Security Settings

 

Administrator Login (Hard-Coded) Administrator user name and password
User Name User Name for administrator (see note below)
Password Password for administrator (see note below)
Use Existing Table Link to existing table for login name and password validation
Table Existing table in database containing login name and password information
User Name Field User name field in table used for authentication
Password Field Password field in table used for authentication
Remember me (Auto-login) Auto login until the user logout explicitly. If enabled, a "Remember me" checkbox will be shown in the Login page, cookies will be used to "remember" the user's username and password.
Note By default the advanced setting Remove XSS (see Advanced Settings) is enabled, user input with <, >, ", ', and & will be HTML-encoded. Therefore, using these characters in user name or password is NOT recommended. If you still use these characters in the user name and password for the hard-coded administrator, the Remove XSS feature will be disabled for the Login page.

 

Advanced Security

Advanced Security feature allows you to setup User ID, assign User Levels to users and create a complete user registration system. To setup, click the Advanced button.

PHPMaker supports two types of security - User ID and User Level. User ID Security secures data at record level. User Level Security secures data at table level. They complements each other and they can work independently or together. Users get their User ID and User Level after login. Before login, an user's identity is unknown and the user is an Anonymous User.

 

User ID

User ID Security secures data at record level. Protected tables must have an User ID field for identifying which user a record belongs to. The User ID field names can be different in tables though. When User ID security is enabled, users can only access their own data.

Steps to setup User ID security for different tables/views:

  1. Click on User ID in the left pane.
  2. Select the User ID field from your user table, this field is usually the primary key of the User Table.
  3. (Optional) Select the Parent User ID field from your user table. Parent User ID field stores the parent User ID(s) that the user belongs to, parent user can modify the child user's records. Parent User ID is hierarchical, parent users can access the records owned by the child users of their child users.
  4. In the User ID Field column, select the User ID Field for the tables/views that requires User ID security.
  5. (Optional) Enable Allow View All if you allow all logged in users (not including Anonymous User) to list/search/view (but not add/copy/edit/delete) all records in the table.
Notes
  1. If the User ID Field is not set, the User ID Security is disabled. If the Parent User ID Field is not set, the parent user(s) feature is disabled.
  2. If the Parent User ID Field is of integer type, the field can only store one user ID, each user can only belong to one parent user. From v2022, the Parent User ID Field is of varchar type, then it can store multiple user IDs as comma separated values, a user can belong to multiple parent users. If you use multiple parent User ID, make sure you change the Edit Tag of the field for multiple selection.

 

User Level

User Level Security secures data at table level. Each user level is granted with specific permissions to tables in the database.

There are 2 types of User Level security:

1. Static User Levels - the User Levels and the permissions are defined in this form and the User Levels cannot be changed with generated scripts.

Steps to setup static User Level security for different tables/views:

  1. Click on User Levels in the left pane,
  2. Select a field (see note below) in your user table as the User Level field,
  3. Define your user levels, click icon the add an user level and icon to delete an user level.

2. Dynamic User Levels - the User Levels and the permissions are defined in 2 tables in the database, the User Levels can be changed with the generated scripts.

Steps to setup dynamic User Level security for different tables/views:

  1. Click on User Levels in the left pane,
  2. Select a field (see note below) in your user table as the User Level field,
  3. Switch to the Dynamic User Levels tab, check Enable Dynamic User Levels,
  4. Select your User Level Table and User Level Permission Table and the required fields.
Notes
  1. If the User Level Field is not set, the User Level Security is disabled.
  2. If the User Level Field is of integer type, the field can only store one user level, each user can only belong to one user level. From v2021, the field can be of varchar type, then it can store multiple user levels as comma separated values, a user can belong to multiple user levels.
  3. You can click the button (with filter icon) in Table Name Field to select the tables to be shown in the generated user level permission setup page.

The User Level Table and User Level Permission Table must have the following fields, note the data types, User Level ID and the Permission fields must be of integer type, the field names can be different though:


User Level Table


User Level Permission Table

If you want PHPMaker to create these 2 tables in your database, click the Create tablesbutton, the following form will display for you to change the table/field names if necessary. You can change the table/field names and then click OK to continue.

If you have projects created by previous versions of PHPMaker you may want to use dynamic User Levels and migrate the previously defined static User Levels in the project to the database. After selecting or creating the User Level and User Level Permission tables/fields, just click the Migrate button to let PHPMaker do that for you.

After setting the user levels, PHPMaker will populate the user levels to the User Level field's Edit Tag (also see Field Setup) so administrators can assign user levels using the generated pages.

There are three built-in user levels:

Anonymous - Anonymous user level is a built-in user level for the Anonymous User (i.e. users that have not logged in). Anonymous is -2.

Administrator - Administrator user level is a built-in user level that has all permissions plus the privileges to modify User IDs and User Levels. Its permissions are same as that of the hard-coded Administrator. The User Level ID of Administrator is -1.

