Search the Community

Sorry folks if this is obvious to most and I missed something in the docs or here in the forum, but, I have cheerfully used code such as: if($user->isLoggedin()) { echo " loggedIn"; } else { echo " notLoggedIn"; } in PW 2.x sites. Now on a v3 site I am finding even the most basic test to see if the viewer is logged in or `isSuperuser()` is not giving an error but simply doing nothing - not evaluating. For example, the top of a typical template reads: <?php namespace ProcessWire; if($user->isLoggedin()) { echo " loggedIn"; } else { echo " notLoggedIn"; } I have `debug` turned on. Is there something obvious I have missed, perhaps a step required for v3 that's not required for v2 to allow access to $user data? Thanks for any pointers.

I have my own register-login-profile/account page system. I know that Ryan recently released an official module for this, but there may be an advantage to having my own custom solution. Anyway, it seems to work well. But, I have been getting annoying Russian hack attempt accounts, mostly as 'guests' that don't bother to use the activation link. Most if not all of these accounts have this in the name field: No Subscription Detected Not Recognized ...which makes them relatively easy to filter out from real name accounts. Where do these "strings" come from? I can't find them in Processwire's source. Are the hackers using some kind of tool that inserts these for some reason? Or is it a PHP thing? Does anyone recognize them? Does it mean they are using some kind of backdoor instead of the registration form? In general, what are the best practices to secure my registration form, prevent spam accounts, etc.? I'll start with adding a check to block IP addresses that try to register with 'Not Recognized' etc. in the name field I guess.

This module hooks into the login method to provide the possibility to login with the user's email address. This is my first module and it's very simple. Please provide feedback if you have any suggestions. Thanks The module can be found in the module repository: https://modules.processwire.com/modules/login-with-email/ or on github: https://github.com/noelboss/LoginWithEmail

I hope this is the correct place to post this. I currently am building a "dashboard" that displays some stats etc, but also handles login/logout with a form. Currently, when a user uses the form on the homepage, they redirected (if the credentials are correct) to the backend of processwire. However, I was hoping to direct the user back to the dashboard and display an alert (for now until I get a library to handle this). I got it somewhat working if I dont redirect the user. However, if I refresh the page, the alert still "pops up". Does anyone know of a way to redirect to the home page, but then display an alert? My Code to login: <?php if($input->post->user && $input->post->pass) { $user = $sanitizer->username($input->post->user); $pass = $input->post->pass; if($session->login($user, $pass)) { // login successful $session->redirect($dash); } } ?>

How to track user active time based on session login and logout. Basically, I want to get the report that each user login time and logout time/session inactivity time. Is there any module available or we can use any hooks to simulate the above. Thanks in advance for your support.

Hi all, Im working on a photography website where users can comment and like on photos (which are pages). I solved the comment part with the comment module, but I also want a 'like' system. Which includes; - Like a photo. Like count on the photo adds up. - If user has a few favourite photos, i would like a 'Favourites' section on the user profile page, with all of the liked photos. - Apart from the likes, i would like to have a page 'Most liked photos of this week', so each week the community can see the photos with the most likes that week. I came across the Like plug-in, but i would like to have a little more tailored solution and keep it to logged-in users only and be able to see all of the liked photos of a user. Any idea how to keep track of the likes and build a 'Most liked this week' page? Help would be appreciated! Thnx.

