Starting with Wildcat! v6.1, full support for cookie-based Web Authentication was added allowing users to login using a HTML form based login method with the added ability to allow users to log off the web server without closing the browser.
Cookie Authentication support requires installation of the following web template and JavaScript files:
See the Requirements and Setup section on how to install these files.
This section will describe the above files and describe customization considerations:
JavaScript: md5.js
This JavaScript file contains public domain MD5 hashing functions used to support Wildcat! cookie-based logins. This file must never be modified.
JavaScript: cookies.js
This JavaScript file contains functions to manage browser cookies. This file must never be modified.
JavaScript: wcLogin.js
This JavaScript file contains Wildcat! specific JavaScript functions to display a predefined login form, encrypt the user credentials and set a cookie which will be detected by the Web Server.
The main function is note in wcLogin.js is the PrintLoginForm(Title) function. This function is called by login.wct to display the default login form.
This file should not be modified as it is quite possible to be updated in future updates. If you wish to modify the login form, see Login Form Customization.
WCT Template: Forgotpassword.wct
The ForgotPassword.wct file is a template (or stub) to display a note about how a user can recall his password.
This template is also prepared to check for a 3rd party LostMyPassword utility by Thom Kloss You can download wcLMP-2.0.ZIP file from Santronics Online Support.
If you do not want this option to appear in the login form, you can delete this file or create a file called http\template\custom\LoginOptionsCustom.inc and set the variable:
@set Login.ForgotPassword=0@
WCT Template: UserNotLoggedIn.wct
When a web request is unauthorized (the user is not logged in), the web server will issue a 401 response and check for the existence of one of following files:
The provided example http\errors\usernotloggedin.wct simply includes the login.wct to display the login form.
This file made be customized for your operations.
WCT Template: Login.wct
This login.wct templates puts all the above files together to call the JavaScript PrintLoginForm() function. It is designed to be called when an unauthorized request arrives or to be included in your current public home page. If you wish to modify the login form, see Login Form Customization.
By default, login.wct will call the JavaScript function PrintLoginForm(title) to display the default login form.
login.wct will also check for the optional file PrintLoginForm.wct in the public directory which allows you to design your own login form. If this file exist, it will be used to display your customize login form. Otherwise it will call the default PrintLoginForm(title) JavaScript function.
Login Form Outline and Construction:
The template login.wct is outlined as follows:
| Read options | http\template\loginoptions.inc and http\template\custom\LoginOptionsCustom.inc, if available. |
| Show optional header | http\public\Login-header.wct, if available |
| Show Login Form | http\public\PrintLoginForm.wct or http\public\wcLogin.js |
| Show optional footer | http\public\Login-footer.wct, if available. |
You have some options you can set in the file http\template\LoginOptions.inc, however the prefer way is to create a http\template\custom\LoginOptionsCustom.inc file instead which can be used to override the options set in http\template\LoginOptions.inc.
An optional header and footer file can be displayed by creating http\public\login-header.wct and http\public\login-footer.wct, respectively.
The default login form is created by wclogin.js, however, if a http\public\printloginform.wct is found, it will be displayed instead.
The goal of this outline is to minimize any changes to the default files distributed by Santronics.
Regardless of how you customize the login form, it must contain specific form names and field name attributes in order to perform the login correctly. There are two forms used for the login: The name attributes for each form are "entry" and "login" respectively.
When customizing, you can call PrintLoginForm() to display the form and use the globa JSON object wcLoginOptions to set various options for changing the display, like adding a splash image to the display (see printloginform-splash.wct) or without calling PrintLoginForm(), you can create your own look and feel using the two Entry and Login forms as illustrated here:
<form name="entry">
UserID: <input type="text" name="username" value="">
Password: <input type="password" name="password" value="">
Mode:
<input type="radio" name="mode" value="html" checked>HTML
<input type="radio" name="mode" value="client">wcNavigator
<input onClick="return doWcLoginAction(0);" type="button" value="Login">
</form>
<form name="login" action="/login" method=get>
<input type="hidden" name="js" value="1">
<input type="hidden" name="mode" value="">
</form>
The form name="login" should remain unchanged. It is required to submit the form name="entry" field information after the user information is hashed with the doWcLoginAction() JavaScript function.
The doWcLoginAction() function will prepare and set the authentication cookie and then directly submit the name="login" form to issue the proper url get request based on the mode selected:
Note, the Mode option is optional. If you do not care to provide a "WcNavigator" login option, you can simplify the form name="entry" by removing the radio options and creating a hidden field for mode=html.
Using only MODE=HTML:
<form name="entry">
UserID: <input type="text" name="username" value="">
Password: <input type="password" name="password" value="">
<input type="hidden" name="mode" value="html">
<input onClick="return doWcLoginAction(0);" type="button" value="Login">
</form>
<form name="login" action="/login" method=get>
<input type="hidden" name="js" value="1">
<input type="hidden" name="mode" value="">
</form>
The following PrintLoginForm-*.wct examples illustrate creating custom Entry and Login forms vs using PrintLoginForm() with various wcLoginOption settings:
printloginform.wct PrintLoginForm() w/ wcLoginOption printLoginForm-ajax.wct PrintLoginForm() w/ wcLoginOption printloginform-box.wct Custom PrintLoginForm() w/ Custom Entry/Login Forms printLoginForm-nav.wct Custom Entry/Login Forms printloginform-navcb.wct Custom PrintLoginForm() w/ Custom Entry/ Login Forms printloginform-splash.wct PrintLoginForm() w/ wcLoginOption printloginform-topbar.wct Custom Entry/Login Forms printloginform-topbarcat.wct Custom Entry/Login Forms printloginform-google-like.wct Custom Entry/Login Forms
WCT Template: Logout.wct
This logout.wct template is called using the /LOGOUT url. It will log off the user and display the appropriate log off display based on the original login mode; BASIC/DIGEST based or Cookie based.
If cookie, the logout is complete.
If BASIC/DIGEST, the user is logged off the web server, however the logout is incomplete because the browser must be closed. A Warning to the user is display to close the browser for a complete logoff. Howeve, wcWEB offers an method where it can make the browser clear its browser login credentials, thus offering a clean logout method.