Default - Default user level is built-in user level with user level = 0. Since User Level field is an integer field, if you set a default value of 0 for this field, this user level will become the default user level for the user after registration and before the Administrator assigning another higher user level.

Important Notes on User Levels
  1. Even you enable all permissions for an user defined User Level, the User Level will NOT become same as this Administrator User Level.
  2. You may need to use the hard-coded Administrator Login to log on and assign dynamic user levels to users initially.
  3. It is possible to use single login and common Dynamic User Levels for multiple projects provided that ALL projects use the same project name and same Advanced Security tables (i.e. User Table, User Level Table and User Level Permission Table). If all projects uses the same database and same Advanced Security tables, then the latter condition is automatically fulfilled. However, if the projects use different databases, you need to use Database_Connecting server event to change the connection info so the user can get the Dynamic User Levels from the common Advanced Security tables correctly during login. For the projects not using the database with the common Advanced Security tables, you still need to create dummy Advanced Security tables (with same table/field names as the common Advanced Security tables) in the project database so you can setup Advanced Security.
From v2019, administrators can enable users to (partially) administer user level permissions by performing the following steps:
  1. Login as hard-coded administrator, go to the user level table and click the Permissions button for the required user level, e.g. the Administrator user level.
  2. Check the Admin checkbox for the required tables so that users from this user level can administer these tables.
  3. Make sure that you have enabled the List and Admin checkboxes for the user level table for this user level as well or users from this user level cannot see and admin the user level table.
  4. Click Update to save the settings. Users from this user level can then administer the specified tables in their next login. They can in turn grant Admin permission to other user levels so that other user levels can also manage the user level permissions of this user level as well.
  5. Note that users can only grant permissions that they have. For example, if they have only permissions to list/view/admin for the cars table, they can only grant list/view/admin permissions (but NOT any other permissions) to other user levels.
  6. Alternatively, use UserLevel_Loaded and TablePermission_Loaded server event (see Server Events and Client Scripts) to call the setCanAdmin() method to grant Admin permission.
From v2020, a new Lookup permission is introduced. If a table is enabled for Lookup permission for a certain user level, the user can use the table for lookup even if he do not have any other access permission on that table. From v2023, Export permission is also introduced.
  • Static User Level Permission, just check/uncheck the permissions for the User Levels in the static User Level Permission form.
  • Dynamic User Level Permission, login as administrator and modify the permissions in the user level permission page.
  • Security enabled but with no User Level Security enabled, you can still set the permissions for anonymous access by checking/unchecking the permissions for the Anonymous User Levels in the static User Level Permission form.

 

User Login Options

User Login Options allows you to create a complete user registration system for your website, with options

Login
Track failed attempts If enabled, number of failed login attempts (invalid password) will be tracked. If exceeded, the user will be locked out and the password must be reset.
Maximum failed attempts The maximum number of failed login attempts.
Failed attempts windows (minutes) The time window, in minutes, during which failed password attempts are tracked.
Disallow concurrent login If enabled, only one session is allowed for each user (except the hard-coded Administrator). If one user has already logged in, other users trying to login with the same username (and password) will be rejected.
Note Users are distinguished by Session ID as recognized by the web server. If you login again with your PC in another window of the same browser or in just another tab of your browser, you can still login. If you login again with another browser or another PC, the Session ID will be different and the login will be rejected.
Maximum concurrent user session count For use with Disallow concurrent login. By default only one session is allowed for each user. But you may want to give more than one chance to user so they will not be rejected after unexpected incidents such as a system crash.
Note Please be reminded that this option somewhat compromise the Disallow concurrent login feature. Use this option discreetly and always use the smallest possible value.
Login status timeout (minutes) The number of idle minutes after which the login status will be considered as logged out and login will be allowed again.

If a logged-in user does not explicitly log out (for example, close the browser directly), the user session is not closed and the user's login status will remain as "logged in". Attempts to login again will fail. This timeout setting ensures login will be allowed again after a period of idle time.

