Login Questions
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=18321
Printed Date: 13 April 2026 at 7:10am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Login Questions
Posted By: skbohler
Subject: Login Questions
Date Posted: 08 February 2006 at 2:40pm
|
Hi,
I have a couple of questions regarding logging in:
1) Is there a way to turn off CAPTCHA ?
2) When I login as administrator, then click on "Admin" it wants me to login again. Is that intentional?
Thanks in advance!
-Steve
|
Replies:
Posted By: WebWiz-Bruce
Date Posted: 08 February 2006 at 3:18pm
|
1). You can disable the CAPTCHA security images from the admin section in version 8, but they do protect against disctionary hacking and spam bots. A suggestion has been made to only have the CAPTCHA images after a 3rd failed login attempt, which I hope to implement into the next beta version. 2). Having to re-log into the admin section is intentional and is done for extra security as a different, more secure, login system is used for the Admin Section that doesn't include the auto-login feature of the main forum. This is done as hackers have been able to use data from comprimised databases to gain access to the admin section. The having to type in the admin password should prevent this issue. In future versions I am looking to maybe take this one step further, whereby there is a special admin section password that all admins would need to enter to get access to the admin section. The admin section doesn't need to be entered very often, but has tools in it that can be used to delete, wreck, deface, etc. entire forums, so keeping this section totaly secure is a very high priority. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: skbohler
Date Posted: 08 February 2006 at 3:28pm
|
Thanks for your reply.
I have version 8, but it seems as if I'm missing some functionality.
I've been all through the admin section, but I don't see an option to turn off CAPTCHA.
I also don't seem to be able to find:
A) The ability to say that a forum requires moderation
B) The ability to create sub-forums
C) The ability to enable "Quick Reply"
I looked for a manual giving more instructions on configuring the forums, but I didn't see much (if one exists and will answer my questions, please feel free to point me to it
 Thanks again,
Steve
P.S. I'm pretty amazed so far with your product!
|
Posted By: WebWiz-Bruce
Date Posted: 08 February 2006 at 3:54pm
|
It sounds like you are using the latest stable version 7.97 and not version 8 which is still in beta testing, otherwise you would have found all these tools quite quickly, and the quick reply box is on by default in version 8. In version 7.97 CAPTCHA can not be disbaled from the admin section, sub forums and post approval are not supported. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: skbohler
Date Posted: 08 February 2006 at 3:57pm
|
Ah, I see.
What part of the admin section allows for turning off CAPTCHA.
Thanks again,
Steve
|
Posted By: WebWiz-Bruce
Date Posted: 08 February 2006 at 4:23pm
|
In version 8 it will be in the 'Forum Configuartion' page, in version 7 there isn't away to disable it from the admin section. However, it is not recommended that you disable the CAPTCHA security images as you will have no protection against spammers and hackers. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: skbohler
Date Posted: 08 February 2006 at 4:25pm
| OK, thanks. |
Posted By: wistex
Date Posted: 13 February 2006 at 3:05pm
|
Borg, what I do with one of my sites is this: I have an admin username and password for the forums & website (integrated login for entire website) and then I have a different username and password for accessing my non-WWF admin pages. Also, for convenience, I have links to "Edit this Page," "Delete this Page," "Edit this Recipe," and things like that on the main pages but only visible when an Admin is logged on. When you click on the links it takes you to a page on the admin section where you can take those actions but asks for the username and password if it hasn't already been entered in the last 15 minutes. This means that even if I am still logged in to the website, people can't access most of the admin functions by clicking on the admin links (unless they came within 15 minutes of me accessing the admin part of the website with me stepping away from the computer and me forgetting to lock the computer... which I am in a habit of doing, by the way.) That way it gives me the convenience of administrating the website directly from any page on the website (i.e. I don't have to go into the admin section and do a search for the page I was just looking at) and yet it also makes the admin functions more secure by having more than one username and password for the admin. |
Posted By: WebWiz-Bruce
Date Posted: 13 February 2006 at 3:44pm
|
Although I have yet to go as far as having a sepporate password for the admin section of the forum I have changed the login procedure for version 8. The next beta version will be testing a new admin login fetaure, whereby auto login is not enabled for the admin section and the user needs to re-enter the admin password to enter the admin section. They will also need to re-enter the admin password to enter the admin section after 20 minutes of in-activity, if they forget to logout. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: wistex
Date Posted: 13 February 2006 at 4:49pm
|
For the average admin, I wouldn't have a different password for the admin section. Since most admins don't access the admin section that often, that's asking for problems with forgotten admin passwords. But for me it works out okay because I use different passwords for regular logins and admin logins anyway.
------------- http://www.wistex.com" rel="nofollow - WisTex Solutions http://www.caribbeanchoice.com/forums" rel="nofollow - CaribbeanChoice Forums |
Posted By: WebWiz-Bruce
Date Posted: 13 February 2006 at 4:54pm
|
Thats what is putting me off changing the system to have a sepporate password for the admin section. As it is not accessed often people are going to forget the password, leading to loads of 'I've forgotten my admin password' support questions. Although another idea I have had is to use an admin question and awnser, so when entering the admin section, the admin has a quetsion they have set themselve's, such as, 'what is your favourite colour?'. That way hopefully the admin wouldn't forget the anwser. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: WebWiz-Bruce
Date Posted: 13 February 2006 at 4:56pm
|
Also, for beta 2, for the main user login, because users are complaining about the CAPTCHA security images, I have changed the user login page so that the CAPTCHA images only appear after the 3rd un-sucessful login attempt.
------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: wistex
Date Posted: 13 February 2006 at 5:05pm
|
That's good. That CAPTCHA thing was annoying me. I like the 3rd unsuccessful attempt implementation. I wouldn't use a different username and password, just track login seperately and not allow auto-login for the admin section. I think that would be sufficent for admins who forget to logout of the forums or who use auto-login. Even if someone came to the same computer and tried to do an admin function, they would have to know the password. And if they know that, your doomed from the start. The admin question is overkill in my thinking. ------------- http://www.wistex.com" rel="nofollow - WisTex Solutions http://www.caribbeanchoice.com/forums" rel="nofollow - CaribbeanChoice Forums |
Posted By: wistex
Date Posted: 13 February 2006 at 5:12pm
|
Also, I heard you mention that you were deleting most admin functionality from the forums and moving it to the admin section for security reasons. Please don't do that. What would be better is keeping the admin links like you have now, but require the admin to relogin as the admin if they haven't relogged in as the admin in 20 minutes. The link could take you to a specific page in the admin section which, of course, requires the relogin that you are talking about. Also, can we get rid of the frames in the admin? ------------- http://www.wistex.com" rel="nofollow - WisTex Solutions http://www.caribbeanchoice.com/forums" rel="nofollow - CaribbeanChoice Forums |
Posted By: WebWiz-Bruce
Date Posted: 13 February 2006 at 5:39pm
|
The only admin functionality removed from the main forum and now only available in the admin section is being able to change forum names and descriptions from the main forum. These such features are only used rarely and are just another way for a hacker to screw things up. I will consider removing frames from the admin section, but it not high priority at the moment as I want to get beta 2 out ASAP. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: wistex
Date Posted: 13 February 2006 at 6:43pm
|
That's okay. Luckily I don't have to go into the WWF admin section too much. And for some things I've written my own admin pages (i.e. so I can find a user by e-mail for example).
------------- http://www.wistex.com" rel="nofollow - WisTex Solutions http://www.caribbeanchoice.com/forums" rel="nofollow - CaribbeanChoice Forums |