OAuth2Login for ProcessWire A Module which give you ability to login an existing user using your favorite thrid-party OAuth2 provider (i.e. Facebook, GitHub, Google, LinkedIn, etc.).. You can login from the backend to the backend directly or render a form on the frontend and redirect the user to a choosen page. Built on top of ThePhpLeague OAuth2-Client lib. Registration is not handled by this module but planned. Howto Install Install the module following this procedure: - http://modules.processwire.com/modules/oauth2-login/ - https://github.com/flydev-fr/OAuth2Login Next step, in order to use a provider, you need to use Composer to install each provider ie: to install Google, open a terminal, go to your root directory of pw and type the following command-line: composer require league/oauth2-google Tested providers/packages : Google : league/oauth2-google Facebook: league/oauth2-facebook Github: league/oauth2-github LinkedIn: league/oauth2-linkedin More third-party providers are available there. You should be able to add a provider by simply adding it to the JSON config file. Howto Use It First (and for testing purpose), you should create a new user in ProcessWire that reflect your real OAuth2 account information. The important informations are, Last Name, First Name and Email. The module will compare existing users by firstname, lastname and email; If the user match the informations, then he is logged in. ie, if my Google fullname is John Wick, then in ProcessWire, I create a new user Wick-John with email johnwick@mydomain.com Next step, go to your favorite provider and create an app in order to get the ClientId and ClientSecret keys. Ask on the forum if you have difficulties getting there. Once you got the keys for a provider, just paste it into the module settings and save it. One or more button should appear bellow the standard login form. The final step is to make your JSON configuration file. In this sample, the JSON config include all tested providers, you can of course edit it to suit your needs : { "providers": { "google": { "className": "Google", "packageName": "league/oauth2-google", "helpUrl": "https://console.developers.google.com/apis/credentials" }, "facebook": { "className": "Facebook", "packageName": "league/oauth2-facebook", "helpUrl": "https://developers.facebook.com/apps/", "options": { "graphApiVersion": "v2.10", "scope": "email" } }, "github": { "className": "Github", "packageName": "league/oauth2-github", "helpUrl": "https://github.com/settings/developers", "options": { "scope": "user:email" } }, "linkedin": { "className": "LinkedIn", "packageName": "league/oauth2-linkedin", "helpUrl": "https://www.linkedin.com/secure/developer" } } } Backend Usage In ready.php, call the module : if($page->template == 'admin') { $oauth2mod = $modules->get('Oauth2Login'); if($oauth2mod) $oauth2mod->hookBackend(); } Frontend Usage Small note: At this moment the render method is pretty simple. It output a InputfieldForm with InputfieldSubmit(s) into wrapped in a ul:li tag. Feedbacks and ideas welcome! For the following example, I created a page login and a template login which contain the following code : <?php namespace ProcessWire; if(!$user->isLoggedin()) { $options = array( 'buttonClass' => 'my_button_class', 'buttonValue' => 'Login with {provider}', // {{provider}} keyword 'prependMarkup' => '<div class="wrapper">', 'appendMarkup' => '</div>' ); $redirectUri = str_lreplace('//', '/', $config->urls->httpRoot . $page->url); $content = $modules->get('Oauth2Login')->config( array( 'redirect_uri' => $redirectUri, 'success_uri' => $page->url ) )->render($options); } The custom function lstr_replace() : /* * replace the last occurence of $search by $replace in $subject */ function str_lreplace($search, $replace, $subject) { return preg_replace('~(.*)' . preg_quote($search, '~') . '~', '$1' . $replace, $subject, 1); } Screenshot

In a PW file, I successfully login a $user using $session->login(). I later redirect to a different PHP file. It's not a PW template file so I do the appropriate include("/path/to/processwire/index.php"); But then I try to get the logged in $user->name and it always gives me 'guest'. And if I set a $session value at login, in the redirected file my values are lost. I am new to PW so I am surprised. What am I missing? Thx

Hello Community, I have read that I get no support on GitHub. For this reason I am here for the second time. The thing is that I enabled a fresh Processwire installation and under https://processwire.wpzweinull.ch/processwire no page is found. The admin login is thus not possible. How can I fix the problem? Thanks in advance, Alexander

I would like to redirect users from a specific role group to a specific URL upon login. Any thought on how to accomplish this?

Greetings PW community - I've got a site that I inherited, but brought it down to a local dev server (Ubuntu) in order to make changes before pushing those to the live version. I have the database connection setup and content displays as expected however I can't login. Environment info: ProcessWire 3.0.33 PHP 7 MySQL Ubuntu server Admin url changed (to clients name ) Initial scenario: I can access the admin login page just fine, however when I was submitting the request I was receiving the CSRF login error ("This request was aborted because it appears to be forged"), so I went and found the login troubleshooting guide: https://processwire.com/docs/tutorials/troubleshooting-guide/page2. I took the following steps to debug: Verified that there is enough space left on HD to create the session file. Verified that the /site/assets/ subfolders exist and set permissions to 777 for testing Verified config.php is set to at least 644 (it is 777 now on my dev box for testing purposes) Disabled CSRF, session fingerprinting & session challenge in config.php I have installed an original copy of ProcessWire 3.0.33's index.php After this, I stopped getting the forged attempt error, but now it was processing the login form submission and coming back to the login page w/o any errors or success message. So I enabled some logging: Enabled debug in config.php (not receiving any on screen errors) Tailed apache error logs Through tailing the logs I found that it was having an issue with sendmail (trying to use it, but sendmail wasn't installed). So I installed sendmail and configured it. Now it takes forever (approx. 4.5 minutes) to processes, and I'm not receiving any errors in the apache logs, and no errors are reported on screen when it finally completes/timesout.

Hi all guys! I've a BIG problem here and hope you can help me to solve it. Suddenly yesterday my PW installation stopped letting me to log in. I can access the front-end, but each time i try to log into the back-end it gives me "This request was aborted because it appears to be forged." I already have searched into the forum and tried every possible solution, without any result In order: site/config.php is readable site/assets/{cache,logs,sessions} is present and 0755 (and setting them to 0777 doesn't make any difference) tried to backup site/assets/sessions directory and make another new empty one nothing is changed with user:group permissions setting $protectCSRF, $sessionChallenge, and $sessionFingerprint to false the error disappears but the login page still remains making the sessions table empty doesn't make any difference enabled/disabled the www. redirection in .htaccess, just in case but nothing enabled $debug and no error removed cookies restarted the server Anybody has an idea?

Hello, Newbie question here. I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races. I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science. So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up. I'm retrieving user/pass from the sign-up form which has been posted before but : if($session->login($user, $pass)) { // login successful $session->redirect(elsewhere); } else echo "failed"; ... fails everytime. Do I have to use something like : $u = new User(); $u->name = "bill"; $u->pass = "billpwd"; $u->addRole("guest"); $u->save(); ... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?) I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ? ... Or I can add all information I need into PW but I'd like to understand where it is stored. Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ? Thanks

quick question, can the $username in login() be email OR username, or anything else?

Hello, I cannot login to the admin panel : ProcessLogin: admin - Login failed I tried to follow this post : and add : $u = $users->get('admin'); $u->of(false); $u->pass = 'superSecretPassword'; $u->save(); but I get : Notice: Trying to get property of non-object in /var/www/html/esad-gv.from-to.www/processwire-master/wire/core/PagesEditor.php on line 246 Notice: Trying to get property of non-object in /var/www/html/esad-gv.from-to.www/processwire-master/wire/core/PagesEditor.php on line 249 Notice: Trying to get property of non-object in /var/www/html/esad-gv.from-to.www/processwire-master/wire/core/PagesEditor.php on line 258 Fatal error: Call to a member function numChildren() on null in /var/www/html/esad-gv.from-to.www/processwire-master/wire/core/PagesEditor.php on line 382 Any ideas ? Thank you

Hi, I know this may be trivial question but please forgive newbie. I would like to implement a set of pages that each collect email address from the target audience and in exchange sends small pdf attachment to the customer with perhaps WireMailMailgun?

