Search the Community

Hello, I have a situation were a user cannot logon to several different PW installs fromdifferent machines on his workplace network. Sometimes the initial logon is working but when navigating the PW backend he gets thrown out. Sometimes even the initial logon is not working and he is redirected too many times and the browser throws a redirection error. This points to PW loosing it's session. But the same sites are working fine when accessed from within other network environments. The user's workplace network has some pretty tight security (firewall) restrictions in place that prevent PW keeping it's session. I don't know enough about network security so I can't tell what exactly could cause that problem. I checked in the browser settings to make sure session cookies are allowed and there. Has anyone ever experienced issues like that and would there be a way to make PW keep it's session under these circumstances?

Hi, new forum look, cool haha! Look, I'm trying to use Securimage capcha in a template. The SESSION vars that the capcha image sets get lost somewhere in processwire. The API page says that this superglobal is always available. Do you have any hints where $_SESSION may be reset? Thanks

Hey Guys! Im new to PW and am working on a website built on PW. Im trying to understand how sessions work in PW. Specifically what exactly is happening when session expires. The thing is that my client wants to be redirected to homepage whenever session expires, so basically he doesnt want to be redirected to admin login page when he's in the admin environment of PW(he doesnt want his clients to see the admin login page for whatever reason). Is it possible to hook to the session expiration and redirect to a specific url? And what is the correct way to do it in PW? I would appreciate the help! Cheers!

The $config->sessionExpireSeconds in config.php is set to 86400 but still I have to log in as admin after about 10 minutes of inactivity. Any other hidden corners where I should look to set this right? $config->sessionChallenge is set to true. $config->sessionFingerprint is set to false.

Hi all, I have problems to keep my session on different subdomains (including www). I've set the following config: $config->sessionCookieDomain = '.mydomain.net'; $config->sessionCookieSecure = false; But it doesn't work, I always loose the session when I switch between www.mydomain.net and example.mydomain.net. Could it be because both of them have a different SSL-Certificate? (https) Thanks for any help! Dennis

