Custom Login

[renobird]

Ah! I wonder if you can do the same with Textmate?

I haven't thought about switching in a while — might be time to look at Sublime again.

[Soma]

Ah! I wonder if you can do the same with Textmate?

I haven't thought about switching in a while — might be time to look at Sublime again.

If you ask me...

Textmate: Right click ->Convert ->Tabs to Spaces

[renobird]

What's a "right click"?

Control + click does the trick, I never thought to look for that.

Thanks for the tip.

[rouge]

I think I've read it somewhere but I can't find it again.

How can I protect file access from the assets-directory? So that just a user who can see the page, can view the attached files?

thx

[onjegolders]

I think I've read it somewhere but I can't find it again.

How can I protect file access from the assets-directory? So that just a user who can see the page, can view the attached files?

thx

Try Line 140 of config.php

[OrganizedFellow]

Interesting snippets.

I've added them to my gists  

[Hari KT]

First thank you for the snippets and nice discussion. I was trying to logout the user.

$session->logout();
if($user->isLoggedin()) {
    echo "Logged in";
}

If I have not done a redirect like

$session->redirect("/login/");

then the

$user->isLoggedin()

is true. Seems like a bug to me for the $user->id is not rest on logout. We need to reset the user->id .

Thank you.

[Soma]

Logout need a refresh/redirect to reset session and user.

https://processwire.com/talk/topic/1559-login-big-problem/?p=14153

[Soma]

Just wanted to mention it also here that all front-end login code posted mostly in this forum has one flaw. The problem is with the login throttle that once it's kicking in, you'll get an WireException thrown and interrupt your login as you will only see this error and nothing else.

There's a thread where this was asked and the solution is to use a try/catch to perform the login, this way you can catch the error message and output it where you want it.

Looks like this

try {    
    $u = $session->login($username, $password);
    if($u && $u->id){
       // user logged in do something
       $session->redirect("/profil/");
    } else {
       $errors .= "Login failed.";
    }
} catch(WireException $e){ // in case of multiple false login (throttle login)
   $errors .= $e->getMessage(); // get the error message
}

There was a mention here

https://processwire.com/talk/topic/1716-integrating-a-member-visitor-login-form/?p=50501

[Hari KT]

Hey Soma,

When you check the code the user is actually reset

$guest = $this->fuel('users')->getGuestUser();
$this->fuel('users')->setCurrentUser($guest);

http://processwire.com/apigen/source-class-Session.html#254

So without a redirect itself it should work is what I assume.

[Soma]

Yeah but the $user is still from the request and it's not overwriting it for $user as that was already set earlier, you may have to load it again before user is the new logged out user.

$session->logout();
$user = wire("user");
if($user->isLoggedin()){
    $content .= "user is logged in $user->name";
}

BTW I don't trust that API gen and never use it, I would recommend to use github so cause the code you linked isn't the exactly the same in current version. Although the behaviour remains the same. https://github.com/ryancramerdesign/ProcessWire/blob/master/wire/core/Session.php#L324

[Hari KT]

Hey Soma,

Thank you. I point to the live apigen, but I do use a local api created with the latest master.

[tarang9211]

Hello!

 

I am developing a website/app using the ProcessWire framework. Just for testing purposes, I have created a custom index.html page which takes care of the ui for registration and login. The registration will ask the user for a few questions, and when the Register button is clicked it will register the user and possible add it to a database. Multiple users with the same information cannot be created. I am totally lost on how to do this. I have also included my index.html page for reference. It is still a work in progress.

 

Please do let me know. I am creating something of this sort for the first time ever. Is it possible for anyone to guide me to a very good, basic, and simple starting point. If you click open the index.html page in the attached file, I want the user to be able to enter their information and after that they can access other features of the website.

Attached Files

tennis.zip

[Hari KT]

Hey @tarang9211 ,

I did looked into the files you have provided.

You can see already some well written help over https://processwire.com/talk/topic/126-anybody-did-user-registrationlogin/ .

