Forum Academy Marketplace Showcase Pricing Features

Can someone log to my site when button is not clickable?

Can someone log to my site in other ways when the signup button is not clickable?

With a little bit of javascript, or changing a property in the DOM through the developer console it is easy to enable the button. In other words, do not rely on disabling a button as a security method. It’s probably best to consider a disabled button just a cosmetic thing.

https://www.w3schools.com/jsref/prop_pushbutton_disabled.asp

2 Likes

So how can I disable registration after I’ve registered myself?

It’s good UX to hide, disable or somehow signal to the user that they are already registered. eg grey the button, hide the button etc. (as you are already thinking)

All you need to do is on the workflows, have a condition or test that stops users already registered from registering again. It’s subtly tricky to do this, as you don’t want your User table privacy rules to be searchable by everyone (probably) (if registration means adding Users).

If you do try to register a user that is already registered with the email address - there will be an error - you can trap that error and manage it that way also.

I’m using the login template of bubble so it’s showing log out if I’m registered.
I meant After the inicial registration of admin (me) how to prevent others from registering and seeing the site?

is this also true for hidden elements? can a user display hidden elements by using javascript or the developer console?

Yes true, it is easy to show hidden elements with the developer console. Don’t rely on hiding elements as a security technique.

eg https://medium.com/positivenaick-analytics/5-crazy-hacks-using-inspect-element-6aabccec94c9

1 Like

Ahh I misunderstood your question, apologies.

This post might help - https://forum.bubble.io/t/restricting-app-to-logged-in-users-only/42144/3

1 Like

Thanks.
Is it enough to restrict it so it will not show to users that are not logged, or better leave the index without login and make it on another page with the same restriction?

If you do it like the example where you are checking the User “is logged in” in a workflow, that is enough to stop casual inspection in the developer console for hidden elements. And that can be on the same page., single page app style. Beyond “is logged in” you might also check for other conditions like “role is admin” (you create an attribute called role on the user for example)

There is another critical aspect to security called “Privacy Rules” you might have come across? If you are worried about security this is fundamental to understand.

1 Like