Have set up a front-end registration form and it all seems fine but rather than giving them a link to "Click here to login!", I'd like to log them in automatically. I was thinking that as the login takes place after the new user has been saved that it ought to work but it doesn"t seem to be working at the moment. Is this even achievable without a page reload? Here is my code currently: <?php include("./header.inc"); $headings = " <div id='register'> <div class='row'> <div class='twelve columns'> <h3>Register with us</h3>"; $form="<form action='./' id='registration' method='post'> <div class='row'> <div class='four columns'> <label for='username'>Username</label> <p class='help'>Please ensure your username contains no spaces</p> <input type='text' name='username' value='{$input->post->username}'> <label for='first_name'>First name</label> <input type='text' name='first_name' value='{$input->post->first_name}'> <label for='last_name'>Last name</label> <input type='text' name='last_name' value='{$input->post->last_name}'> <label for='email'>Email address</label> <input type='text' name='email' value='{$input->post->email}'> </div> <!-- /.four columns --> <div class='four columns'> <label for='company_name'>Company name</label> <input type='text' name='company_name' value='{$input->post->company_name}'> <label for='company_url'>Company URL</label> <input type='text' name='company_url' value='{$input->post->company_url}'> <label for='company_phone'>Company phone</label> <input type='text' name='company_phone' value='{$input->post->company_phone}'> </div> <!-- /.four columns --> <div class='four columns'> <label for='pass'>Password</label> <p class='help'>Please ensure your password is at least 6 characters long and contains at least one digit and one letter</p> <input type='password' name='pass' value='{$input->post->pass}'> <label for='pass_confirm'>Confirm password</label> <input type='password' name='pass_confirm' value='{$input->post->pass_confirm}'> </div> <!-- /.four columns --> </div> <!-- /.row --> <input class='button success small' type='submit' name='submit_registration' id='submit'> </form>"; $message = "Please fill in the form below if you would like to register in order to receive exclusive access to our brochures and latest information."; $usernames = array(); foreach ($users as $u) { $usernames[] = $u->name; } if($input->post->submit_registration) { if (empty($input->post->username) || empty($input->post->email) || empty($input->post->pass)) { $message = "Please fill out all fields marked with a *"; echo $headings; echo "<h5 class='error'>$message</h5>"; echo $form; } elseif (in_array($input->post->username, $usernames)) { $message = "Sorry, that username is already taken, please choose another."; echo $headings; echo "<h5 class='error'>$message</h5>"; echo $form; } elseif (filter_var($input->post->email, FILTER_VALIDATE_EMAIL) === FALSE) { $message = "Please include a valid email address"; echo $headings; echo "<h5 class='error'>$message</h5>"; echo $form; } elseif (!preg_match("/[0-9]/", $input->post->pass) || strlen($input->post->pass) < 6) { $message = "Please ensure your password has at least one digit and is at least 6 characters long"; echo $headings; echo "<h5 class='error'>$message</h5>"; echo $form; } elseif($input->post->pass !== $input->post->pass_confirm) { $message = "Please ensure that your passwords match"; echo $headings; echo "<h5 class='error'>$message</h5>"; echo $form; } else { echo $headings; $message = "Congratulations! You have successfully registered and have been logged in"; echo "<h5 class='success'>$message</h5>"; $u = new User(); $u->of(false); $u->name = $sanitizer->username($input->post->username); $u->first_name = $sanitizer->text($input->post->first_name); $u->last_name = $sanitizer->text($input->post->last_name); $u->company_name = $sanitizer->text($input->post->company_name); $u->company_url = $sanitizer->url($input->post->company_url); $u->company_phone = $sanitizer->text($input->post->company_phone); $u->email = $sanitizer->email($input->post->email); $u->pass = $sanitizer->text($input->post->pass); $u->addRole('registered'); $u->save(); $u->of(true); require_once("./scripts/PHPMailer/class.phpmailer.php"); $form_contents = array( 'username' => $sanitizer->username($page->username), 'First name' => $sanitizer->text($input->post->first_name), 'Last name' => $sanitizer->text($input->post->last_name), 'Company name' => $sanitizer->text($input->post->company_name), 'Company URL' => $sanitizer->url($input->post->company_url), 'email' => $sanitizer->email($input->post->email), 'Phone Number' => $sanitizer->text($input->post->company_phone), ); $to_name = "My company"; $to = "me@me.com"; $subject = "New registered user"; $form_message = ""; foreach ($form_contents as $key => $value) { $form_message .= "$key: $value\n"; } $from = "$form_contents[email]"; $from_name = "$form_contents[username]"; $mail = new PHPMailer(); $mail->CharSet = 'UTF-8'; $mail->FromName = "$from_name"; $mail->From = "$from"; $mail->AddAddress ($to, $to_name); $mail->Subject = "$subject"; $mail->Body = "$form_message"; $mail->Send(); $name = $u->name; $pass = $u->pass; if ($session->login($name, $pass)) { $session->redirect("../"); } } } elseif ($user->isLoggedin()) { echo $headings; echo "<h5>No need to register " . $user->get('first_name|name') . ", you are already are! <a href='{$config->urls->root}'>Click here</a> if you would like to return to the homepage.</h5>"; } else { echo $headings; echo "<h5>$message</h5>"; echo $form; } ?> </div> <!-- /.twelve columns --> </div> <!-- /.row --> </div> <!-- /#register --> <?php ?> <?php include("./footer.inc"); Thanks.

hi, i have a login form on my page which is handled within a template called by ajax. Login works fine, but only if the site doesn't get reloaded - which isn't the intention but may occur. So is there a way to manually reset the session data from within my form-handler template after successfully calling $session->login($username, $password), to have it working after a page reload? thanks, martin

