Setting Up User Authentication

In the following sections of this tutorial, you will use ImpAKT to build a user authentication system for your forum. You need authentication to prevent pranksters from posting a load of garbage to your forum and getting away with it. If users want to post messages to the forum, they must register an account, activate it, and then log in. Only then will they be able to post messages to the forum.

To build the user authentication system, you will do the following:

1. Configure user login settings from the InterAKT Control Panel.
2. Create a user registration page.
3. Create the user login page.
4. Create a logout link.
5. Use conditional regions to control which content is public and which is private.

Configuring Login Settings

The InterAKT Control Panel comes with your ImpAKT installation and is a central place for all configuration options for your site. The InterAKT Control Panel can be accessed from the MX Kollection tab of the Insert bar (see Figure 1).

Figure 1. Accessing the InterAKT Control Panel

Alternatively, you can access the InterAKT Control Panel by clicking the Server Behaviors tab > MX Kollection submenu.

The InterAKT Control Panel (see Figure 2) offers a quick and convenient way to configure the most common settings for your development environment and for your site. Once configured, the settings will be remembered, thus saving you a lot of time.

Figure 2. InterAKT Control Panel

Here are just a few of the settings you can configure with the InterAKT Control Panel:

• Date formats: Change the date and time formats for the pages built with ImpAKT to match your specific regional settings (American, German, and so on).
• Language settings: Change the language for form buttons, error messages, labels, and hints generated by ImpAKT. You can choose one of the predefined 11 languages.
• Debugging mode: Configure the level of detail of error messages or set the error reporting method (errors can be sent by e-mail to the webmaster or logged to a file on the server).
• Login settings: Configure the user authentication options.
• E-mail settings: Configure the outgoing e-mail server, port, user name, and password.
• CSS skins: Change the look of the entire site by selecting a different CSS skin.
• User interface persistence and database caching: Enable these settings to speed up your work. If user interface persistence is enabled, all ImpAKT interfaces will remember the settings you entered the last time.

All ImpAKT interfaces feature contextual help—short instructions that guide you through configuring each setting (see Figure 3).

Figure 3. Example of ImpAKT contextual help

In addition to these settings, you can also configure an image processing library, perform product upgrades, or update your site.

The Login Settings section is the place where you configure all user authentication options, including database information, password encryption, user levels, and redirect pages. Follow these steps to configure the login settings:

1. In the InterAKT Control Panel, click the Login Settings icon. This opens a dialog box showing four tabs: Options, Database, Session, and User Levels.

2. Configure the Options tab as shown in Figure 4:

• For increased security, passwords will be encrypted in the database

• For this example, the forum will not use access levels, so set the restriction to use user name and password only



Figure 4. Configuring the Options tab

3. Leave the Auto Login Validity value at its default setting. Users will be able to automatically log in to the forum. They will be asked to authenticate again only if 30 days have passed since the last time they visited the forum.

4. In the Database tab, define which table stores the user information and what columns to use for authentication (see Figure 5):

1. Select the database connection (connForum) and the table that stores user information (user_usr). The primary key is automatically detected and set to id_usr.
2. From the Username pop-up menu, select the name_usr column.
3. From the Password pop-up menu, select the password_usr column.
4. From the E-mail pop-up menu, select the email_usr column.
5. From the Active pop-up menu, select the active_usr column. If you specify a column that stores the account status (active/inactive), account activation will be available. When a user registers an account, an e-mail message will be sent containing an activation link. Unless the user clicks that link, the account cannot be used.

6. In the Random key pop-up menu, select the randomkey_usr column.

   A random key consists of a randomly generated set of alphanumeric characters used for improving website security. A random key is commonly used in user account activation, online purchases, or other activities that use URLs that ought to be difficult to guess. This prevents potentially malevolent users from accessing the URLs by directly entering them in the browser window in order to activate accounts for other users. ImpAKT automatically generates unique random keys for each user and stores them in the specified column.

   

   Figure 5. Configuring the Database tab

5. In the Session tab, you can define which session variables to create upon login and what information to store in them. By default, two variables will be created: kt_login_id (stores the user’s unique ID) and kt_login_user (stores the user name). You don’t need additional session variables for this tutorial, so leave this tab as is (see Figure 6).

   

   Figure 6. Configuring the Session tab

6. Because the forum does not use access levels, you need to define on the User Levels tab only those pages to redirect the user to. You have to set the login page and the pages to be redirected to when authentication succeeds or fails. Use the login.php page from the site root for the Login Page and Default Redirect on Fail text boxes. When the login is successful, the user must be redirected to the forum home page. Configure the user interface with the options shown in Figure 7.

   

   Figure 7. Configuring the User Levels tab

7. Click OK to apply the changes and then click Close to exit the InterAKT Control Panel.

Because sending e-mail notifications for account activation is part of the user registration process, you will also need to configure the e-mail settings as explained in the following