How to Create a Password Protected Simulation

This feature is available in Broadcast Pro and Broadcast Enterprise only.

Forio Broadcast Pro and Broadcast Enterprise allow you to create, edit, and delete password protected simulations.

As the simulation administrator, you can set-up facilitator subscriptions to your simulation. Then you, or the facilitators that you have designated, can assign passwords to user accounts. Account information can be automatically emailed to new users.

Password-protected users accounts will help keep your simulation private. These user accounts will also allow you monitor usage and high scores.

Example of a Simple Login Page

 

There are four steps to creating a password-protected simulation:

  1. Set simulation access control within Broadcast to Only accessible with a password.

  2. Tell Broadcast the name of your login web page (for example, login.htm).

  3. Create your login web page.

  4. Create a user account with a password

Controlling Simulation Access

By default, your Broadcast Pro or Enterprise simulation is publicly accessible. You can make your simulation either only accessible with a password, or temporarily accessible for a trial period without a password, after which a password is needed to login.

To change your access settings to that your simulation is only accessible with a password, do the following:

Select Account  » Simulation Settings from the Broadcast Pro or Enterprise menubar.

Under Access Control, set Simulation Access to Only accessible with a password

Click the Change Settings button at the bottom of the page

Identifying the Name of Your Login Page

Broadcast Pro and Enterprise give you the ability to design your own login page. This way, you can match the graphic design of your login page with the rest of your simulation, or direct people to other resources on your web site.

Login pages are particularly useful for password-protected simulations, but you can also define a login page for public simulations so that special features of your simulation are available only to users who have an assigned account name and password.

To set the name of your login page, follow these steps:

Select Account  » Page Settings from the Broadcast Pro or Enterprise menubar.

Under Login Process, set the names of your login web pages.

As shown in the example above, you can use the same web page for several processes. Alternatively, you can create a separate web page for each process.

Click the Save Pages button at the bottom of the page

Creating a Login Page

After you have identified the name of your login page within Broadcast Pro or Enterprise, you need to create a page with that name in your interface directory.

Creating a basic login page is simple. The only items your login page must have is a form with a field named FD_loginid and another field named FD_password.

A zipped file containing a sample login page can be found here:
http://www.forio.com/broadcastdocs/downloads/login.zip

Below is a simple login page that includes the FD_loginid and FD_password fields in a form:

 

<HTML>
<BODY>

<FORM METHOD="POST" ACTION="index.htm">

User Name:<BR>        
<INPUT TYPE="text" NAME="FD_loginid">
<BR><BR>

Password:<BR>
<INPUT TYPE="PASSWORD" NAME="FD_password">
<BR><BR>

<INPUT TYPE="SUBMIT" NAME="login" VALUE="Login and run the simulation" CLASS="smallfont">

</FORM>
</BODY>
</HTML>                                                                                              
 

 

This HTML will create a web page that looks like this:

 

Login Status Messages

You can enhance your login page with messages based on the status of the login. For example, you can warn the user if a bad user name or password was entered, or if their free trial subscription has expired.

Messages can be set by checking the status of FD_message from Broadcast. The following are valid FD_message values for the login page:

FD_message

Description

logout

The user has logged out of the simulation. You can create a logout by adding the parameter FD_action=logout to a link. For example:

<A HREF="index.htm?FD_action=logout">Logout</A>

timeout

The simulation has been inactive (no new page views) for thirty minutes and the user has been logged out for security.

accessdenied

The user has enter an invalid password or user name.

trialexpired

The user public trial subscription has expired.

subscriptionexpired

The subscription for this user account has expired.

error

An internal error has occurred.

sent_password

The password has been mailed to the user

sent_password_no_users

The password has been requested but no users exist for the given username or password

sent_password_error

An internal error has occurred when sending the password (usually a problem with the mail server).

 

Below is a simple login page that combines FD_message with the login form to create a login page:

 

<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>

<BODY>
#if ($Lib.getParameter("FD_message") == "logout")
<P> Thank you for using the simulation.  Please enter a username and password to play again.

#elseif ($Lib.getParameter("FD_message") == "accessdenied")
<P> Invalid username or password.  Please try again.

#elseif ($Lib.getParameter("FD_message") == "trialexpired")
<P> Your trial subscription has expired. Please log in with a username and password.

#elseif ($Lib.getParameter("FD_message") == "subscriptionexpired")
<P> Your subscription has expired. Please log in with a username and password.