Hi all, Currently I am working on a filter for all the products in a category. So I've set up a class and built a (PW) form in it. When the user clicks on continue the form should return a processform function which sets the variable of the form in a session. Later in the file I want to read out that session and use that variable to select which products should show up and which should be hidden. So now with code examples to make it a bit more clear for you: In my file I start with a class: class classname { public function ShowForm() { $form = $this->Form1(); if ($this->input->post->submit) { if ($this->processForm1($form)) $this->session->redirect("./"); } return $form->render(); } Then a form inside the class: protected function Form1() { $form = wire('modules')->get("InputfieldForm"); $form->description = "Fill in the fields to find the mouse which fits your wishes"; $form->label = "Mouse Selector"; $form->action = "./"; $form->method = 'post'; $f = wire('modules')->get("InputfieldRadios"); $f->name = "Hand"; $f->label = "label"; $f->addOption(1, "1"); $f->addOption(2, "2"); $form->add($f); $this->addSubmit($form, 'Continue'); return $form; } This function is called when the user submits: protected function ProcessForm1($form) { $form->processInput($this->input->post); $this->session->hand = (int)$form->get("Hand")->value; } As you see I store the variable of the submitted form in a session. After closing the class I continue with building the page and then I want to read out that variable: $value = $this->session->hand; $content .= "Value of 'Hand': " . $value; But when I execute this on my website I cannot see the value of the form. Have I done something wrong or how can I fix this? Thanks in advance, ~Harmen

Hi guys, I've just created a new user : $u = new User(); $u->name = $nickname; $u->pass = $pwd; $u->addRole("guest"); $u->save(); I've added some new informations on that user, here : $u->points = 3; $u->language = 'fr'; Now I'm doing my session->login stuff, and my session->redirect stuff. On the destination page, I thought I would retrieve the $u->points and $u->language values, but it's not set. I thought I was saving the values in my news user's session area but I'm apparently wrong. I guess I have to use that syntax in the first page : $session->points = 3; $session->language = 'fr'; ... and then it will be still there on the destination page ? Is it the good way to do it ? Do my values will stick with the right user I'm dealing with ? Thanks

Hello, Newbie question here. I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races. I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science. So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up. I'm retrieving user/pass from the sign-up form which has been posted before but : if($session->login($user, $pass)) { // login successful $session->redirect(elsewhere); } else echo "failed"; ... fails everytime. Do I have to use something like : $u = new User(); $u->name = "bill"; $u->pass = "billpwd"; $u->addRole("guest"); $u->save(); ... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?) I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ? ... Or I can add all information I need into PW but I'd like to understand where it is stored. Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ? Thanks

Hello, I get the following error message when I try to publish my page. "Session: Warning (requiredIf): dependency field 'feature_image' is not present in this form. (ProcessPageEdit)" Any insight? Thanks

Hi folks! In my current project I'm using ProcessWire v2.5 as pure backend service, including it in my frontend application as described here. Now I encountered some problems with the pw session handling interfering with the session handling of my frontend application. In this case the pw installation runs on a subdomain of my frontend application. Duplicate session_start() Each time I include pw's index.php pw tries to start it's own session, resulting in a notice that a session has already been started. To encounter this problem, I changed one row in Session::___init() (/ProcessWire/wire/core/Session.php): protected function ___init() { if (session_status() != PHP_SESSION_ACTIVE) @session_start(); } Session configuration override Additionally pw sets it's own session configuration and therefore overrides the config of my frontend application. To prevent this, I wrapped the session configuration block within the index.php (/ProcessWire/index.php, rows ~176ff) in a condition: if (session_status() != PHP_SESSION_ACTIVE) { session_name($config->sessionName); ini_set('session.use_cookies', true); ini_set('session.use_only_cookies', 1); ini_set('session.cookie_httponly', 1); ini_set('session.gc_maxlifetime', $config->sessionExpireSeconds); if (ini_get('session.save_handler') == 'files') { if (ini_get('session.gc_probability') == 0) { // Some debian distros replace PHP's gc without fully implementing it, // which results in broken garbage collection if the save_path is set. // As a result, we avoid setting the save_path when this is detected. } else { ini_set("session.save_path", rtrim($config->paths->sessions, '/')); } } } This is surely a bad way to fix my problem, because I had to change some code within the pw core. If anybody knows a more elegant solution to prevent pw from starting/configuring a session if used vi include, it would be very welcome. regards, Wumbo

I need to write a lazy cron job that goes through a list of files and deletes those that are associated with expired sessions. Our session information is stored in the DB table sessions. Is there a Wire API call that allows me to do one of: 1) fetch all expired sessions? 2) hook the session expiration event? 3) fetch all active sessions? 4) do direct DB access to lookup sessions? (least preferred as I have to directly tie to session implmentation). My logic can either flow: Find active sessions delete files NOT in active sessions Get files if session_id associated with file NOT in sessions (or has expired) delete file.