CAPTCHA (requires extension) Optionally requires user to type letters or digits from a distorted image that appears on the screen..
Note Requires CAPTCHA extension, click Tools -> Extensions from the main menu to enable. Also see Third-party Tools.
Modal Use modal dialog for login.
Two factor authentication Enable two factor authentication.
Two factor authentication type
Force two factor authentication Force use of two factor authentication. If enabled, the user must use Google Authenticator to login. See Two Factor Authentication for details.
Password
Hashed password Use hashed password. If the advanced setting Use password hash is enabled, password_hash will be used to create password, otherwise md5 will be used.
Notes
  1. If you enable this setting, make sure that the passwords in your user table are stored as the corresponding hash of the clear text password. If you also use case-insensitive password, convert the clear text passwords to lower case first before calculating the hash. Otherwise, existing users will not be able to login. The hash is irreversible, password will be reset during password recovery.
  2. PHPMaker will try to detect salted password created by other application. (PHPMaker itself does NOT create salted password.) If salted, the password must be stored in '<hashedstring>:<salt>' format, and the hashed string must be the md5 hash of the concatenated string of the clear text password and the salt. Other salt algorithm is not supported, you can however customize the function EncryptPassword() in the template to suit your application.
  3. If you enable the advanced setting Use password hash, the password field in the user table should be able to store more than 60 characters (255 characters would be a good choice).
Case-sensitive password Use case-sensitive password
Enable password expiry If enabled, user password will expire after a period of time (except the hard-coded Administrator password).
Password expiry time (days) For use with Enable password expiry, user password will expire after the specified number of days.
User Registration Page
Enabled Generate user registration page and add a link in login page.
Fields Select fields (from the user table) to show in the registration page. Click the [...] button the select the fields.
Confirm before submit Display confirm page before submitting the registration
Send registration email Optionally send email confirmation after registration
Requires activation Optionally requires user click an activation link in the email sent after registration to activate the user account.
Note Send email must be enabled for sending the email with activation link.
Auto login after registration/activation Optionally auto-login the user after registration or activation.
Note Requires activation is enabled, the user is not activated yet after registration, auto login will be applied when the user clicks the activation link in the email.
CAPTCHA (requires extension) Optionally requires user to type letters or digits from a distorted image that appears on the screen..
Note Requires CAPTCHA extension, click Tools -> Extensions from the main menu to enable. Also see Third-party Tools.
Modal Use modal dialog for registration page.
Change Password Page
Enabled Generate change password page
Send email Optional email confirmation after changing password
CAPTCHA (requires extension) Optionally requires user to type letters or digits from a distorted image that appears on the screen.
Note Requires CAPTCHA extension, click Tools -> Extensions from the main menu to enable. Also see Third-party Tools.
Modal Use modal dialog for change password page.
Password Recovery Page
Enabled Generate password recovery page (forgot password page) and add a link in login page. User name and password will be sent to the user's email address.
CAPTCHA (requires extension) Optionally requires user to type letters or digits from a distorted image that appears on the screen.
Note Requires CAPTCHA extension, click Tools -> Extensions from the main menu to enable. Also see Third-party Tools.
Modal Use modal dialog for password recovery page.
User Table Fields
Image field Image field in user table used for showing user photo in sidebar
Email address field Email address field in user table used for sending email
Activated field Email activated field in user table used for storing the status of user. A boolean field is recommended, although an integer field or a string field will also work.
Notes
  1. To enable user account activation, the Requires activation and Send email options under User Registration Page must be checked. The user needs to click an activation link in the email sent after registration to activate the user account.
  2. If enabled, make sure the activated field for existing users in your user table is updated with your activation values (e.g. True/False, 1/0, Y/N) or the existing users cannot login because they are not recognized as activated. You can enable Multi-Update feature for the user table so administrators can activate or deactivate existing users easily.
Profile field A long text field (e.g. TEXT or VARCHAR(65536) in MySQL, VARCHAR(65536) or VARCHAR(max) in SQL Server) for persisting all the additional user information. This field is required if the following options are used:
  • Track failed attempts
  • Disallow concurrent login
  • Enable password expiry
  • Two factor authentication
Note The field is also required if the advanced setting Search filter save option is set to Server, see Tools -> Advanced Settings.
User Table List Page Options
Reset concurrent user session count If enabled, a new option is generated in the User Table list page for the administrator to reset the concurrent user session count for an user to 0
Reset login failed attempts If enabled, a new option is generated in the User Table list page for the administrator to reset the login failed attempts for an user to 0
Set password expired If enabled, a new option is generated in the User Table list page for the administrator to set the password of an user as expired
Resend registration email If enabled, a new option is generated in the User Table list page for the administrator to resend the registration email to an user
Reset user secret (two factor authentication) If enabled, a new option is generated in the User Table list page for the administrator to reset the user secret for two factor authentication. See Two Factor Authentication for details.

 

Email Templates

The email sending function and the email contents can be customized in the template. The following special tags are used in the email templates:

<!--$From--> is sender email address
<!--$To--> is user email address
<!--$Password--> is user password
<!--FieldName--> (without the $ symbol) is the field value, e.g. <!--LastName--> is the field value of the field "LastName".

You can also dynamically change the email by code using Email_Sending event before the email is sent. (See Server Events and Client Scripts.)

Note To set up email templates for Multi-Language projects, read the topic Tutorial - Multi-Language Project Setup

 

Also See

Tutorial - User ID Security
Tutorial - Static User Level Security
Tutorial - Dynamic User Level Security
Tutorial - User Registration System
Tutorial - Multi-Language Project Setup
Two Factor Authentication

 

 ©2002-2023 e.World Technology Ltd. All rights reserved.