Did someone try to use Auth0 for social and/or passwordless login in PW? And is there somebody interested in porting their Wordpress plugin (that looks awesome) to ProcessWire? https://wordpress.org/plugins/auth0/ I have not the resources right now but I can help testing it. This is how their plugin works: Regular flow There are three different scenarios that could take place. First, a user that not exists in WordPress and it does in your Auth0 account try to log in. A user access your site's login page. (s)he completes his credentials (it could be an existing user in your Auth0 account or a new signup). Auth0 will authenticate the user The plugin gets the user profile. The plugin check if there is a user in the WordPress database with his/her Auth0 user_id. It can't find any, so it will check if there is a user with the same email. It can't find ant, so it will create a new user and log him/her in. Second, a user that exists in WordPress (this user was created before you installed the plugin) and in your Auth0 account try to log in. A user access your site's login page. (s)he completes his credentials (it could be an existing user in your Auth0 account or a new signup). Auth0 will authenticate the user The plugin gets the user profile. The plugin check if there is a user in the WordPress database with his/her Auth0 user_id. It can't find any, so it will check if there is a user with the same email. There is a user with the same email. It checks if the Auth0 user has verified the email. If the user has not verified the email, the process end here with an error message If the email was verified, it will update the user with the Auth0 user_id and log the user in. Third, a user that exists in WordPress (this user was created in the scenario one, or updated in the scenario two) and in your Auth0 account try to log in. A user access your site's login page. (s)he completes his credentials (it could be an existing user in your Auth0 account or a new signup). Auth0 will authenticate the user The plugin gets the user profile. The plugin check if there is a user in the WordPress database with his/her Auth0 user_id. It finds the user, and logs him in. Data migration When data migration is enabled, the plugin will expose two secure endpoint to let Auth0 authenticate the users. This endpoints are secured with a secret token and only available to the Auth0 IPs. You can change this in the plugin advanced settings. The login flow is the following: A user access your site's login page. He has an account in your wordpress site so (s)he proceds to login using this credentials. Auth0 can't find a user with this credentials in your account, so proceds to call your migration endpoint. The plugin find a user with the same username/email and verifies the password. Auth0 creates the user in your account and authenticate the user successfully.

I've been using PW for about 2 or 3 years but have never really done anything with users (until now) apart from setting up users and roles for the background. I now have a project that requires following and am looking for some high level advice and an audit of my thinking. Client needs to set up users in the Admin and associate a private page with each user. Each user will have a different private page which we'll create. Users need to login via a form and be automatically directed to a private page Each user will only access a single private page BUT a private page may be associated with serveral users Requirements (for Client) A: Client needs to setup a user(s) in the admin. - No problems there and I'll just use the Access pages etc and create usergroups, roles and users. B: Client needs to associate a private page with a user - I'm thinking a user is just a page so I can add a field to a user admin template and let Client select the private page Requirements (for front end user) C: User needs to login via a web form - I'm pretty sure I can do this via the API and some sample code around the forums D: User should them be automatically redirected to a private page client setup in step A. Note: Each user has a different (and only 1) private page - I'm thinking that my login code has a reference to a variable ($privateURL) and once they're logged in, they get directed to that My biggest unknown is what might be best.... Should I create a PageSelect field within each private page which allows client to cherry pick which users can access this page OR Should I add a field called PrivateURL to the user templates and associate pages to users that way? Thanks for any advice.

A client of mine is having an issue whereby Processwire is not remembering their logged in status. As part of the site, they are sent an email telling them there has been an update on the site. When they click the link, Processwire determines that they are not logged in and sends them to the log in page. When they log in, they get sent to the home page, rather than the link they clicked in the email. Does Processwire not create a session cookie? It seems fine for me - I can visit /processwire hours later and it remembers me. Also, if the user has purposely logged out, is there a way to remember the requested URL and redirect to it once the user has logged in?

Hi, We're looking at creating a 3 level (guest, member, admin) user levels for accessing frontend content via a login. I have seen https://processwire.com/talk/topic/107-custom-login/page-1 which talks about creating the user login page. I have also seen http://modules.processwire.com/modules/frontend-user/ which is an older module which seemingly handles this but is still in alpha. We are creating a system where users need to login to see comments (members) but admin users are able to see additional information on some pages. What I'm looking for is something a little like: Can we hook into the User roles to do this? Thanks Pete

Hello, In my web app I am needed an event calender separate for each registered user of the site. I used Luxicul calender. Every thing is working fine except the auto sign in into calendar when user sign in into site. I have installed the calender in site folder. and then as per there documentation. <?php $session->lcUser = $caluser; ?> //$caluser is the email of user <iframe id="lcmini" src="<?php echo $config->urls->site ;?>/luxcal/lcmini.php"></iframe> I have write this code users.php template(Into template folder ).In above code I have put user->email in to session variable. thats all I got in there documentation.After debugging I found that my session variable is not passing into the page of Iframe. so it is not sign in automatically . Any help is much appreciated. Thanks In advance Syed Furquan

Hi. I have a membersite that sends out emails to users with links to specific pages. When the user clicks on the link in the mail and the browser opens the site, the user is redirected to the login page. However, I would like for the user to be redirected back to the page they opened from their mail. I don't see how this can be done in Processwire. I have a template and in the Access settings, I have chosen to redirect to the login page. There is on tag that I can include with {id}, but that returns the ID of the login page. I would like to have a tag that returns the ID of the original page the user has opened. Maybe a tag called {id_original} could be a way to solve it. Is there some other way I can filter the redirect process?

