Secure page

Dear Jason, I've created a Registration Page with CSS Form Builder and used DataAssist Insert Record to bind it to the Database table. The password is encrypted using MD5.

After registration, the user is brought to a login page. This login page has an email, password and a submit button and I used WebAssist Authenticate User. After logging in the user is brought to a Welcome.php page.

However, when I try to 'secure' the welcome.php page with SecurityAssist, I get a message 'no rules defined'. Do I have to create a rule and if yes is there guidance on how to create the rule?

Note: In Dreamweaver, I would normally use 'User Authenticatio'n to secure pages using 'Log in User' and 'Restrict Access to Page'. It seems more complicated with WebAssist - but maybe I'm missing something obvious.

In addition, I then tried to built secure pages using the Security Assist Wizard, but this proved problematic as well. I built the pages, with the intention of only using, logon.php, logout.php and forgotpassword.php. But again this didn't perform the tasks I expected, so I gave up - the logon page was validating the password - expecting a certain mix of characters, etc - I didn't know how to remove the validation.

Which is the best route to take if I want (1) an independent registration page designed in CSS Form Builder and binded/bound using WebAssist 'Insert record' and using an encrypted password (2) a logon page and (3) several secure pages - welcome page, report page (thanks to you, I now know how to do a report page that pulls data from two tables and which has search capabilities), etc.

I can prepare all the above security in Dreamweaver, but I'd prefer to have the ability to do it with WebAssist, because of its ability to create sessions, and it seems more powerful, - unfortunately I've been unable to harness this power on this occasion.

If you create the pages manually, you will need to configure the Access rules manually as well.


In the Authenticate user behavior, the sessions tab allows you to select columns to store in a session on login.

the default is to store the ID column, use that session as the basic access rule.

In the Access rules manager, create a Logged in rule, For the Value, select the ID session variable. for the Criteria, select "<>" (Not Equals), leave the Compare to section blank.

this is a basic rule that will allow access if the user ID session is not empty. you can create more complex rules for user level authentication if you like as well. On the security Assist support page, there is a user level authentication tutorial in the Archived documentation section. It was written for v1, but the concept is still the same.

if you run the wizard, you can edit the validation after the pages are created. the validation will use server validation and spry. to edit the Spry validation settings for an element:

Select the element in Design view, notice the Blue Bounding box that denotes the field as a spry field, click the Blue bounding box, this will trigger the spry settings in the property inspector.

to edit the server validation:

Open the server behaviors panel and double click the Server Validation server behavior. Select a validation form the list and click the edit button.

Thanks Jason, that sorted out the issue. I'm getting there with this registration form. Two things would put the icing on the cake.

1 - At the moment, if I create a manual login page using CSS Form Builder and WebAssist User Authentication, I would normally redirect the user to fail.php (which has message to try again), if they enter wrong login details. How do I add that nice code 'login.php?failedLogin=1' to a manual login page - it's a lot neater than passing the user to a different page.

2 It would be nice to have Ajax on the email field if someone who is already registered tries to register again with the same email. I have used a server behaviour you gave me in the past which checks a username, but this only checks when you press submit.

I have some code a friend gave me who was helping me with the design of the form - see attached. He was wondering where one would insert this on the registration page, or if you have something similar?

1) Open the bindings page and click the plus button, select URL Variable and name it "failedLogin"

in the access rules manager, create a failed login rule. for the value, click the lightning bolt icon, set the Criteria to = and the Compare to to 1

Add your failed login message to the page, then use the security assist show region behavior wit the failed login rule.


2) we don't offer ajax for validating the email address, you would need to add that manually. The instructions in that text file say to add the code in the head of the document.

the $(document).ready(function() { function code needs to be placed in a script tag.