PageSafe or other alternatives for a secure login site

Hi all,

I have Joe Workman’s PageSafe stack, which is great but has a few limitations and security flaws.

Does anyone have a suggestion for other stacks or method so that my clients staff can log onto their site with a password and have access to a number of pages.

The issue with PageSafe is that if you go into your history you can log into the page again without a passcode even though I have the expire period set to 1 minute and I have logged out of the page. Not a huge issue as theoretically I must have used a password to log in in the first place but it would be much safer if you could not access the page again without the password via your history.

Any thoughts of other options and suggestions would be greatly appreciated.

Cheers Scott

Hi, Scott,

Many of us use the superb Sitelok from Vibralogix. This is a complete membership ecosystem that includes semi-automatic e-mail handling and many free and paid plugins. Any feature that you need, you will find in Sitelok. And the tech support is second to none.

Joe Workman has special stacks that help setting up Sitelok with minimal fuss.

2 Likes

Would love to see a site that this happens on, just tried a site of mine and it does NOT do this.

2 Likes

Hi ya zeebe,

Mmmm…so when you go to your history and go to the page that should be within the page safe you can’t access it?? Is that correct?

Wonder why I can access mine, obviously I can’t access the page that has the PageSafe stack on it but the other pages I can access.

Here is the test site I have drafted…
https://testbodylogic1.rapidwebsites.net
password is 1234

There a 3 sub-pages within the “locked” PageSafe and these are the ones I can access from history.

Cheers Scott

Robert @zeebe can answer better, but my understanding is pagesafe only protects the single page it’s on, not subpages. You can put PageSafe on those pages with the same passcode, but just making them subpages will not protect them, not only from history but with a direct URL.

1 Like

Yes, if you do NOT have pagesafe on ALL three sub-pages, then they will NOT be locked. Put them on all of the pages you want locked, give them the same PageSafe ID and when you unlock one, you unlock all. When you lock one, you lock all.
Make sense?

Hi zeebe,

Ok I think I understand…I need to put the PageSafe stack on each of my pages…calendar, documents, videos. All with the same PageSafe id as the first log in page, then when a person logs in on the first login page it will unlock all page links and when they log out they can’t get back in via history.
Have I got that correct??
Cheers Scott

Ok, sorry another question.
I see that there is a “Logout” stack with a red icon and a “Stack Safe” stack with a grey icon. Both have the same description “Logout of a webpage signed in with PageSafe” both I have are v1.4.0
What is the difference between these 2 stacks and under what situations would I use them differently.
I currently just the “Logout” stack with a red icon and a button stack to log out.
Thanks very much for all the assistance.
Cheers Scott

Thanks for pointing that out, will tell Joe to fix the description of that stack. The Stack Safe stack you can use on like a landing page. If people are logged into the account, then they can see certain info on the landing page and other people (the ones not logged in) will see something different.
Make sense?

Yes, you got this right

Thanks mate…owe you a drink.

And…I have done as you have suggested. Placed the PageSafe on each of my pages and works a treat. But…I have the logout with a button set to go back to the Home page but it no longer does that. It goes to the initial PageSafe page with the section to enter the password. I would like one on log out tom go back to the home page. This was happening with just my first setup with just the one instance of the PageSafe stack but now that I have actually 4 instances of the stack the Logout button doesn’t return to the home page link?
Any thoughts why this may be happening now?
Cheers Scott

Don’t have time right now to try a setup like this, maybe later today, but I will look into it and get back to you.

No worries…really appreciate your help.
Cheers Scott

I agree with @Rovertek. Just about everyone who has used SiteLok swears by it. It is incredibly easy to set up (despite the large manual) even without @joeworkman’s stacks.

1 Like

I strongly recommend Sitlok. PHP coded. After many tests, I have found this app to be exceptionally flexible, and it is pretty much bulletproof.

Support from author, Adrian Jones, is truly outstanding.

Star rating 10 out of 10

Yes. SiteLok rules by a mile.

For RW, SiteLok rules by a mile. I have not found Joe’s stacks for SiteLok very helpful. Basically, you want to lock out unauthorized users. SiteLok is bulletproof here.

If you want to set up an industrial strength membership/subscription site, put a WordPress site on top of your RapidWeaver site, and use one of the industrial strength membership management plugins for WordPress. Use the WordPress site to handle all of the member/subscription management functions, blogs, and bulletin boards. Provide links down to you RW site.

When you use WordPress, be sure to install Elementor and Elementor Pro plugins. These are the best visual editing plugins.

The best of these are PaidMember Pro, Restrict Content Pro, and Member Mouse. All of these require you to have plugins to access the banking system. The plugins of choice here are Stripe and Woocommerce. And, if you are collecting money, do not forget to obtain an SSL certificate.

Two best plugins for learning management systems are LifterLMS and LearnDash.

Two best themes for learning management systems (LMS) are Elumine and Astra. Astra has an integration for LifterLMS. Elumine comes with an integration for LearnDash.

Last thing I might mention is that WordPress is a total kluge for content development. I do that in RW and then move the content over to WP or link to warehouse files from RW. Unlike RW, WP also requires that your video be located in Vimeo or Youtube. In RW, your media files can be located in Resources.

The key thing here is that WP stuff is coded in PHP. PHP executes before HTML. Consequently, PHP security code has priority over HTML code, and it is therefore inherently more secure.

Sitelok is amazing (its why I created the stacks for it). Also thank you for the kind words about my stacks.

However, there are times that you don’t need Sitelok. If all you want to do it password protect a page or display certain content areas with a simple passcode/pin, PageSafe fits the bill. There is no need to implement Sitelok when PageSafe does the job.

Its all about knowing the right tool for the job.

As a PageSafe discussion is going on, I would like to hijack this topic. Or do you mind @scottjf? :wink:

Although I already purchased PageSafe I’m not sure if it’s working for my usecase, so I really would appreciate any advice.

The usecase:
Direct users to different sites based on their entered passcode.
e.g. User1 got Passcode 1234 enters it on the homepage and goes to Site1. User 2 got Passcode 4567 enters it on the same homepage and goes to Site2.

During research I stumbled upon some sorts of “nested page safe stacks” but I wasn’t been able to figure it out. So pls help or just give me the relive that it doesn’t work with PageSafe an I will buy Sitelok :wink:

Thanks in advance!
Lutz

Hi Lutz

I’m not sure if that is possible…there is a “redirect on logout” to a url but that doesn’t help you and there is a “redirect back on login” but I’m not really sure of the use case for this.

But if Joe put in another “redirect on login to a url” then that may work if you can have 2 PageSafe stacks on the one page…also not sure if this is recommended.

Sorry not a help, have you asked Joe if and how??

Cheers Scott