Password Expiry

**navaldesign** · 11-25-2011, 07:49 AM

Re: Password Expiry

Since this is not built in the Login tools, you will need to create your own custom code.

Tip: set an extra $_SESSION variable which contains the time (UNIX time) of each authentication (each time the user tries to reach a protected page, he gets authenticated). Then add in the authentication script a line of code that checks the time since last authentication.

**alphilan** · 11-25-2011, 08:37 PM

Re: Password Expiry

Originally posted by navaldesign View Post

Since this is not built in the Login tools, you will need to create your own custom code.

Tip: set an extra $_SESSION variable which contains the time (UNIX time) of each authentication (each time the user tries to reach a protected page, he gets authenticated). Then add in the authentication script a line of code that checks the time since last authentication.

To be honest I don't think I can do this. I guess this code has to be inserted in the login form under the object/general html section. Can you help further with the code please?

**navaldesign** · 11-25-2011, 09:05 PM

Re: Password Expiry

Insert the "Protect Page" object in the pages that you need to protect.

Right click it and select "Convert to Form". The object will be converted to a HTML box. Double click it and you will see its code that will be looking like this:

<?php
session_start();
if (!isset($_SESSION['username']))
{
header('Location: error.php');
exit;
}
?>

Insert the following code just AFTER the line session_start();

if(!isset($_SESSION['logintime'])){
$_SESSION['logintime'] = time();
}else {
if(time() > $_SESSION['logintime'] + 15 * 60){
unset($_SESSION['username']);
}else{
$_SESSION['logintime'] = time();
}
}

15 is the session expiry in minutes. You can change it to whatever you need.

Please note that as is, the code, will renew the session expiry for 15 minutes after each page load. So if the user keeps on moving on the site, his session is renewed. Otherwise it expires after 15 minutes.

**alphilan** · 11-26-2011, 04:08 AM

Re: Password Expiry

Thanks for the help.
1. I checked the Protect Page object box it does not have the option 'Convert to Form' . It has options to Cut, Copy, Move the box forward/back/etc./, Properties and HTML when I clicked on the HTML option the box was empty. Am I doing something wrong?
2. Do I have to put 15 in the time bracket i.e. time(15)

Thanks

**navaldesign** · 11-26-2011, 07:52 AM

Re: Password Expiry

1. This is only available in BV version 12. If you have BV 11 this is not available.
1.A. If you wnat to continue working with BV 11, then:

Add a small HTML box in your page. Paste the entire code, that is

<?php
session_start();
if(!isset($_SESSION['logintime'])){
$_SESSION['logintime'] = time();
}else {
if(time() > $_SESSION['logintime'] + 15 * 60){
unset($_SESSION['username']);
}else{
$_SESSION['logintime'] = time();
}
}
if (!isset($_SESSION['username']))
{
header('Location: error.php');
exit;
}
?>

Remove the standard Protect Page object.
2. No, time() should remain as is.

Using a HTML box, you will have to manually type the "Access denied Page" (which I supposed to be the "error.php" page but you can have any page you like.)

If you want to restrict access to specific users, you should further modify the code.

**alphilan** · 11-28-2011, 05:03 AM

Re: Password Expiry

I'm not sure if something is missing in the code because when I preview it the code appears on the screen. I guess it might be missing a bracket or something.

Thanks,

**navaldesign** · 11-28-2011, 07:34 AM

Re: Password Expiry

PHP pages can't be previewed, as the PHP code needs to be executed on a server that supports PHP (your own computer doesn't)

In other words, you need to publish the page in order to test it.

**JRPC** · 11-28-2011, 06:29 PM

Re: Password Expiry

Are you sure your publishing your page as a PHP file format? If you put code on a page and publish it as a HTML you will see the code at the top of the page as you indicated has/is happening.

**navaldesign** · 11-28-2011, 07:07 PM

Re: Password Expiry

To JRPC : alphilan is previewing ! he didn't publish. So even if the page is the correct format (that is, .php) he will have this issue anyway.

**alphilan** · 11-28-2011, 10:56 PM

Re: Password Expiry

I followed your instructions after I downloaded BV ver. 12. I get this after publishing the page with the code.

404 Not Found

http://www.childrenseducationassociation.com/sample_lessons/sample_lessons.php

If I remove the code the page publishes okay.

**alphilan** · 11-30-2011, 04:59 PM

Re: Password Expiry

Originally posted by alphilan View Post

I followed your instructions after I downloaded BV ver. 12. I get this after publishing the page with the code.

404 Not Found

http://www.childrenseducationassociation.com/sample_lessons/sample_lessons.php

If I remove the code the page publishes okay.

I think it works okay now. Thanks.
1. I was wondering is there a way I can let a user know through a customized message that their session is over?
2. As far as the the admin log can we add some extra fields to verify the authensity later if clients forget their username and password?

**navaldesign** · 11-30-2011, 11:09 PM

Re: Password Expiry

Expiry is set in seconds. 60*6 means 6 minutes, not 60 (60 secs/min * 6 mins)

To add additional fields, you need to customize the code. This is something you need to do yourself.
The same goes for the custom message.

Password Expiry

Password Expiry

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment