SENDSAFE LOGIN CONTROL AND MYACCOUNT
The system has many different means of logging in. Login can be automatic via a token saved in a cookie. Login can also occur from a login session token in a URL. Customer login can be used to restrict access control to specific puplic pages. By add a SID to a customer account you are adding admin login control.
User names and password must be 7 characters or longer (alphanumerics plus @ and '.' only).
See also: customer login and Security Settings
Duplicate Entries
Duplicate usernames are never allowed. Duplicate passwords are by default not allowed but the system can be
configured to allow duplicate passwords by setting Application("securityAllowDupPassword") = true.
Disable New Account Creation
You can disable the creation of new customer accounts by setting Application("securityDisableNewCustAccountCreation") = true.
This is very useful for sites where all vistors must login and the MyAccount page is setup as a registration page.
Disabling a Specific Customer's Login
An account can be disabled by setting the username = null.
This will disable login to this account while having zero affect on all related records linked to the customer record.
You can also bulk disable customer records by using the customer import function - format #5.
Password Reset Flagging
A password can be flagged as expired or in need of change by setting a PRS flag in the
OrderingPreferences in the customer record. Example syntax: PRS=PASSWORDSTRING (in this
example PASSWORDSTRING = the password as currently set into the DB record.
Login Vectoring
Login vectoring controls where the login page will redirect the user after successful login.
One frequent use of this setting is to load the MyAccount page after new account creation or login. This vector is controlled
by hard coded options which can be overridden with two different URL parameters: NVector and GVector.
gvector = relative SSL location to proceed to after login (overrides default) javascript:gotoSSLURLWOEDI( 'store.customerlogin.asp?GVector=Store.myaccount.asp' )
nvector = relative NON-SSL location to proceed to after login (overrides default) javascript:gotoSSLURLWOEDI( 'store.customerlogin.asp?NVector=Store.myaccount.asp' )
If no login vector is provided via URL parameters then the customer login will vector to the location specified by Application("DefaultCustomerLoginRedirect").
Examples:
Application("DefaultCustomerLoginRedirect") = "browser.asp?Lev2List=LARGE+JACKETS&Start=0"
Application("DefaultCustomerLoginRedirect") = "browser.asp?TopList=subcat&brandsTL=ARMY+NAVY"
This login vector can be overriden by NVector or GVectors. The only exception to this override is for NVectors when Application("DefaultCustomerLoginRedirect") = the myaccount page and a new customer account is being created. In this case the vector will go to the myaccount page.
Suppressing Help Text
The help text displayed on the customer login pages can be suppressed by setting: Application("SupressHelpText") = true. This can be useful
if custom text is to be displayed or horizontal space is limited. The login help buttons are not affected this setting.
Display of login MI Marketing Information
MI Marketing Information can be displayed and entered into the create new account dialog on the customer login page.
Setting Application("securityIncludeMIInLogin") = true will enable the display.
Login Handing of Null Shopping Carts
Null shopping carts are carts that are filled with items by a null customer. This can occur with both
new and returning customers. A null customer is a customer which has not logged in yet and had been
assigned a temporary customerid. The function isNullCustomer( customerId ) is used to identify null customers.
When a login occurs and a null cart exists, that null cart is assigned the customerId of the visitor logging in and control variables are set to use this null cart as the current-working order. The null customer login is deleted after the order is reassigned.
This null cart handling is managed by the function doLogon( userid, password ) in SendSafe.loginManagement.inc.asp. Please see audit file entries tagged: "NULL CART HANDLED AND ASSIGNED"
MyAccount Self-Creation and other Tweaks
There are many different settings and tweaks for the myaccount page. The page can be setup as a standard e-commerce account page or tweaked into a page used for site signup and anything in between.