#elseif ($Lib.getParameter("FD_message") == "sent_password")
<P> Your password has been sent to the email address on file.

#elseif ($Lib.getParameter("FD_message") == "sent_password_no_users")
<P> No users have been found matching the provided user name and/or email.

#elseif ($Lib.getParameter("FD_message") == "sent_password_error")
<P> There was an internal error when emailing the password.  Please try again later.

#elseif ($Lib.getParameter("FD_message") == "error")
<P> You were not able to log in due to an internal error.  Please try again later.

#elseif ($Lib.getParameter("FD_message") == "timeout")
<P>Your simulation has been inactive and you have been logged out to keep your simulation
secure. Please enter your username and password to return to your simulation.</P>

#else
<P>Welcome to the simulation.</P>

#end

<FORM METHOD="POST" ACTION="index.htm">

User Name:<BR>        
<INPUT TYPE="text" NAME="FD_loginid">
<BR><BR>

Password:<BR>
<INPUT TYPE="PASSWORD" NAME="FD_password">
<BR><BR>

<INPUT TYPE="SUBMIT" NAME="login" VALUE="Login and run the simulation" CLASS="smallfont">

</FORM>
</BODY>
</HTML>                                                                                                  
 

 

Allowing Users to Request Passwords By Email

You can build a page that allows users who have lost their password to request another be sent by email.  You will need to do 3 steps:

  1. Create a page "sendpassword.htm" that allows the user to enter in either their user name or their email address.

  2. Designate the page "sendpassword.htm" as a public page that does not require a password to access.

  3. Confirm that the simulation does not encrypt passwords.

Creating a Password Request Page

Create a page named "sendpassword.htm" with the following content:

 

<HTML>
<HEAD>
<TITLE>Send Password</TITLE>
</HEAD>
<BODY>

<P>Please enter your user name OR your email below.  Your password will be emailed to the address on file.

<form name="form1" method="post" action="login.htm">
<input type="hidden" name="FD_action" value="send_password">

<TABLE  BORDER=0 >
<TR>
 <TD CLASS="smallfont">User Name: </TD><TD>
   <INPUT TYPE="text" SIZE="20" style="width: 200px;" NAME="FD_loginid" VALUE="">
 </TD>
 <TD>
     <INPUT TYPE="SUBMIT" NAME="login" VALUE="Request Your Password" CLASS="smallfont">
 </TD>
</TR>
<TR>
 <TD COLSPAN=3>&nbsp;</TD>
</TR>
<TR>
 <TD>Email: </TD><TD>
   <INPUT TYPE="text" SIZE="20" style="width: 200px;" NAME="FD_email" VALUE="">
 </TD>
 <TD>
     <INPUT TYPE="SUBMIT" NAME="login" VALUE="Request Your Password" CLASS="smallfont">
 </TD>
</TR>
</TABLE>
</BODY>
</HTML>                                                                                                  
 

 

This page looks something similar to this:

The magic field is the following:

<input type="hidden" name="FD_action" value="send_password">

 

This signals Forio Broadcast to look up the given user.  If the field FD_loginid is filled in, Broadcast will look for the user matching that user name.  If the field FD_email is filled in, Broadcast will look up the users that match that email address.  Then Broadcast will send all the matching users (generally just one) an email with their account information.  After the password is emailed the user will be sent automatically to the login screen.

Designating the Password Page as a Public Page

In order for the user to visit the page "sendpassword.htm" before logging in, you will need to designate this as a public page.  

Select Account  » Page Settings from the Broadcast Pro or Enterprise menubar.

Under Public Pages enter "sendpassword.htm".  This allows the user to access the page without having previously logged in.

Confirm Simulation Passwords are Not Encrypted

Forio Broadcast can optionally store all user passwords in encrypted form in the database.  This may be more secure for highly confidential apps.  However, such passwords cannot be emailed to the user.  (This encryption is a one way process).  In order to make the emailing of passwords work correctly you will need to be sure that the passwords in the database are not encrypted.

Select Account  » Simulation Settings from the Broadcast Pro or Enterprise menubar.

Under Password Encryption be sure this is set to "Not Encrypted".

 

For More Information

Sample HTML files corresponding to this section are available for download at: http://www.forio.com/broadcastdocs/downloads/login.zip

To learn how to set up user accounts, read:

How to Create Users and Groups