Best way to deal with a client login

[Sylvio]

I have a customer who wants to provide a client login for his distributors, a password protected area where they can

download high-res images, product guides, etc...

I found a topic posted by Ryan and wandered if this is still the best way to do it in PW (2.0 latest release):

http://processwire.com/talk/index.php/topic,17.0.html

Sylvio

[ryan]

That is still a good approach, but here is another you can take that's a little simpler (if it suits your needs). You would want to be running the latest commit of 2.1 for this.

1. Create a new role in Access > Roles.

Name it "distributor" (or whatever you want). Add only the "page-view" permission to it.

2. Create a new template that will run on the password protected page(s).

On that template's "access" tab, uncheck the "guest" role, and check the "distributor" role in the "view pages" column.

Also on the "access" tab, in the field labeled "What to do when user attempts to view a page and has no access?" – select "Show the login page".

_{(Also, just a note in case you change it: on the "URLs" tab, URLs must be set to end with a slash [which is the default setting]. This is required for templates that use a login.)}

3. Create your password protected page(s).

Select the template you created above as the template for this page. The page is now password protected.

4. Create your user(s) that will have access to this page.

Give them the "distributor" role.

5. Your done.

When someone hits the URL to it, they'll get a login form. Upon completing a login, they'll see the password protected page.

[Sylvio]

Ryan,

That's fine by me, but I need to upgrade to PW2.1, I don't see an issue with this, because the client is filling up the website with content and the launch will be september.

Is PW2.1 ready for production purposes? and if so, can you assist me with the upgrade.

I can test it first on the PW website on my server, which is of course an exact copy of the one on their webserver.

You can have a look at the project (bare in mind that the content is not all there yet:-))  www.showled.tv

It uses alot of features of PW and plugins, the form plugin I extended with a save to database function, so all their from subscriptionsare saved to a db table, in the backend there is a 'non-guest' page with a table-view which accesses that db table, from there on they can print, export to excel, pdf, etc....

I love the flexibilty of PW, it's amazing, I hope you'll keep on putting your heart and soul into it, cause it will be my CMS of choice from now on!

Regards

Sylvio

[ryan]

That's fine by me, but I need to upgrade to PW2.1, I don't see an issue with this, because the client is filling up the website with content and the launch will be september.

If it's something that you need to implement right away, then you may be better off to go with the other method that you linked to, as that will work in either version.

Is PW2.1 ready for production purposes? and if so, can you assist me with the upgrade.

It is ready for production purposes, but not yet in it's first official release version. In addition, the upgrade script is being developed as a separate project targeted for September, so you may want to stick with 2.0 a little longer.

I also want to clarify that you don't necessarily have to upgrade. I won't be upgrading my existing 2.0 sites unless/until the client wants to do something that only 2.1 can do. If any major bugs turn up, the 2.0 source tree will still be updated.. it just won't have new features added to it.

If you decide you want to upgrade, let me know as I'm looking for testers of the new upgrade script. Of course, you'll only want to perform this upgrade in a non-production environment where you can test everything and easily revert if any problems appear.

You can have a look at the project (bare in mind that the content is not all there yet:-))  www.showled.tv

Looks like a very well produced site! Be sure to post in the Showcase forum once officially launched so that we can add it to our site directory.

It uses alot of features of PW and plugins, the form plugin I extended with a save to database function, so all their from subscriptionsare saved to a db table, in the backend there is a 'non-guest' page with a table-view which accesses that db table, from there on they can print, export to excel, pdf, etc....

Very nice! Sounds great!

I love the flexibilty of PW, it's amazing, I hope you'll keep on putting your heart and soul into it, cause it will be my CMS of choice from now on!

Thanks for the kind feedback. I've been developing PW since 2003 (though under the name Dictator before), and has been and will continue to be a long term project here. Nearly all of my client work uses PW, so the project has always been one that will continue to be developed regardless of whether other developers are interested in using it or not. But the fact that so many have taken interest in it is definitely a big motivator to make the project better and better. Version 2.1 is the first version driven largely by the input and help of the PW community, so I'm very excited about that.

Thanks,

Ryan

[AnotherAndrew]

How could I redirect the page to a custom login form in a modal box overlay?

[ryan]

I think this really just depends on what you are using to handle your modal dialog. Without knowing specifics, I'd say your modal dialog content should be set to an iframe pointing at your login page. And your login page should be output in a manner that looks good in a modal dialog (i.e. probably just the content area and not header/footer.

[AnotherAndrew]

Thanks Ryan. The iframe option would definitely work, but I am having a hard time understanding what the url would be based on creating a login form as it was described earlier in this thread.

Would I want to choose another url in the access tab or select show the login page?

[ryan]

If I'm understanding correctly, I think you'd want to create your own template to handle the login, create a page, give it that template, and then set it to redirect to that page to handle the login. That way you'd have full control over how the login page is branded and presented. I believe there are one or two other threads that demonstrate how to create your own login templates, but let me know if you can't find them and I'll track them down.

[AnotherAndrew]

Ryan it would be great if you could share some tips on how to implement a custom login script.  Everything that I found on the forums has been geared towards the previous build of PW.

Perhaps a tutorial on how to do so would be good?

Thanks for sharing PW. I love the simplicity of the system!

[ryan]

Creating your own login template is a pretty simple thing. I recommend creating a template called "login" and putting the following in it:

<?php

// $out is where we'll keep our output
$out = '';

// $form is where we'll keep our custom login form
$form = "
   <form action='./' method='post'>
       <p><label>Username <input type='text' name='user' /></label></p>
       <p><label>Password <input type='password' name='pass' /></label></p>
       <p><input type='submit' name='submit_login' value='Login' /></p>
   </form>";

if($user->isLoggedin()) { 
   // user is already logged in 

   if($input->get->logout) {
       // page was accessed with ?logout=1 GET variable, so log them out
       $session->logout();
       $session->redirect('./'); 
   } else {
       // tell them they are logged in and how to logout
       $out = "<p>You are logged in. <a href='./?logout=1'>Logout?</a></p>";
   }

} else if($input->post->user && $input->post->pass) {
   // user submitted the login form

   if($session->login($input->post->user, $input->post->pass)) {
       // user was authenticated and logged in
       $session->redirect('./'); // or redirect to your members-only page
   } else {
       // the login failed
       $out = "<p class='error'>Login failed</p>";
       $out .= $form; 
   }

} else {
   // user arrived at login page for first time
   $out = $form; 
}

include("./head.inc"); // your site header, if applicable
echo $out; 
include("./foot.inc"); // your site footer, if applicable

Then assign the above template to your page, and you are set.

Another approach you can take is to use PW's existing ProcessLogin module (the same one used by the admin). This takes less code as PW handles creation of the login form and the login logic. But you'll have to use and style PW's login form rather than your own. Here's how to create a template using PW's ProcessLogin module:

<?php

$out = '';

if($user->isLoggedin()) {
   // user is already logged in

   if($input->get->logout) {
       // user asked to logout – logout request via URL: ./?logout=1
       $session->logout(); 
       $out = "<p>You have logged out</p>";
   } else {
       // user is logged in, give them a message or redirect them
       $out = "<p>You are logged in. <a href='./?logout=1'>Logout?</a></p>";
       // or redirect them to your members-only page: $session->redirect('/path/to/page/'); 
   }

} else {

   // user is not logged in. present the login form from ProcessLogin module,
   // along with any system notices to accompany the process.

   $process = $modules->get('ProcessLogin');
   foreach(wire('notices') as $notice) $out .= "<p>{$notice->text}</p>";
   $out .= $process->execute(); 
}

include("./head.inc"); // your site header, if applicable
echo $out; 
include("./foot.inc"); // your site footer, if applicable

[AnotherAndrew]

Ryan, thanks for the example. And this is getting me up and running. However, I just wanted to post a correction to your first example since you were missing a ")" in that code:

<?php

// $out is where we'll keep our output
$out = '';

// $form is where we'll keep our custom login form
$form = "
    <form action='./' method='post'>
        <p><label>Username <input type='text' name='user' /></label></p>
        <p><label>Password <input type='password' name='pass' /></label></p>
        <p><input type='submit' name='submit_login' value='Login' /></p>
    </form>";

if($user->isLoggedin()) { 
    // user is already logged in 

    if($input->get->logout) {
        // page was accessed with ?logout=1 GET variable, so log them out
        $session->logout();
        $session->redirect('./'); 
    } else {
        // tell them they are logged in and how to logout
        $out = "<p>You are logged in. <a href='./?logout=1'>Logout?</a></p>";
    }

} else if($input->post->user && $input->post->pass) {
    // user submitted the login form

    if($session->login($input->post->user, $input->post->pass)) {
        // user was authenticated and logged in
        $session->redirect('./'); // or redirect to your members-only page
    } else {
        // the login failed
        $out = "<p class='error'>Login failed</p>";
        $out .= $form; 
    }

} else {
    // user arrived at login page for first time
    $out = $form; 
}

include("./head.inc"); // your site header, if applicable
echo $out; 
include("./foot.inc"); // your site footer, if applicable

[ryan]

Good catch, I've updated the original code example too.