| cna=1 | The MyAccount page can be setup to self-create an account. This can be useful for site which have discount plans or other reasons for customers to create an account before purchasing. To use this function simply append the URL parameter ?cna=1 to any MyAccount URL. Enable account self creation mode: <a HREF="javascript:gotoSSLURL( 'store.myaccount.asp?cna=1' )">Customer Signup</a> |
| Application("MyAccountSaveDialog") = "You have successfully updated your profile! Go Shopping!" | Optional part of onSave vectoring. When the MyAccount page is saved, this dialog box is displayed then the site vectors to: Application("MyAccountSaveDialogVector"). This function is disabled by default. Setting Application("MyAccountSaveDialog") to anything other than empty ("") will enable this function. |
| Application("MyAccountSaveDialogVector") = "browser.asp?TopList=subcat&ResetBrand=yes" | Enabled vectoring to a specific page after MyAccount information is saved. This can be useful when account creations required before site access is granted. This function requires Application("MyAccountSaveDialog") to be set to anything other than empty ("") |
| Application("MyAccountBottomMenu") = true/false | Enables toolbar menu in myaccount |
| Application("MIInfoEnabled") = true/false | Enables the display of MI information in the MyAccount page. |
| Application("SplitMIInfoEnabled") = true/false | Splits the MI information in the MyAccount page. The content is marked for splitting with a special FFP Entry: __FFP__RMarker[:RMarker:]. The second section will be labeled "Additional Information" regardless the setting of Application("MISectionLabel"). |
| Application("MISectionLabel") = "Information" | This is the label used for the MI (information) sections. |
| Application("MyAccountMinRangeCheck") = true/false | The default value is false. Setting this value true will turn off entry range checking for all fields except: username, password, fullname, and phone. This means these unchecked fields can be empty. |
| Application("MyAccountShippingAddress") = true/false | The default value is true. Setting this value false will turn off the display and entry of shipping address information. |
| Application("ShowDiscountPlanInMyAccount") = true/false | Displays discount plan information (readonly). |
| Application("ShowLastActivityInMyAccount") = true/false | Displays last activity information (readonly). |
| Application("ShowInternationalAddressField") = true/false | Displays International Address entry field. Affects all occurance of this field in the SendSafe system. |
| Application("ShowProviceAddressField") = true/false | Displays Province Address entry field. Affects all occurance of this field in the SendSafe system. |
| Application("ShowURLAddressField") = true/false | Displays my website (URL) entry field. Affects all occurance of this field in the SendSafe system. |
| Application("BillingAddressSectionLabel") = "Billing" | Change the label for the billing address section. |
| Application("AgreementOptInLabel") = "E-Mail Settings" | Configures label for optin field on MyAccount and agreement page. |
| Application("AgreementOptInDescription") = "Add me to your e-mail list?" | Configures descritive text for optin field on MyAccount and agreement page. |
There are many different settings and tweaks for the login page. Listed below are some tweaks other settings can be found elsewhere on this manual page.
| Application("UserNamePromptStr") = "User Name" | The string used to label user name entry field for existing customers. |
| Application("UserNameHelpStr") = "This is a help string" | Typically this entry is left blank and the default help to the right is displayed. The string displays directly below the user name. It can have any HTML. Example of a string that displays some formatted text and a help button: <span style=""FONT-SIZE: 8pt; PADDING-BOTTOM: 50px;"">(Use 6 digit employee number, example 012345) </span><a href=# onClick=""return(openHelpPopUp( 'en/loginhelp.htm', 400, 700))""><IMG style=""POSITION: relative; TOP: 5px;"" Border=0 width=16 height=16 SRC=""images/help.png""></A> |
| Application("PasswordPromptStr") = "Password" | The string used to label the password entry field for existing customers. |
| Application("PasswordHelpStr") = "This is a help string" | Typically this entry is left blank and the default help to the right is displayed. The string displays directly below the password. It can have any HTML. Example of a string that displays some formatted text and a help button: <span style=""FONT-SIZE: 8pt; PADDING-BOTTOM: 50px;"">(Use 6 digit employee number, example 012345) </span><a href=# onClick=""return(openHelpPopUp( 'en/loginhelp.htm', 400, 700))""><IMG style=""POSITION: relative; TOP: 5px;"" Border=0 width=16 height=16 SRC=""images/help.png""></A> |
| Application("NewUserNamePromptStr") = "User Name" | The string used to label the user name entry field for new customers. |
| Application("NewPasswordPromptStr") = "Password" | The string used to label the password entry field for new customers. |
| Application("PasswordBoxMinWidth") = "200" | The sets the width of the login box (the area of the entry fields and login buttons). This value will need to be increased if there is a large difference in text length between Application("PasswordPromptStr") and Application("NewPasswordPromptStr") or Application("UserNamePromptStr") and Application("NewUserNamePromptStr"). |
| Application("LogonMsgRetCustomer") = "I am a returning customer..." | Change the return customer login section title. |
| Application("LogonMsgNewCustomer") = "I am a new customer..." | Change the new customer login section title. |
| Application("LogonPageMessageSize") = "5" | Change the font size for the login page section headers. |
| Application("SupressHelpText") = true/false | Enable/Disable the display of help text which appears on the login page. |
| Application("securityDisableNewCustAccountCreation") = true/false | Enable/Disable the creation of new accounts on the login page. This is very useful for sites where all vistors must login and the MyAccount page is setup as a registration page. |
The configuration securityAllowUserAccountBypass allows account creation to be bypassed and an automated userid and name to be created.
