One of the important things to secure your web application that generated with PHPMaker is by adding the auto-logoff after idle for the certain time feature. Since PHPMaker has not added this feature yet, I have successfully customized the PHPMaker template file in order to implement it. In addition, I also add the new constant in configuration (ewcfg.php) template file so you are able to define the value of idle time in your web application.
After customizing the template, then each time the current logged-in user does not do any activity in your web application for the certain time that you have defined in that constant above, then that current logged-in user will be automatically logged out (logoff) by the system. He/she will have to login again in order to access your web application. This feature usually we found and used in the Internet Banking Web Application. This is one of the important features for the security purpose.
Warning and Important: In order to make this functionality running properly, then make sure:
- You have defined Profile field (memo) value from: Security -> Advanced -> User Login Options -> User Table Fields of PHPMaker.
- You have given a checked mark at the Disallow concurrent login item under the Login section of the Advanced Security - User Login Options dialog window above.
Updated on May 30, 2012: This customization has been implemented in PHPMaker version 9.0.2, it matches to each other, and as a result, it works properly.
Updated on July 21, 2012: This customization has been implemented in PHPMaker version 9.0.3, it matches to each other, and as a result, it works properly.
Updated on September 4, 2012: This customization has been implemented in PHPMaker version 9.0.4, it matches to each other, and as a result, it works properly.
Updated on November 28, 2012: This customization has been implemented in PHPMaker version 9.1.0, it matches to each other, and as a result, it works properly.
Updated on February 9, 2013: This customization has been implemented in PHPMaker version 9.2.0, it matches to each other, and as a result, it works properly.
Updated on June 17, 2013: This customization below has been handled by using MasinoFixedWidthSite extension. You don’t need to implement the customization below if you use my extensions together with the original PHPMaker Template and Extension files.
[hidepost]
-
Open your \Script\ewcfg.php file, and find this code:
// General
before that line, please insert the following code:
// Begin of modification Auto Logout After Idle for the Certain Time, by Masino Sinaga, May 5, 2012 define("MS_AUTO_LOGOUT_AFTER_IDLE_IN_MINUTES", 5, TRUE); // default idle = 5 minutes! // End of modification Auto Logout After Idle for the Certain Time, by Masino Sinaga, May 5, 2012 -
Open your \Script\phpcommon-scripts.php file, and find this code:
<!--##~SYSTEMFUNCTIONS.Security()##-->
after that line, please insert the following code:
// Begin of modification Auto Logout After Idle for the Certain Time, by Masino Sinaga, May 5, 2012 <!--## if (CTRL.CtrlID != "preview") { ##--> if (IsLoggedIn()) { $LastAccessDateTime = strval(@$UserProfile->Profile[EW_USER_PROFILE_LAST_ACCESSED_DATE_TIME]); if (ew_DateDiff($LastAccessDateTime, ew_StdCurrentDateTime(), "n") > MS_AUTO_LOGOUT_AFTER_IDLE_IN_MINUTES) { header("Location: logout.php"); } } <!--## } ##--> // End of modification Auto Logout After Idle for the Certain Time, by Masino Sinaga, May 5, 2012We will exclude the preview page from the idle calculation in order to avoid logoff for the preview page that can cause the messed of its area.
See the following code:
<!--## if (CTRL.CtrlID != "preview") { ##--> - Finally, re-generate your script files using PHPMaker as always.
[/hidepost]
Something is not right.
I performed Step 2 and cannot generate my scripts. I continue to get:
PHPMaker: Generate Table weekends list page error
PHPMaker (ewExlist): (0)
If I remove that code, everything compiles correctly.
And I don’t understand the 3rd box in Step 2
What does this mean?
Thanks for letting us know. Yes, there is a missing closing tag, and now it has been added. Please re-apply step 2 again. It should fix the problem now.
It means that we will not add this code to the generated preview script (if only you are using previewrow extension). In other words, if we add this code in the generated preview page, then it will cause the problem for the look and view of the page, since there will be a login page appears inside this area.
Can I suggest two small changes to this modification…
1) automatically disable this feature if the login options include “Auto-login” as the two concepts are mutually exclusive… the system should not be able to log out a user if the developer has allowed the auto-login option and the user has specifically requested that for themselves
2) use the value set in the “Login status timeout (minutes)” field to control the auto-logout timer – this removes the need to edit the ewcnf file and makes perfect sense because, if being used as the basis for avoiding concurrent logins, the user should be automatically logged out after that period anyway
Thanks for the suggestion. Will try to implement it in future.