Alpha Software Mobile Development Tools:   Alpha Anywhere    |   Alpha TransForm subscribe to our YouTube Channel  Follow Us on LinkedIn  Follow Us on Twitter  Follow Us on Facebook
Devcon 2020 Goes Virtual! LEARN MORE >

Announcement

Collapse

The Alpha Software Forum Participation Guidelines

The Alpha Software Forum is a free forum created for Alpha Software Developer Community to ask for help, exchange ideas, and share solutions. Alpha Software strives to create an environment where all members of the community can feel safe to participate. In order to ensure the Alpha Software Forum is a place where all feel welcome, forum participants are expected to behave as follows:
  • Be professional in your conduct
  • Be kind to others
  • Be constructive when giving feedback
  • Be open to new ideas and suggestions
  • Stay on topic


Be sure all comments and threads you post are respectful. Posts that contain any of the following content will be considered a violation of your agreement as a member of the Alpha Software Forum Community and will be moderated:
  • Spam.
  • Vulgar language.
  • Quotes from private conversations without permission, including pricing and other sales related discussions.
  • Personal attacks, insults, or subtle put-downs.
  • Harassment, bullying, threatening, mocking, shaming, or deriding anyone.
  • Sexist, racist, homophobic, transphobic, ableist, or otherwise discriminatory jokes and language.
  • Sexually explicit or violent material, links, or language.
  • Pirated, hacked, or copyright-infringing material.
  • Encouraging of others to engage in the above behaviors.


If a thread or post is found to contain any of the content outlined above, a moderator may choose to take one of the following actions:
  • Remove the Post or Thread - the content is removed from the forum.
  • Place the User in Moderation - all posts and new threads must be approved by a moderator before they are posted.
  • Temporarily Ban the User - user is banned from forum for a period of time.
  • Permanently Ban the User - user is permanently banned from the forum.


Moderators may also rename posts and threads if they are too generic or do not property reflect the content.

Moderators may move threads if they have been posted in the incorrect forum.

Threads/Posts questioning specific moderator decisions or actions (such as "why was a user banned?") are not allowed and will be removed.

The owners of Alpha Software Corporation (Forum Owner) reserve the right to remove, edit, move, or close any thread for any reason; or ban any forum member without notice, reason, or explanation.

Community members are encouraged to click the "Report Post" icon in the lower left of a given post if they feel the post is in violation of the rules. This will alert the Moderators to take a look.

Alpha Software Corporation may amend the guidelines from time to time and may also vary the procedures it sets out where appropriate in a particular case. Your agreement to comply with the guidelines will be deemed agreement to any changes to it.



Bonus TIPS for Successful Posting

Try a Search First
It is highly recommended that a Search be done on your topic before posting, as many questions have been answered in prior posts. As with any search engine, the shorter the search term, the more "hits" will be returned, but the more specific the search term is, the greater the relevance of those "hits". Searching for "table" might well return every message on the board while "tablesum" would greatly restrict the number of messages returned.

When you do post
First, make sure you are posting your question in the correct forum. For example, if you post an issue regarding Desktop applications on the Mobile & Browser Applications board , not only will your question not be seen by the appropriate audience, it may also be removed or relocated.

The more detail you provide about your problem or question, the more likely someone is to understand your request and be able to help. A sample database with a minimum of records (and its support files, zipped together) will make it much easier to diagnose issues with your application. Screen shots of error messages are especially helpful.

When explaining how to reproduce your problem, please be as detailed as possible. Describe every step, click-by-click and keypress-by-keypress. Otherwise when others try to duplicate your problem, they may do something slightly different and end up with different results.

A note about attachments
You may only attach one file to each message. Attachment file size is limited to 2MB. If you need to include several files, you may do so by zipping them into a single archive.

If you forgot to attach your files to your post, please do NOT create a new thread. Instead, reply to your original message and attach the file there.

When attaching screen shots, it is best to attach an image file (.BMP, .JPG, .GIF, .PNG, etc.) or a zip file of several images, as opposed to a Word document containing the screen shots. Because Word documents are prone to viruses, many message board users will not open your Word file, therefore limiting their ability to help you.

Similarly, if you are uploading a zipped archive, you should simply create a .ZIP file and not a self-extracting .EXE as many users will not run your EXE file.
See more
See less

Sec Framework - delete a user

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Sec Framework - delete a user

    There are no web-based functions to remove or delete a user from the web user's database. Is the trick to use A5WS_LockOutUserSet(), and then deal with it if someone tries to add that user back in by unblocking that userid? Or, is there some function I can run from a web app to delete an existing user? Or are those functions planned?

    I know I can use the Users and Groups dialog, but a web application has to be self-contained. Same issue with adding/deleting Groups, Security Questions, but that's a little less important.
    Steve Wood
    See my profile on IADN

    Tags: None
    #2
    Re: Sec Framewor - delete a user

    Bump - has anyone been able to determine if you can delete users from the web security from the web application? Also, although this belongs in the feature wish section, need to be able to dynamically change the users assignment to particular Groups. For example, user registers and pays for a subscription, need to then use xbasic to add them to the "Subscribers" Group.
    Steve Wood
    See my profile on IADN

    Comment

      #3
      Re: Sec Framewor - delete a user

      Steve,

      I think you can do the second part of your wish if they are logged in at the time.