Hello, I need to restrict the page view of my app to a single guest user. This means if a session for user guest is already open for that page, other guest users are not allowed to view the same page. $session doesn't help much in that case as far as I can see from the docs (or maybe $session->getHistory() can help?). I think I could approach it this way: 1. Set session storage to DB 2. Query session table in DB for open sessions for that page and act accordingly Is there anything built into the API which I have missed that I can utilize to query the session table? Or would I have to use $database and build my own query? Any insight on this or idea how to tackle the problem would be much appreciated.

I'm doing a custom login/register in the front end, and flash messages are really useful to inform the user about the process of user registration. I was used to using Codeigniter with their flash message system. I've seen very few messages in the forum where $session->message is used but I haven't seen a full implementation. I've tried my own with some degree of success, but the flash messages persist in a different way that I've expected. It's like there is a "delay". Maybe I'm doing something wrong. The header.inc has a standard notices loop: <?php if($notices) :?> <?php foreach($notices as $notice) :?> <?php $class = $notice->className(); ?> <div class="notification <?= $class; ?>"> <p><?= $notice->text ;?></p> </div> <?php endforeach ;?> <?php endif ;?> This is my register.php: When submitting the form with errors, the first time no error message are displayed. The second time I submit it with errors, then the error message appears. This is what I describe as the "delay". <?php include("./helpers/form_helpers.php"); /** * Register template * */ $out = ""; $errors = ""; // create a new form field (also field wrapper) $form = $modules->get("InputfieldForm"); $form->action = "./"; $form->method = "post"; $form->attr("id+name",'register-form'); // Name // $field = $modules->get("InputfieldText"); // $field->label = "Name"; // $field->attr('id+name','name'); // $field->required = 1; // $form->append($field); // append the field to the form // Email $field = $modules->get("InputfieldEmail"); $field->label = "E-Mail"; $field->attr('id+name','email'); $field->required = 1; $form->append($field); // append the field // Password $field = $modules->get("InputfieldPassword"); $field->label = __("Contraseña"); $field->attr("id+name","password"); $field->required = 1; $form->append($field); // Submit $submit = $modules->get("InputfieldSubmit"); $submit->attr("value",__('Crear cuenta')); $submit->attr("id+name","submit"); $submit->attr("class","btn btn--primary"); $form->append($submit); // Form submitted: process form if($input->post->submit) { // user submitted the form, process it and check for errors $form->processInput($input->post); // here is a good point for extra/custom validation and manipulate fields if($sanitizer->email($form->get("email")->value) != '') { // Email should be unique if(!isUniqueUserEmail($form->get("email")->value)){ $form->email->error(__("El e-mail ingresado ya se encuentra registrado")); } } if($form->getErrors()) { // the form is processed and populated but contains errors // Render Form $session->error(__('There are errors in the form')); $out .= $form->render(); } else { // Sanitize inputs //$full_name = $sanitizer->text($input->post->name); $email = $sanitizer->email($input->post->email); $password = $input->post->password; // Generate username from email $username = $sanitizer->email($input->post->email); // Create New User $u = new User(); $u->of(false); $u->name = $username; $u->pass = $password; $u->email = $email; $u->addRole("guest"); $u->addRole("member"); $u->save(); $u->of(true); // Create hash // Email the user with confirmation e-mail // Redirect to login page and display success Message $session->message(__('User registration sucessfull')); $session->redirect('/login'); } } else { // Form not submitted: render out form without processing $out .= $form->render(); } include("./partials/header.inc"); ?> <div class="container container--narrow"> <div class="page"> <h1>Nuevo usuario</h1> <?= $out ;?> </div><!-- .page --> </div><!-- .container --> <?php include("./partials/footer.inc"); ?> On a successful submission, the next page displays the correct message, but also the error message "There are errors in the form". It's like the error message get's carried over. I appreciate any help to sort this out.

Is there something wrong with the following redirect syntax ? <?php $session->redirect($page->get(1184)->url); ?> I've used this (below) to successfully redirect to a child URL so thought I was on the right track. <?php $session->redirect($page->child->url); ?>

Hi all, I've just enabled the Session Handler Database module and would like to view the active sessions, however it doesn't display any. Does anyone know why, or what I'm missing?

The $session feature is easy to use and great to store inputs like currency or cart items temporary on server side. Identified by client cookie ID. I thought the session lifetime works persistent. But the wire cookie is only valid until the browser will be closed. Next visit starts always with a fresh session. All vars got lost. Session file is still on server, but access impossible without cookie ID. Is there anyone way to change the client session cookie lifetime from "expired if browser closed" to maybe "current time plus 48h"? I could create a second beside the "wire" cookie to store things at client side. But all data will saved in client browser directly. The concept to identify via cookie but data always on server is better and more secure. And one cookie is better as two. Which alternative way would you prefer to store some vars for "guest" role users more persistent?

I use the ProcessWire $session API for a new project to store some things there. Cart items, currency and more. It works fine and the limited lifetime of $sessions is OK, I defined just 3 days. There is only an issue with user $session->logout() to logout an user. It removes all items in user $session too. Website users are just "guest" or after login with role "customer". I see two options to solve my issue: I skip $session API and use instead PHP $_SESSION to keep all vars after $session->logout(). This make things more complicated and I would prefer to use PW API only. Anyone way to avoid the $session->logout() command. So that logout means remove the role "customer" temporary from user session, be only guest. Without $session->logout(). Mhhmmmm. Maybe I think wrong, ideas are welcome. BTW, I enjoy it to work with PW.

I'm having problem with setting global session variable in $config->ajax block. To be more clear, here is example: This will not work: if($config->ajax) { $_SESSION["TEST"] = "test" } and then after "normal " page rendering with no ajax I get nothing when trying to get session variable: echo($_SESSION["TEST"]); // produces no output however, if I set variable outside $config->ajax block: if($config->ajax) { // this is left blank to better describe context } else { $_SESSION["TEST"] = "test"; } and then after "normal " page rendering with no ajax - I get what I expect: echo($_SESSION["TEST"]); // produces "test" as output. So, what I want is set some global session variable inside ajax call and then reuse it's value during any page reload. It's late and I probable miss something.

Hi all, I'm developing a responsive Website with the following setup: PW 2.5.3 Debug = true Template caching set to one month, guests only Google Chrome latest release (not the beta channel) With this setup I'm experiencing weird problems when using Chrome dev tools: changes in my templates are not reflected in the frontend until the page is saved (despite caching is set to "guests only") after each page save I'm logged out from the admin and have to log in again I can repeat this problem since days and on Windows as well as on OS X. In contrast, if I switch to Firefox Developer Edition's dev tools everything works as it should - no problems at all. So presumably it's some interference with Chrome's dev tools. Does anybody has experienced the same? Any hints for debugging? Thanks!

Got home to some strange behaviour on one of my development sites - not able to login. I have seen this: processwire.com/talk/topic/4011-cannot-login-to-admin-area/ But nothing there works. If I try changing the password, still can't sign in. Using SessionHandlerDatabase, and have cleared those caches too. Could that module be an issue in 2.5.25? I am running another few local sites on that version, but am not experiencing the same issue. Nothing in any error logs anywhere. Login form doesn't show any errors either. Wondering if the installation in question has gone all bonkers on me... Update: I also have the Forgot Password module enabled. Interestingly, when I click on it, it just shows the normal login form... Isn't it supposed to just show email? The URL does include ?forgot=1...