Account creation bypass will only work if Nvector references the Application("urlfor_CHECKOUTSTEP1") file OR if a GVector is specified.
When SendSafe is intitially installed a default "superuser" account is setup in the system. A superuser account means you have authority to change anything you like in the entire system. Permission is controlled on the CustomerSID record admin page.
Login Requirements for admin pages (not customer pages) are:
The default credentials are:
Userid: userid
Password: password
Hint 1: If you are having problems logging in, uncheck the box labeled "Hide Password." This will allow you to see the password you are typing (instead of the masking *** characters; see the illustration above.
Hint 2: The Captcha Test (five letters EWNOK) illustrated above, uses only alphabetic charcters, no number. This means any "O" is the letter "o", and not the number zero; likewise, any "I" is the uppercase letter "i" and not the number one.
It is recommended that you change your login immediately.
To change your login follow these steps:
1. Open this admin web page (this is the customer record admin page: http://www.yousite.com/SendSafeAdm/v2.AdminCustomer.asp
If you get an SSL error message then ignore it (this error means you do not have an SSL certificate installed on the site yet). You will not get this SSL warning once your site has gone live. You are getting this warning because we have not purchased SSL certificates for your site and are currently using a temporary certificate which does not match your site.
|
|
|
2. Follow logon instructions on this page using the userid and password above.
3. Locate the [ FIND ] button on this admin page and press it.
4. Locate your ntusername in the list at the top of the page (how to use find) and then click on the edit button next to that entry. This will load the record into the page for editing.
5. Locate the userid and password entry fields; and change them to whatever you would like to use.
6. Press the save button.
7. Congratulations… you have just completed your an admin task!
Login Lockouts
Logic lockouts occur when too many illegal login attempts have been made in a row. When a lockout
occurs the user will see a message "like" the one shown below. The system will also send
e-mail alerts to all listed admin addresses containing information about the violation. If you
receive e-mail alerts, you should investigate because the alerts may have been caused by a
password brute force attack
Other than an attack OR a customer repeatedly typing in the same bad credentials, the typical cause of this problem is that the user's customer account was deleted. Customer accounts should never be deleted (they should instead be decommissioned). If the illegal login is coming from a cookie stored on the customer's computer then the error condition will not expire. The problem will reoccur until that login cookie is deleted. In this event, a link to the SendSafe cookie cleaner is included in the user error message.
SendSafe Access Control
SendSafe Access control is used to control access to SendSafe pages. For access one must have a valid account (read permission is not tested). This control is used in pages such as Offer, OrderStatus, ListingMnger, etc.
Typical setup:
Notes:
Customer SID Page Level Access Control
This access control restricts access to an entire page; the granularity is at the page level, not product level.
For product level granularity see: Limiting Product Displayed
With page level access control people with SID login can access the page. People without SID logins cannot access the page. Access control can be easily added to any page using the SendSafe E-Business framework access control infrstructure. For access one must have both a valid login account and read permission for the web page or superuser permission. Typical setup:
Notes:
See also: SendSafe SID Admin, CustomerSID Record, and Limiting Product Displayed
The access control logic will set a global flag: "customAccessPermissionGranted" which communicates the state of permission in effect. The following control logic is present in browser.inc.asp:
if ( ... and ( customAccessPermissionGranted = true or byPassAccessControl ) )
Requiring login on browser.asp pages or clones:
The browser.inc.asp include MUST occur AFTER the customAccessControl.inc.asp file; if included BEFORE then the query will not occur if read
access is NOT present Regardless the state of this control flag. This include must be located within the body of the page's content so that
the login prompt will occur in a logical location. It is also common to require conditional logic around the renderProductBrowserResults() subroutine
to prevent invalid URL error message from being displayed (see sample code below).
<!--#include file="includes\customAccessControl.inc.asp"-->
<!--#include file="includes\browser.inc.asp"-->
if ( customAccessPermissionGranted = true ) then
renderProductBrowserResults
end if
Typical setup:
Set byPassAccessControl = false in E-Business framework pageconfig.inc.asp.
Set acceptAnyValidLoginForCAP = true will allow any valid logic to access the page. Set this false to require SID read permission on the page.
In E-Business framework pageconfig.inc.asp SET capControlLogic = true ONLY IF the function capLoginControl() is manually placed and called from within the file being access controlled.