Hint 2: The Captcha Test (five letters EWNOK) illustrated above, uses only alphabetic charcters, no number. This means any "O" is the letter "o", and not the number zero; likewise, any "I" is the uppercase letter "i" and not the number one.
It is recommended that you change your login immediately.
To change your login follow these steps:
1. Open this admin web page (this is the customer record admin page: http://www.yousite.com/SendSafeAdm/v2.AdminCustomer.asp
If you get an SSL error message then ignore it (this error means you do not have an SSL certificate installed on the site yet). You will not get this SSL warning once your site has gone live. You are getting this warning because we have not purchased SSL certificates for your site and are currently using a temporary certificate which does not match your site.
|
|
|
2. Follow logon instructions on this page using the userid and password above.
3. Locate the [ FIND ] button on this admin page and press it.
4. Locate your ntusername in the list at the top of the page (how to use find) and then click on the edit button next to that entry. This will load the record into the page for editing.
5. Locate the userid and password entry fields; and change them to whatever you would like to use.
6. Press the save button.
7. Congratulations… you have just completed your an admin task!
Login Lockouts
Logic lockouts occur when too many illegal login attempts have been made in a row. When a lockout
occurs the user will see a message "like" the one shown below. The system will also send
e-mail alerts to all listed admin addresses containing information about the violation. If you
receive e-mail alerts, you should investigate because the alerts may have been caused by a
password brute force attack
Other than an attack OR a customer repeatedly typing in the same bad credentials, the typical cause of this problem is that the user's customer account was deleted. Customer accounts should never be deleted (they should instead be decommissioned). If the illegal login is coming from a cookie stored on the customer's computer then the error condition will not expire. The problem will reoccur until that login cookie is deleted. In this event, a link to the SendSafe cookie cleaner is included in the user error message.
SendSafe Access Control
SendSafe Access control is used to control access to SendSafe pages. For access one must have a valid account (read permission is not tested). This control is used in pages such as Offer, OrderStatus, ListingMnger, etc.
Typical setup:
Notes:
Custom Admin Access Control
This form of access control is to restrict access to a page to people with some type of admin login.
Access control can be easily added to any page using the SendSafe e-store framework access control infrstructure. For access
one must have both a valid login account and read permission for the web page or superuser permission.
Typical setup:
Notes: