Register users and add page same as username

[Vineet Sawant]

Hello all,

I'm putting first bricks of the social network that I've decided to make using ProcessWire.

But before I start I wish to (again) make it clear that I'm not a programmer, I'm more of a designer. I wanted to create this social network for over a year but the developers kept messing it up or charging too much so I decided to make it myself.

So, I've decided to go step by step with this. It'll be like mini facebook. Every user will have his profile page as a unique page.

Eg. http://example.com/vineet.sawant

He/she would have several things to do like posting a 140 chars long status, posting a long post, share images & links etc. 

For that I've thought of PW's page structure as follows:

Home - 

- Users(hidden page)

- - vineet.sawant

- - - - bio-page

- - - - status

- - - - posts

- - - - images

But for the first step, all I want to do is sign up user & dynamically create a page for him/her same as his/her username.

I've already tried FrontendUserProfilesPW module but it gives some error.

I wish to do this using default users api.

Can anyone guide me on how can I do this? Also most importantly, how do I create page dynamically and add specific template to it?

Thanks.

[3fingers]

Hello vineonardo

I'm on a similar project as yours, and I'm not a skilled programmer too, I'm a front-end developer and I had same question you got right now.

I'd suggest you to have a look at this 2 topics (here and here), which were enough for me to setup a user registration form with PW API.

Finally, here is a post I made where you can find my code and other userful insights.

I'm going to follow this topic, if you got other questions

Have fun!

[onjegolders]

Hi Vin, I'm guessing you'll want to handle this in the front-end using the API. There are quite a few posts out there with this same scenario.

In a nutshell you'll want to receive your form data and sanitize it, then create a new page and a new user with this data.

<?php 

// was form submitted
if ($input->post->my_submit_button) {

	// check for errors with form
	// if no errors, add a page and a user

	// first add the page
	$p = new Page();
	$p->of(false); // sets output formatting to false in order to change field values.
	$p->parent = $pages->get("/members");
	$p->template = "member";
	$p->title = $sanitizer->text($input->post->name); // sanitized your value from form and sets to title
	$p->other_field = $sanitizer->text($input->post->other_field);
	$p->save(); // save the new page
	

	// now add the user
	$u = new User();
    $u->of(false);
    $u->name = $sanitizer->username($input->post->username);
    $u->email = $sanitizer->email($input->post->email);
    $u->pass = $sanitizer->text($input->post->pass); 
    $u->save();
    $u->of(true);

}

?>

<form action="./" method="post">
	<!-- form stuff here -->
</form>

[Vineet Sawant]

@3finger, @onjegolders,

Thanks both of you, I'll try reading the topics & using the given codes.

Will keep you posted, I'm pretty sure I'm gonna have lots of questions.

Thanks again, kind people like you guys make this community so great.

[arjen]

Is "sets output formatting to false" necessary since it's a new page/user?

[onjegolders]

Is "sets output formatting to false" necessary since it's a new page/user?

I always believed so but you may be right Arjen

[kongondo]

By default, output will be formatted according filters you may have defined with the field.  If you are modifying the values of a page's custom fields, you will need to call $page->setOutputFormatting(false) before doing so. This turns off output formatting, which ensures that saved values don't already have runtime formatters applied to them. ProcessWire will throw an error if you attempt to save formatted fields.

http://processwire.com/api/variables/page/

[fmgujju]

Do we have to sanitize the password before storing?

[3fingers]

Do we have to sanitize the password before storing?

There's no need to sanitize the password, as long as you've selected a "password" field in your template to store the input text associated. Processwire will handle that for you.

[arjen]

I always sanitize all user input by default. It isn't much work and I know I'm really lazy so I have to discipline myself. It makes me sleep well at night  

[ryan]

Is "sets output formatting to false" necessary since it's a new page/user?

It's not necessary, as anytime you create something new the output formatting state is off. Of course, there's no harm in a $user->of(false); call either, but it's not technically necessary.

Another way you can create a new user:

$u = $users->add('ryan'); 

Do we have to sanitize the password before storing?

The password is actually one thing (and probably the only thing) that you really shouldn't sanitize, because you don't want to change the password they entered. What you should do instead is validate it, making sure that it's a string with some length and at least [n] characters (whatever your requirements are). By validate vs. sanitize, I mean don't sanitize (clean) what they entered, but give them an error and make them enter something new if it doesn't validate. 

[Vineet Sawant]

Hi Vin, I'm guessing you'll want to handle this in the front-end using the API. There are quite a few posts out there with this same scenario.

In a nutshell you'll want to receive your form data and sanitize it, then create a new page and a new user with this data.

<?php 

// was form submitted
if ($input->post->my_submit_button) {

	// check for errors with form
	// if no errors, add a page and a user

	// first add the page
	$p = new Page();
	$p->of(false); // sets output formatting to false in order to change field values.
	$p->parent = $pages->get("/members");
	$p->template = "member";
	$p->title = $sanitizer->text($input->post->name); // sanitized your value from form and sets to title
	$p->other_field = $sanitizer->text($input->post->other_field);
	$p->save(); // save the new page
	

	// now add the user
	$u = new User();
    $u->of(false);
    $u->name = $sanitizer->username($input->post->username);
    $u->email = $sanitizer->email($input->post->email);
    $u->pass = $sanitizer->text($input->post->pass); 
    $u->save();
    $u->of(true);

}

?>

<form action="./" method="post">
	<!-- form stuff here -->
</form>

Hey,

I was studying your code, but I'm not understanding how the page is going to be linked to the user?

