Login Page
Introduction
The "Setup/Configuration : Login Page" page is where you can configure the Login Page options like the Remember Login, Remember Period, Number of attempts to login, Account Sharing Prevention options, user session period, etc. Remember to click the "Save" button at the bottom of the page once you have made your changes to the configuration.
Accessing Login Page Options
- Login to the Admin Panel.
- Select "Setup/Configuration" from the options on the left side of the screen. See Setup/Global for more information on how to do this.
- Click the "Login Page" button.
The "Setup/Configuration: Login Page" page is displayed
Login Page Options
- Redirect after logout: In this field, you can specify the page to display to the user once a user logs out. Just type the URL of the page in the field provided.
- Remember Login: Select the checkbox to allow the option for the user's computer to remember login and password using cookies.
- Always Remember: Select this checkbox to allow the user to stay logged in without any limit on the number of days that they can stay logged in when the user selects this option.
- Remember period: This field will allow you to enter the number of days the cookie should remember the username and password on the user's computer. After the number of days entered here, the user will be asked to enter the username and password again at login.
- Automatically login customer after signup: Select this checkbox if to allow the user to automatically be logged in once a user signs up. When this checkbox is selected, the user will not be asked to enter username and password immediately after signing up. Instead they will be logged in automatically with the username and password selected/generated during signup and will be taken to their start page.
- Allow to Use Password Hash from 3ty party Scripts to Authenticate User in aMember: this setting is useful when you imported your users with encypted passwords from third-party script. For example, let's say you had your user's database in vBulletin and want to import users into aMember. vBulletin doesn't store plan text passwords for users and there is no way to decrypt passwords. The solution will be to import users with encrypted passwords (amember allows to do this from Import Users screen), then enable above setting. When your imported user will try to login, amember will authenticate him using his vBulletin's encrypted password, and then will update internal password on success.
- User session lifetime (minutes): In this field enter the number of minutes from login after which a user will be automatically logged out of a session. After the number of minutes entered here, the user will see a message saying that the session has expired and will be asked to login again.
Account Sharing Prevention
The Account Sharing Prevention option allows you keep a control on users signing up for one account and sharing it between different individuals. When users sign up for one account and share it between different individuals, it results in your company is losing out on the subscription fee that you could have got from the other individuals. Hence, it is very important to keep a control on this.
aMember keeps track of each user's IP as they log in. The same user cannot be at multiple IPs at the same time unless under extraordinary circumstances. Such an occurrence usually indicates that the account is being shared.
In this field, you can specify the number of IPs within a particular time period after which a user will be limited from using the account. When there are multiple logins for the same account within the specified time period, you can select whether to disable the account or email admin regarding the account sharing.
Bruteforce Protection
In this field, you can specify the number of times a user will be allowed to enter invalid login information within a specified time period and try to unsuccessfully login before being forced to wait for a certain period until the next try.
Remember to click the "Save" button at the bottom of the page to save any changes made on this page.
One-time Passcode Login Settings
aMember supports One-time Passcode Login functionality. One-time passcode could be sent to either user's email address or mobile phone. Code could be sent to confirmed email address or mobile phone only, so make sure that you have enabled Email Confirmation in all Signup/Profile forms. In order to use mobile phones for OTP login, add Mobile Phone brick to Signup/Profile forms and enable at least one SMS transport plugin (like Twillio)
How It Works
If enabled, OTP replaces "Forgot Password" for users. User with confirmed email address or mobile phone will be offered to use OTP for login if tries to request password or tries to log-in with wrong password.
If user decides to log-in with OTP, code will be sent to Phone/Email and user will be asked to provide it