      For example, if you want to check if a logged in user is a member of a particular group, you can do something like the following:

      Code:
       
Dim pUser as P
a5ws_logged_in_user_values(pUser,request,session)
if eval_valid("pUser.userid")=.t.
vgroupList=a5ws_get_user_assignments(pUser.userid,request)
vResult=is_one_of("group you want to test name",vGrouplist)
if vResult
?They are a member
else
?they are not a member
end if
      So, I think you can manipulate the group list and save it with a5ws_save_user_values()

      Pat
      Pat Bremkamp
      MindKicks Consulting

      Comment

        #4
        Re: Sec Framewor - delete a user

        You can also manipulate the websecurity .dbf tables directly, they are located on the root folder of your application.
        for example if you have an application call appraiser you can access the .dbf tables as follows:
        <%a5
        dim pTbl as P
        dim cPath as C
        cPath="c:/a5webroot/appraiser/"
        pTbl=table.open(cPath+"websecurity_users.dbf",FILE_RO_SHARED)
        pTbl.fetch_first()
        ?alltrim(pTbl.Userid)
        pTbl.close()
        %>

        this example prints the first userId in the table.
        Make sure if you delete the userId to go ahead and delete it from the rest of the websecurity tables. So you don't have any orphan records.
        The Mexican

        Comment

          #5
          Re: Sec Framework - delete a user

          Hmm, yes I see those tables are completely available for me to manipulate as I desire -- But I distinctly remember Jerry saying those tables would eventually be encrypted and not allow direct manipulation. I assumed they already were encrypted per his plan to do so.

          Jerry - still planning to encrypt? And if so, will we still be able to directly manipulate those tables using an encryption key, understanding this would be an "at-your-own-risk" method?
          Steve Wood
          See my profile on IADN

          Comment

            #6
            Re: Sec Framework - delete a user

            There are a number of new features that will be released for the web security in a future build, including functions to add or delete a security group and delete a user in security. These functions will be available for use on-line in a component or web page. A feature will also be added to enable specifying an email profile on the server to use to send emails for lost data. These should all be in the next release build, although no date is set for that release.

            One very effective method to "delete" or block a user right now is to change their password to a nonsense value. Since the system will not permit duplicate userid's, not only can they not log in, this also prevents them from trying to re-register with the same user id. The A5WS_LockOutUserSet() function is mainly a temporary lockout process actually used to temporarily lock out a user for a short time if they fail to enter the correct login information. It is not intended to block a user for any lengthy period.

            The help files will also be updated to show additional uses of existing functions such as a5ws_get_user_values() and a5ws_save_user_values() beyond the examples in the Web Application Demo. Examples of how to use them directly in xbasic to get and save user values will be added.

            Although the security tables are not encrypted at this time, directly editing may lead to serious issues as the data in each are interconnected. Editing one without corresponding changes in the related records will likely result in corrupted data. The built-in system functions are designed to insure the data integrity remains intact in the security system. They also have considerable checking and validation code to prevent incorrect data from being entered into the system, which would cause very erratic behavior or a failed security system. This has already occured in a number of reported cases where the tables were edited outside of the defined methods.

            If you wish to edit the security questions used on line, they are saved in a simple text file in the published page folder. However, there is no defined mechanism included to transfer changes made on the server back to the desktop for any files other that the security tables. This could be done by FTP operations if required.

            Comment

              #7
              Re: Sec Framework - delete a user

              Jerry,

              While you are in there adding all this wonderful stuff, how 'bout one more quick addition.

              In recover the password, if the password is shown on the screen, could you add a link back to the login screen? I'm not sure all my customers are skilled enough to press the 'back' button.

              Pat
              Pat Bremkamp
              MindKicks Consulting

              Comment

                #8
                Re: Sec Framework - delete a user

                Can't recall if Jerry said yes or no to that enhancement. But you can do it easily in freeform. Add "Return to Login" and give it a hyperlink to Login.a5w (if that's your login page).
                Steve Wood
                See my profile on IADN

                Comment

                  #9
                  Re: Sec Framework - delete a user

                  The system has been changed to automatically return the user to the login view after any successful login data recovery. Any messages will still appear at the top of the component. A successful password change has always returned to the login view.

                  Comment

                    #10
                    Re: Sec Framework - delete a user

                    Jerry,

                    One more request. On the user delete, will you please include a "delete all" option?

                    I have software for organizations that I copy and tailor for each different chapter, and some of those chapters have hundreds of members. I know I could program a loop, but it would seem easier for you to include that.

                    Pat
                    Pat Bremkamp
                    MindKicks Consulting

                    Comment

                    Previous template Next
                    Working...
                    X