Implement user authentication

In this section of the tutorial you will create all elements relative to the site's user authentication part. This will contain:

• A login form that allows user to enter the site - this is also the main page.

• Protection for all pages, based on user levels - pages in the admin folder can only be accessed by level 1, and some of the front-end pages by level 0.

• User registration, with account activation - this will allow new users create accounts on your site.

First, the site's main page and the login form. To build this page, you will use one of the wizards provided by MX User Login (part of MX Kollection 3): the Login Form Wizard. Follow the next steps to create the page:

1. Open the index page in Dreamweaver.

2. Apply the Login Form Wizard from the MX Kollection tab of the Insert bar. Configure each step as follows:

• In the first step, there are no options to set. Simply check if the Login Settings set earlier are OK, as they will be used for the login process.

• In the second step you have two checkboxes: Remember me - which will generate a checkbox in the login form, allowing the auto-login feature (it is based on cookies), and the Forgot Password option - if checked, it will automatically create the entire password-retrieval page. Check both options before closing the wizard.
  
  
   

3. After all options are set, simply click the Finish button to close the wizard and add the login form to the page.

4. If you save and upload the page to the server, and then preview it in the browser, it should look similar to this one (depending on the skin used in your site):
   
   

The second element to create is the registration page. Building it is as easy as the login page, as you will use a wizard once more. To create the registration page, follow the next steps:

1. Open the register page in Dreamweaver.

2. Apply the User Registration Wizard from the MX Kollection tab of the Insert bar.

3. Configure the wizard's options in each step as follows:

• Step one resembles the Login Form Wizard. It only allows you to check the validity of the configured login settings.

• In step two you have to define the fields that will be used by the registration operation. Remove the active, level and randomkey columns from the list. To remove a field, select it in the grid and press the Minus (-) button.
  
  
   

• The third step allows defining validation rules for each of the fields involved in the registration process. This step does not appear if MX Form Validation is not installed. If available, set the e-mail field to use E-mail address as validation type, then click the Next button to continue with the wizard.

• The last step has two checkboxes for configuring registration related options: whether to send a welcome e-mail message and if to use account activation. Check both options and click Finish to close the wizard.

4. The wizard will add both HTML elements and code to the page, and will also generate a new page, named activate. This page is used in the activation process: it contains an Update Transaction, that receives the randomly generated key as URL parameter, and changes the value in the active_usr column from 0 to 1. To reach this page, users must click the link offered in the activation e-mail message.

The last action to take regarding the user authentication portion of this tutorial is to protect various pages from users that do not have the right to access them. Two type of restrictions will be applied in what follows:

• the simple Restrict Access To Page server behavior on all pages that need protection in the front-end section.

• the Restrict Access To Folder command for all the files in the admin section.

The pages to protect in the front-end section are: view_products, view_order, clear_order, complete_order and add_to_order. The other pages are either public or available only through e-mail links (you will get to these pages later on). To restrict access to these pages, follow the next steps:

1. Open the page to protect in Dreamweaver.

2. Apply the Restrict Access To Page server behavior from the Server Behaviors tab > + >MX Kollection > User Login. Configure the user interface as follows:

• Select the username, password and access level as restriction elements.

• For the access level, select 0, to allow regular shoppers access these pages.

• Close the dialog box by clicking OK and save the page.
  
  
   

3. Repeat steps 1 and 2 for each page in the list above. When all pages are protected, you can move on and continue with the development of the application.