bfuchs
asked on
Create user specific-redirect after login/
Hi Experts,
I would like to apply the following to my logic page (designed in Caspio).
Check if PWD_Date is older than 90 days, then it should redirect user to the change PWD screen.
This is the article showing how to accomplish this.
I have tried the following, but so far its not working...
Thanks
I would like to apply the following to my logic page (designed in Caspio).
Check if PWD_Date is older than 90 days, then it should redirect user to the change PWD screen.
This is the article showing how to accomplish this.
I have tried the following, but so far its not working...
<script>
var date = new Date('[@authfield:PWD_Date]');
date.setDate(date.getDate() + 90);
var dateTodate = new Date();
if (date < dateTodate) {
alert('[@authfield:PWD_Date]'.toString());
alert('Please change your Password');
window.location.href = 'http://localhost/staff/profile-change-password.php';
};
if ('[@authfield:Role_ID]' == '1234') {
window.location.href = './admin';
} else {
window.location.href = './staff';
}
</script>
Thanks
What do you get in the first alert?
alert('[@authfield:PWD_Date]');
var date = new Date('[@authfield:PWD_Date]');
date.setDate(date.getDate() + 90);
var dateTodate = new Date();
if (date < dateTodate) {
alert('Please change your Password');
window.location.href = '/staff/profile-change-password.php';
};
if ('[@authfield:Role_ID]' == '1234') {
window.location.href = './admin';
} else {
window.location.href = './staff';
}
ASKER
Hi Experts,
I changed the code as follows
Now it works, however users are able to click on links and open other web pages (in our site), how can we prevent them from opening any page until password gets updated?
Thanks,
Ben
I changed the code as follows
<script>
if ('[@authfield:Role_ID]' == '1234') {
window.location.href = './admin';
} else {
var date = new Date('[@authfield:PWD_Date]');
date.setDate(date.getDate() + 90);
var dateTodate = new Date();
if (date < dateTodate) {
alert('[@authfield:PWD_Date]'.toString());
alert('Please change your Password');
window.location.href = 'http://localhost/staff/profile-change-password.php';
}
else{
window.location.href = './staff';
}
}
</script>
Now it works, however users are able to click on links and open other web pages (in our site), how can we prevent them from opening any page until password gets updated?
Thanks,
Ben
ASKER
Hi,
I do have authentication, but the workflow I'm trying to program is as follows.
Once the user successfully logs in then it will require them to change the PWD (otherwise everyone would be able to change all passwords), and therefore since user had already logged in, they have access to all datapages using this authentication.
Thanks,
Ben
I do have authentication, but the workflow I'm trying to program is as follows.
Once the user successfully logs in then it will require them to change the PWD (otherwise everyone would be able to change all passwords), and therefore since user had already logged in, they have access to all datapages using this authentication.
Thanks,
Ben
so put the following code on every page:
remove this part from your previous code, this is two different things
<script>
var date = new Date('[@authfield:PWD_Date]');
date.setDate(date.getDate() + 90);
var dateTodate = new Date();
if (date < dateTodate) {
alert('[@authfield:PWD_Date]'.toString());
alert('Please change your Password');
window.location.href = 'http://localhost/staff/profile-change-password.php';
} </script>
remove this part from your previous code, this is two different things
Hi,
To my opinion, for security reason the redirection should be done server side based on the userid and role from session.
User should have access to only limited page by their role and userid from session.
I usually set a complex dummy password for all users and ask user to use the reset password form, from login so they can change the password on the first login.
Then when they log in they are redirected (server side) to the dashboard / index page and only get access to what they are allowed.
To my opinion, for security reason the redirection should be done server side based on the userid and role from session.
User should have access to only limited page by their role and userid from session.
I usually set a complex dummy password for all users and ask user to use the reset password form, from login so they can change the password on the first login.
Then when they log in they are redirected (server side) to the dashboard / index page and only get access to what they are allowed.
ASKER
Hi Experts,
Thanks,
Ben
so put the following code on every page:Would prefer to have the code done at one place only (if possible), is there a way to create a global script that will also have access to users login info?
To my opinion, for security reason the redirection should be done server sideSince as posted, this app is designed using Caspio tools, unfortunately there is no way we can access directly the server side, everything gets done using their FE tools...
Thanks,
Ben
Hi,
I have checked and it is possible to have server side code like PHP
https://howto.caspio.com/deployment/seo-deployment-directions/
Params https://howto.caspio.com/parameters/
You should contact Caspio to get their documentation or maybe direct help using your account number.
https://howto.caspio.com/
I have checked and it is possible to have server side code like PHP
https://howto.caspio.com/deployment/seo-deployment-directions/
Params https://howto.caspio.com/parameters/
You should contact Caspio to get their documentation or maybe direct help using your account number.
https://howto.caspio.com/
ASKER
Hi,
Thanks,
Ben
You should contact Caspio...I did and mentioned what you suggested, waiting for their response.
Thanks,
Ben
Would prefer to have the code done at one place only (if possible), is there a way to create a global script that will also have access to users login info?
I'm pretty sure you already have a script like that, which is reused on every page
that will also have access to users login info
Caspi give you that way to get info :
[@authfield:field]
or store virtual fields in your page
Hi,
You can chat with them directly on their website, I tried it yesterday.
I found this video about redirection
https://howto.caspio.com/getting-started/create-user-specific-redirect-after-login/
You can chat with them directly on their website, I tried it yesterday.
I found this video about redirection
https://howto.caspio.com/getting-started/create-user-specific-redirect-after-login/
ASKER
Hi Experts,
I see there have a special feature covering this option...
https://forums.caspio.com/topic/8230-90-day-password-expiration/
Will try that out and keep you posted.
Thanks,
Ben
I see there have a special feature covering this option...
https://forums.caspio.com/topic/8230-90-day-password-expiration/
Will try that out and keep you posted.
Thanks,
Ben
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Open in new window
When you place it just before the first "if" condition.
Open in new window