I mean to know if there's a way I can connect a special page to a user if the user signup is being managed by FrontUserProfile module?

[onjegolders]

Hi Vineet,

All that will happen with this code is when navigating to members/joe-bloggs, that page will only be viewable if the current logged-in user's name matches the page name. 

Something like:

if ($page->name == $user->name) {

  // show page

} else {

 // 404

}

Which is why the page name and the user name that are created need to match.

[Eltom]

@Ryan, just a question regarding Passwords:

What happens, if I'm entering a Password like "1234" (just fpr testing without any validation, but a $sanitizer->text(...) ) and create the user like @onjegolders mentioned?

My problem is: The user and its corresponding pages are created, but the user isn't able to log in. So there's absolutely no feedback what was going wrong or am I missing something? 

Regards,

Thomas

[Soma]

You don't need to sanitize a password at all, never. Not even with $sanitizer->text().

And a password 1234 isn't valid.

[Eltom]

Thanks Soma.

So, how can I check, if a PW is valid or not? Afaik, I don't get any errors while doing $u->pass("1234");

[Soma]

Setting the password or any value directly through API won't give you any validations. This is a functionality the inputfield is usually doing and processed in a certain way (input).  If used on non interactive level the API doesn't restrict you from doing things you can't do or aren't allowed in the admin. So you ultimately you have to take care of those thing when using the API directly.

So while this works:

$u = new User();
$u->name = "test";
$u->of(false);
$u->pass = "1234";
$u->save();

 

"1234" isn't a valid password if PW's password inputfield would validate it, but it's correctly saved and works. Just not recommended to code public sign up form like this.

 

So you have to take care and add some checks to make sure its min-max length is ok and also that there's some at least 1 number and letter. 

 

If you're doing it manually and want to use the validation of the password field in PW you could use InputfieldPassword.

// "_pass" = the confirm password / actually two inputs
$p = new WireInputData(array("pass" => "1234", "_pass" => "1234")); 

$inputfield_pass = $modules->get("InputfieldPassword"); // load the inputfield module
$inputfield_pass->attr("name","pass"); // set the name
$inputfield_pass->processInput($p); // process and validate the field

// if any errors found
if($inputfield_pass->getErrors()){
    print_r($inputfield_pass->getErrors(true));
}

// or if coming from a form (POST) with the field names already "pass" and "_pass"
$inputfield_pass = $modules->get("InputfieldPassword");
$inputfield_pass->attr("name","pass");
$inputfield_pass->processInput($input->post); // process and validate the field

// if any errors found
if($inputfield_pass->getErrors()){
    ...
}

After all if you're setting a Password directly manually with the API you don't need validation, you are directly responsible to make the password strong.

[onjegolders]

Out of interest, would you be able to login to the admin with a password of 1234, presuming it was set with the API?

[Soma]

Read my previous post onjegolders.

[Vineet Sawant]

That awkward moment when people suddenly start discussing things that you don't understand!!!

[horst]

 [...]

After all if you're setting a Password directly manually with the API you don't need validation, you are directly responsible to make the password strong.

Hhm, yep. I want to note that the PW-installation routine doesn't check that. I always use(d) password without numbers

[Eltom]

@Soma: Thanks! There's a lot to learn.... *sigh*

I wasn't aware of 

$inputfield_pass = $modules->get("InputfieldPassword"); 

Regards, Thomas

[Eltom]

Setting the password or any value directly through API won't give you any validations. This is a functionality the inputfield is usually doing and processed in a certain way (input).  If used on non interactive level the API doesn't restrict you from doing things you can't do or aren't allowed in the admin. So you ultimately you have to take care of those thing when using the API directly.

So while this works:

$u = new User();
$u->name = "test";
$u->of(false);
$u->pass = "1234";
$u->save();

 

"1234" isn't a valid password if PW's password inputfield would validate it, but it's correctly saved and works. Just not recommended to code public sign up form like this.

Hi all, sorry to come back to this topic, but......

@Soma: I have no succes in using the code mentioned above. $u->pass = "1234"; is not working for me.

The user isn't able to log in, when I created him like this. But using $u->pass = "1.SomeThing"; works. So there might be some checking while creating the user, but I don't get any feedback at all what went wrong.

Any ideas?

Regards, Thomas

[Martijn Geerts]

It is exacly as Soma said if you use "$inputfield_pass = $modules->get("InputfieldPassword"); "

<Soma quote>"1234" isn't a valid password if PW's password inputfield would validate it, but it's correctly saved and works. </Soma quote>

[Eltom]

Soma said, there's no checking at all when using $u->pass("1234");

But using it without any checks leads to a "no login for you"....

Using $inputfield_pass = $modules->get("InputfieldPassword");

works exactly as he wrote, that's correct.