Logon Button element

When a user wants to edit the content of a page, he or she must authenticate with a username and a password. By clicking the WebYep Logon Button, which can be placed anywhere in any page, a popup window containing the logon form opens. After entering the correct username and password combination, that page will appear in 'edit mode'.

The WebYep Logon Button code

<?php webyep_logonButton(true); // WebYepV1-2 ?>

Arguments for the function call

  1. true/false: A boolean - whether the logon button should be visible.
    true if it should be visible.
    false if not - the button will still be there and clickable (if you know where to click).
    Independently of this setting, logging in still requires the correct username and password!

Screenshots

wylocks
The login and logout icons.
wylogon
The login window, showing the username and password boxes.

Other notes

The Logon Button does not have to be placed on every editable page. Placing it on one page is enough - after successful logon every editable page will be display in edit mode until the user logs off by clicking the Logon Button again (which will look a bit different when logged in).

This is accomplished by setting some (partially encrypted) Cookies in the users web browser - thus it is necessary to enable Cookies in your web browser to edit the pages content with WebYep.

Important: The username and password are temporarily stored as cookies, within the users computer memory. The password is stored encrypted in a way that is only valid for one day - so even if someone gets hold of the users computer and is able to read out the browsers memory, this attacker wont know the password and the stolen cookie will not be of any use the day after the user entered the password.

Nevertheless username and password are transferred unencrypted when logging in - so if some hacker is able to listen to the users network communication while logging in (like recording key strokes on a computer keyboard), he or she could get hold of the login credentials. The only way to avoid this, is to use an encrypted HTTP connection (https, SSL).