Hello, part of my new project is providing a RESTful webservice through PW. I am using clsource's REST Helper for ProcessWire which is working great. For the REST service part of the site I would like to suppress the setting of session cookie for $session->login and $session->logout because I don't need sessions and I don't want to have Set-Cookie in my response header. For user authentication in a PUT request I use $session->login() to verify username and password: $uId = $input->urlSegment1; $u = $users->get($uId); if ($session->login($u->name, $params["upass"])) { $session->logout(); //update user data } In the response header for that request I get: Set-Cookie: wire=ha6io723mkfc9v4scdib3oe8g7; path=/; HttpOnly wire=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT wire=1n8faeiva3vg7u13ijsrs24bt1; path=/; HttpOnly wire_challenge=YK0WRw0Wrd2ZAhKEUCLPOHd9iSySEPb91; expires=Tue, 07-Apr-2015 14:11:24 GMT; path=/; httponly wire=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT wire=u9m41s8b87d3ca1jp1jbl0r6k3; path=/; HttpOnly wire=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT wire=oidcbmht561qnvts2fjnq4b7p3; path=/; HttpOnly persist=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ At the moment I get rid of it by doing header_remove("Set-Cookie"); But I would like to avoid setting of that cookie in the first place. I found the relevant methods ___login and ___logout in /wire/core/Session.php But searching Captain Hook for "logout" doesn't bring up those methods. I assume they should be hookable because they start with 3 underscores. Now how would I hook into those methods from my template file (not as an autoload module)? The webservice endpoint url is .../api/users/ and my temlate file for that is users.php What I've tried so far is wire()->addHookBefore('Session::logout', null, 'logoutNoCookie'); function logoutNoCookie($event) { $event->replace = true; $sessionName = session_name(); $_SESSION = array(); // if(isset($_COOKIE[$sessionName])) setcookie($sessionName, '', time()-42000, '/'); // if(isset($_COOKIE[$sessionName . "_challenge"])) setcookie($sessionName . "_challenge", '', time()-42000, '/'); session_destroy(); session_name($sessionName); $this->init(); session_regenerate_id(true); $_SESSION[$this->className()] = array(); $user = $this->wire('user'); $guest = $this->wire('users')->getGuestUser(); $this->wire('users')->setCurrentUser($guest); $this->trackChange('logout', $user, $guest); if($user) $this->logoutSuccess($user); $event->return = $this; } But this gives me an error: Fatal error: Using $this when not in object context because I'm placing my hook function outside the class context. What would be the correct way for calling the hook and placing my hook function?

Hey Guys, I've ran into some really weird behavior with session variables. What I've been trying to do is this: I have 10 separate pages that share the same template, named cursus.php. These are pages with course info and have different title's. these page all do the following: $session->remove($cursus); $session->set($cursus, $page->title); They all have a link to one page where you can subscribe for the course on that page I call out the session variable and want to recall there from what page they entered the subscription page by doing the following: <div>Subscribe for the course: <?PHP echo $session->get($cursus); ?></div> and that, on it's turn, gets mailed to my client. Now Firefox and Safari seem to be displaying the variable perfectly fine but Chrome is not. I've tried it on my mobile and and desktop and even in incognito mode, which should clear any cache problems, but it still doesn't work. Am i going about this completely the wrong way or does anyone have a suggestion of what the problem could be? As you can image it's very important to my client and thus to me, that I get this working as soon as possible! Any help will be greatly appreciated. Bram Wolf

Hello, I want to build a site where people can *only* login with Google and/or Facebook (no registration possible). When someone connects with G+|FB I'd like to check if the ID is present in my Userlist and if not, create a new user with all the data I can get. Now I'm asking myself (and you) how I can log the user into PW, since I won't have a password and the username they got on FB|G+ might even change. I need to find those accounts by the FB|G+ ID. I thought either to create a new user with username/pass = G+|FB-ID and a field stating if it's G+ or FB. The other way would be to have a way to select and login a user via a unique ID field, but i can't find something like a "loginByCondition" method in PW. So I guess my questions are: -is there a way to login users other than user/pass? - which way would you suggest to build a system like that? My problem with the "user and pass == G+|FB-ID"-approach is that it smells like dirty hack and I couldn't, for instance, connect my own admin account with FB or G+ to make it work in front- and backend. Any help and thoughts are appreciated! Thanks, thomas