Table of Contents

Encrypted passwords for web to date 5.0

1. Functionality

Passwords are now stored encrypted on the website. The modified login.ccml contains the necessary code to read encrypted passwords in line 56, which is line 37 in the original login.ccml supplied with web to date 5.0. How the passwords are encrypted is explained in the installation section.

In addition, the script contains code to auto-login the administrator to the restricted pages. Auto-login is granted to the page if the correct encrypted password is passed to the page AND the page access is done from a registered originator IP address. Auto-login can be disabled, see Configuration section.

Web to date stores all passwords to the different pages, which are entered in the program at Datei –> Benutzer und Gruppen …, in the file w2dacl.php in the root directory of your website. This file needs to be modified with the encrypted passwords and stored manually on your website.

2. Files

login.ccml modified script for encrypted passwords and auto-login
w2dacl.php modified access list for encrypted passwords and auto-login
w2dacl.original.php original access list as generated by web to date
pass_gen.php script to generate encrypted passwords
readme.txt readme file

3. Configuration

Before you install the necessary files, you need to configure your user accounts and scripts:

  1. Replace login.ccml with the version provided here in the directory “common” in web to date's program directory. Modify all pages in web to date which are access restricted to force web to date to update the file in your website during upload.
  2. Define all users and groups for your website and generate the code (press F9).
  3. Find the file w2dacl.php in “Erzeugte Webseiten” –> “MyWebSite” (replace MyWebSite with your site's name)
  4. Use pass_gen.php to generate the encrypted passwords and replace all passwords in w2dacl.php. The passwords are stored in the array $ac.
  5. Define all IP addresses from which you want to grant auto-login as administrator to your website. This function saves you the hassle of always entering your login information to your own restricted area. You can add as many IP addresses, domain names and even dynamic DNS information as you need. Conversion to IP addresses is done with the instruction “gethostbyname”, please refer to the sample file enclosed. If you do not want to enable auto-login, then define $ac_ip[0]=“” and delete all other elements of the array $ac_ip.

4. Installation

  1. Copy login.ccml to the folder “common” of your web to date 5.0 installation (usually within folder C:\Programme)
  2. Copy pass_gen.php to the root of your website, using a FTP client. There are several free FTP clients available, for example FileZilla

5. Working steps

  1. Create your website. Generate the code within web to date.
  2. Define encrypted passwords with pass_gen.php (enter www.mywebsite.com/pass_gen.php in your browser)
  3. Replace clear passwords with encrypted passwords in w2dacl.php
  4. Define IP addresses for auto-login
  5. Upload w2dacl.php to the root directory of your website