Usage
Once installed, a new dashboard page 'Automatic Sign Ins' is installed under the Members section of the Dashboard.
Select the 'Create Automatic Sign In' on that page to configure a new automatic sign in.
There are three different ways automatic sign-ins can occur:
By IP Address This uses IPv4 addresses for matching. Individual IP addresses can be entered, seperated by commas, and/or ranges can be described by entering two IP addresses seperated by a dash, e.g. 82.1.100.22-82.1.100.30
Example use-case:
You may be running a website with some protected content such as academic resources, which is generally not available to the public. In this case you would create a user for the site that has access to this protected content, and then set up an automatic login for that user for all IP addresses within a network (e.g. a university or school). This avoids having to inform users of a username and password, but still prevents visitors from outside a network from directly accessing content.
By Referrer URL A Referrer URL is send by a browser when visiting a page, with it being the URL that the browser was previously on (i.e. the page where a link to a page was clicked).
Example use-case:
You may have some content on a website that you protect with permissions, but wish a group of users to be able to access the content only if they have come from a particular domain. In this case you would place a link to your site on another site, and enter in the URL of that page when configuring the automatic login.
This might be for a professional organisation that has it's own membership/login system on another site, but you do not want (or can't) set up single sign on on your concrete5 site, but want to restrict access to those users. Visitors that copy and paste the URL to your site and access it directly won't be logged into your site as they won't have come from the Referrel domain/url you specified.
For both above matching criteria, a page on the site can also be selected, further restricting where the automatic login can take place.
By Visiting a Page This approach will log in a user when they visit a specified page, regardless of their IP address or Referrer URL.
Example use-case:
You may have a requirement on your site that certain content only be accessed once they have completed a form on your site. In this case you could set a form to redirect to a hidden thank you page, and then that page be used as the page where automatic login occurs. In this case a visitors cannot access the protected resource without landing on the thank you page first.
Manually clearing configurations Whilst this add-on has been designed to never lock an administrator out of their site, if there is the need to immediately clear all automatic logins without using the dashboard page, this can be done by manually deleting the file located at /application/config/generated_overrides/msv_auto_sign_ins/users.php
Caution:
Please take care when configuring automatic sign ins, as to not accidentally allow access to editing controls or protected content you aren't intending. The add-on will highlight if when the super administrator user or users in the Administrators group is used, but will not stop you from doing so.
Also note that using referrer URLs to protect content is not completely secure - if the referrer URL is recognised as the reason for access, a technically skilled user can perform 'referer spoofing', to pretend they have come from that URL. Therefore it is recommended to not use this add-on to protected highly valuable resources or downloads.
Disclaimer: as per the marketplace licensing, neither concrete5 or Mesuva can not be held accountable for unintended site access through the use or mis-use of this add-on.