HELLO! I'm using $user->isLoggedin() three times on one template (in the head.inc, template-page.php and foot.inc). I'm using a custom login in my template file: // If they aren't logged in, then show the login form if(!$user->isLoggedin()){ // check for login before outputting markup if($input->post->user && $input->post->pass) { $user = $sanitizer->username($input->post->user); $pass = $input->post->pass; if($session->login($user, $pass)) { // login successful $session->redirect($homepage->url); } else { // login error $session->login_error = 'Login Failed. Please try again, or use the forgot password link below.'; } } if($input->post->user && $input->post->pass) { $login = "<p class='error'>" . $session->login_error . "</p>"; } $login .= "<form action='./' method='post'><div class='login'> <input type='text' id='user' name='user' placeholder='Enter your SP Company Code' /> <input class='hidden' type='password' name='pass' value='' /> <p><input type='submit' class='btn' name='submit' value='Login' /></p> </div></form>"; } // end !logged in Using the correct logins works and everything is cool, but putting the wrong passwords in creates a Internal server error on both the head.inc and foot.inc $user->isLoggedin() functions. I'm probably doing something absurdly stupid here, any ideas? thanks

Hello, I have a site with users that have a custom user template setup on PW 2.7.2 stable. Custom user template is "member" and role for those users also "member". The site has a frontend dashboard where users can edit their profile, events etc. I can login with this user type to the backend fine and the permission settings are all working. When I login to the frontend, I get this error: "Fatal error: Maximum function nesting level of '10000' reached, aborting! in .../wire/core/Wire.php on line 333"; I already raised the xdebug.max_nesting_level from 1000 to 10000. When I set it to 100000, the server disconnects. I can see that the user gets logged in with $session->login($uname, $pass) before the error is thrown. EDIT: When I reload the login page after the error shows with the now logged in user, I get this error: "Fatal error: Maximum function nesting level of '10000' reached, aborting! in /var/www/utgpw/wire/core/Fieldgroup.php on line 61" But a $session->redirect($dashboard->url) seems to cause the error. If I logon with a test user that has role "member" but the regular user template, I don't get the error and get redirected to the dashboard fine. All the code in my dashboard template is working. Actually, the whole login and dashboard logic for the frontend is copied from another site where it has been working fine for over a year now. So I guess the problem is related to how the custom user templates are handled in the core. My setup for the custom user template has also proven to work without issues in 2 other sites. I have spent hours on debugging already and now I'm lost. Any ideas that point to the cause of this would be much appreciated.

Hi Forum, I need to secure some downloads with a simple login form. As login tasks are new to me I try to adapt the code from this forum post for my purposes. This is where I am so far: A page with input field type "password" (name "password"). This code: <?php password protected areaif ($page->password) { $pass = $page->password; if ($input->post->pass != $pass) { echo "$page->body" . file_get_contents("./_login-form.inc"); // not logged in? get input form } else { foreach ($page->downloads as $file) { echo "<h2>Sie sind eingeloggt</h2>"; echo "<ul>" . "<li class='plain'><i class='fa fa-download'></i><a href='$file->url';?> $file->description</a></li>" . "</ul>"; } // foreach } // $input->post} //$page->password?> And for _login-form.inc <form method="post" action="./" accept-charset="UTF-8"> <input type="password" id="pass" name="pass" placeholder="" /> <button type="submit" name="submit" class="btn btn-success btn-block">Login</button></form> Unfortunately the conditional always returns false even if the correct password has been entered into the form. This is the first time I'm using fieldtype password, thus I don't know how to check for the correct password entered (I understand the value is stored encrypted but that's all I know). Any help is much appreciated. Thanks!