Server-side way to disable logins for all users
Hello all,
In my ZEN login page, I found a way to bypass the submit button and force a user to click on the Sign In button, thus forcing the code to call my OnSubmit(), like this:
<!--ondefault="return true;"--><!-- this removes the ability to use "return" to login - forces button click to login -->
<text name="CacheUserName" />
<password name="CachePassword" />
<!-- the submit button is special, and submits automatically without checking first -->
<!--<submit caption="Login" id="login" /> -->
<button caption="Login" id="login" onclick="zenPage.onsubmit()" />
<
</loginForm>
ClientMethod onsubmit() [ Language = javascript ]
{
if (zenPage.getProperty('LoginsDisabled') == '1') {
alert('Logins are currently disabled');
return false;
}
var form = this.getComponentById('loginForm')
var x=form.submit();
return true;
}
In effect, this allows us to disable logins for all users, with the stroke of one global setting.
This works, and we're able to set a flag (which the LoginsDisabled property reads) to disable logins. There's a HUGE problem with this -- it's in the clear, in javascript code.
Question: is there any way to do this on the server side, so that prying eyes can't get around it?
Note: I changed this method to a ZenMethod, but there is no server-side method to submit() the form -- only a client-side method.