I assume you are looking for a ajax based user registration. So what you need to do is create a template register.php and do the post validation and return back the response. Depending on response send the user to next page.

In the register.php template you can validate and create a user via the api something like

$data = array(
    'username' => 'someone',
    'password' => 'password',
    'email' => 'someone@something.com',
    'fullname' => 'Some One',
);
$successflag = true;
$sql_check = wire('users')->find("email={$data['email']}");
$messages = array();
if (count($sql_check)) {
    // user already exists
    $messages[] = array(
        'Email already exists',
    );
    $successflag = false;
}
$sql_check = wire('users')->find("name={$data['username']}");            
if (count($sql_check)) {
    // user already exists
    $messages[] = array(
        'Username already exists',
    );
    $successflag = false;
}
if ($successflag) {
    $newuser = new User();
    $newuser->name = $data['username'];
    $newuser->pass = $data['password'];
    $newuser->email = $data['email'];
    $newuser->fullname = $data['fullname'];
    $newuser->roles->add($roles->get("guest"));            
    $newuser->roles->add($roles->get("member"));
    $newuser->save();
}

Hope that helps you a bit to start.

Thanks

[tehandyb]

Just wanted to mention it also here that all front-end login code posted mostly in this forum has one flaw. The problem is with the login throttle that once it's kicking in, you'll get an WireException thrown and interrupt your login as you will only see this error and nothing else.

There's a thread where this was asked and the solution is to use a try/catch to perform the login, this way you can catch the error message and output it where you want it.

Looks like this

try {    
    $u = $session->login($username, $password);
    if($u && $u->id){
       // user logged in do something
       $session->redirect("/profil/");
    } else {
       $errors .= "Login failed.";
    }
} catch(WireException $e){ // in case of multiple false login (throttle login)
   $errors .= $e->getMessage(); // get the error message
}

There was a mention here

https://processwire.com/talk/topic/1716-integrating-a-member-visitor-login-form/?p=50501

I too get the error as if there are failed login attempts. Does this mean that doing the session->login attempt, to check if the user is logged in is creating a failed attempt when I just load the page? Is that the reason for the error, that processwire thinks there is a bad login attempt? Thanks. 

EDIT: I tried the Try/Catch solution you posted and now at least I don't go to a blank page with that error. But I still have the problem that for some reason the session throttle will tell me that I have to wait 60 seconds to login again after I logged out(logout redirects to the login page), and return back to the login page. Seems to me that the session throttle should not be invoked here??? Also it's weird that it says 60 seconds, where before it would start at like 15 and work its way up to 60. 

[Mass Harry]

tutorial create registration and login member make process wire?

[adrianmak]

is there any pw api get current url path ?

I'm thinking of config path for user login, logoff

let say

/user/login

/user/logoff

/user         <---- check if isloggedin redirect to user profile, otherwiese redirect to /user/login

[Nico Knoll]

Why not using normal PHP? 

$_SERVER['REQUEST_URI']

More: http://php.net/manual/de/reserved.variables.server.php

Or if you're on a frontend template you can use:

$page->url

And here you can find all config urls provided by Processwire API: http://processwire.com/api/variables/config/

[ceberlin]

What I did was setting the path as a setting within my user-login template, using a page field (with the output set as single page). 

So the admin/editor can choose where to redirect frontend users to. Nothing hard coded there.

[adrianmak]

Ryan,

Thanks this gave me a great place to start. I thought I'd share the version I created in case anyone finds it useful.

• Single template for the login/logout.

• Automatically redirects the user back to whatever page they originally requested after they login.

