Support

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Have not seen one in this regard
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 3.1.5
PHP version: 5.4
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: latest

Description of my issue:

There is this double layer login for administration which has been enabled in my site so that administrator has to put separate username and password before being redirected to actual admin login page.

This works fine but the problem is that I recently see in frontend (I have only seen in Jevents extension) when you click on the menu, the popup appears and it asks you to enter username and password which you normally have to fill to be redirected to the joomla login page.

I am not sure how that feature now showing itself in frontend. It does not happen all the time but sometime you click say on Create Event (as a registered user) and this login popup appears.

Have you had anyone else having similar problem?

Thank you.

I just have also small question or maybe feature request on this double layer login protection. In my site there is a Superuser and various types of moderators which need to login to backend and they have only access to one specific component. The problem is that I want a double layer login protection say for Super User or Administrators but not for Moderators.

Is there a way of setting this double layer login only for Super User or Administrator, if there is not as a menu, would be a small code addition to enable this feature only for users with certain IDs or certain User groups?

Thank you.

Ok thank you for clarification, I will definitely contact Jevents, the developer is normally very helpful.

What about the second part, disabling this for some users with limited access? Would this cause a security breach?

Thank you.

Okay, the issue in Jevents will be resolved within next two weeks. I still want to recommend a feature.

The issue is, a site can have various moderators which their access to backend sometimes is unavoidable but they have limited menu access in backend maybe one or two.

However for them to access backend, site Super User has to inform them both user name and password for admin password protection as well as url to login to backend. If these information leaks for any reason, site would become vulnerable. As a suggestion, it maybe possible to make the url setup selective for usergroups or there maybe another way?

Thank you.

OK, there is a large site with 10 user groups which can access the backend. All will have to have the username and password which is set in server level. This is fine.

However say if admin url is different say you can set

www.domain.com/administrator?moderators for selective user groups when they type in, they would have to put the server level password

www.domain.com/administrator?superuser for Superuser and administrator (or selective again)

Above URL arrangement is not in server level and possibly can be arranged selective, yes if information leaks or stolen from one of backend login people it would give away server level username and password but only parts which is accessed with that specific user groups maybe hacked.

So just an idea, it may not be like this, trying to find a way.