./includes/login.php

<?php

// Handle logouts
if($input->get->logout == 1) {
	$session->logout();
	$session->redirect($page->path);
}

// If they aren't logged in, then show the login form
if(!$user->isLoggedin()){

// check for login before outputting markup
if($input->post->user && $input->post->pass) {

	$user = $sanitizer->username($input->post->user);
	$pass = $input->post->pass;

	if($session->login($user, $pass)) {
		// login successful
		$session->redirect($page->path);
	}  else {
		$session->login_error = 'Login Failed. Please try again, or use the forgot password link below.';
	}
} ?>

<!DOCTYPE HTML>
<html lang="en">
<head>
	<title>Custom PW Login</title>
</head>

<body>
<form action='./' method='post'>
<div class="login">
	<? if($input->post->user && $input->post->pass) {
	echo "<p class='error'>" . $session->login_error . "</p>";
	}?>
	<p><input type='text' id="user" name='user' placeholder='Username'/></p>
	<p><input type='password' id="pass" name='pass' placeholder="Password" /></p>
	<p><input type='submit' class="btn" name='submit' value='Login' /></p>
</div>
</form>
</body>
</html>

<?
die(); // don't go any further if not logged in
} // end !logged in
?>

In any template you wish to protect:

<? require("./includes/login.php");?>

To trigger a logout:

<a href="?logout=1">Logout</a>

Note:

I'm using the HTML5 placeholder attribute. Browser support is not 100%.

You may want to use labels instead, or use some jQuery (like I did) to add the placeholder text for browser that don't support it.

SideNote:

How do you get code indents to stick when posting? I'm having to go back and add spaces to each line. I use tabs when coding.

I'm studying your code.

Which line(s) of code which save the path for redirection back to it when login sucessfully.

[pjg]

$session->redirect($page->path);

As mentioned in the post you quoted the login handling code is supposed to be included in any page that is supposed to be protected. This means redirecting to $page->path is merely a solution to ensure the same page you are on at the moment is reloaded once logged in. At least that's how I'd read it.

[salepg]

Insteed of (which isn't works for me):

/_main.php

<a href='?logout=1'>Logout</a>

I'm using:

/_main.php

<a href='{$config->urls->admin}login/logout/'>Logout</a>

I don't know why first doesn't work. Second have a little "bug". When I'm logged as a regular user, when I log off it redirect me at homepage (which is ok), but if I'm logged as admin it redirect me to Admin Panel login. I can guess that solution is to include login.php before echoing these lines.

[blynx]

I had a problem with this error "Call to a member function isLoggedin() on a non-object" when using the login-code from Ryans very first post in this thread here.

Just like adrianmak here: https://processwire.com/talk/topic/8835-cause-internal-server-error-when-login-with-a-wrong-username-or-password/

The code at the very beginning of this thread goes like this:

$user = $sanitizer->username($input->post->user);

But that is bad because $user gets overwritten !?

Jan Romero gave the answer in that other thread ... 
 

Now I use this and everything is fine:

$username = $sanitizer->username($input->post->user);
$pass = $input->post->pass; 

if($session->login($username, $pass)) {
  $session->redirect($root_url."login/");
}

Could be related to some other bugs on this forum? When you search for "Call to a member function isLoggedin()" you get some topics displayed - maybe the examples at the beginning should be corrected!?

[Jan Romero]

Yeah, that’s true. It works in Ryan’s example at the beginning of the thread because he calls isLoggedin() before overwriting the $user variable with a normal string (strings in php are indeed different from objects). So, confusingly, in that example $user refers to different things at separate times. He should probably edit the post for posterity.

[berechar]

Hi everyone,

A question regarding security/best-practice concerning a simple front-end login through AJAX calls. My plan is to use this kind of module inside a small AngularJS architecture to update the entire application when someone is logged in/out.

*

I've made a simple HTML form in which the user can login by typing his/her username and password in the corresponding fields. After submitting the form, an Ajax GET request is made with these values to a page which has access to the Processwire API. This page checks if these values (after sanitization) correspond to an existing user in the CMS.

If the user and password matches, the user is logged in, and a success message is being returned.

If the user and password mismatches, an error message is being returned.

*

I don't know much about encryption, therefore I highly doubt if this a 'safe' way of doing things. Hopefully someone can give me some pointers on this!

Best,

berechar