totoff

How to check if password field is populated with correct password?

By totoff, in API & Templates

Recommended Posts

totoff    433

totoff
Posted

Hi Forum,

I need to secure some downloads with a simple login form. As login tasks are new to me I try to adapt the code from this forum post for my purposes. This is where I am so far:

A page with input field type "password" (name "password").

This code:

<?php password protected areaif ($page->password) {	$pass = $page->password;	if ($input->post->pass != $pass) {    	echo "$page->body" . file_get_contents("./_login-form.inc"); // not logged in? get input form	} else {    	foreach ($page->downloads as $file) {    		echo "<h2>Sie sind eingeloggt</h2>";			echo "<ul>" .			"<li class='plain'><i class='fa fa-download'></i><a href='$file->url';?> $file->description</a></li>" .			"</ul>";			} // foreach	} // $input->post} //$page->password?>

And for _login-form.inc

<form method="post" action="./" accept-charset="UTF-8">    <input type="password" id="pass" name="pass" placeholder="" />    <button type="submit" name="submit" class="btn btn-success btn-block">Login</button></form>

Unfortunately the conditional always returns false even if the correct password has been entered into the form. This is the first time I'm using fieldtype password, thus I don't know how to check for the correct password entered (I understand the value is stored encrypted but that's all I know).

Any help is much appreciated.

Thanks!

Share this post

Link to post
Share on other sites

adrian    9,332

adrian
Posted

It looks like you are just wanting to require just a password, and not a username as well? And it looks like there is only one valid password per page? If so, then just use a text field so you can match them directly (since a text field won't be encrypted).

Alternatively, you could use: https://processwire.com/talk/topic/8387-page-protector/ - you'll likely want to use the Login Template option. This will require a username and password, so it may be more than you need.

Share this post

Link to post
Share on other sites

totoff    433

totoff
Posted

Hi Adrian, correct, just a very simple login required. Will use a text field then.

Anyhow, I would be interested to learn how the password field works. Didn't find much about it. If somebody has some spare time... :-)

Share this post

Link to post
Share on other sites

adrian    9,332

adrian
Posted

If you want to stick with a password field you can do this:

if($page->password->matches($input->post->pass)){
  • Like 2

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing API & Templates

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • Sten
      How to access to fields value
      By Sten
      Hi,
      I have a lot of difficulties with getting a field value.
      First I created a template, inside I created several fields
      two fields are a dropdown select box So I have a value and a label for each line.
      Then I want to get the field value in _init.php or in the template to display it. How can I get the value of a field for the page ? I need to understand the flow through which data goes.
      Could someone help me ?
      Thank you
       
       
       
    • matsn0w
      [SOLVED] Pointing PW login to my own login page
      By matsn0w
      Hey all,
      I am working on a website and I want to style the login page, but I'm a bit confused. 
      I want either the existing login page styled in my own way using some CSS (I guess I prefer that) or I want to create a custom page with a form to login. (Which I could style too).
      I used the code from Ryan and Renobird posted here - which works great - but that doesn't replace the original login page. 
      Is there a way to some sort of 'disable' the original login?
      I hope my question is clear and thanks in advance,
      matsn0w
    • chcs
      Trying to create field using API
      By chcs
      After running this code in my module's __install() the template_id is not set. Any ideas why?  (The export contents from the template created and the one that I built with Admin are the same. Both exports have the template_id is set to mm_state. When I go to edit the field in Admin, the template is not showing on the Input tab and it doesn't show the template title on a page using the template that uses this field. Using processwire 3.0.98)

      // mm_state
      $field = $this->fields->get('mm_state');
      if (!@$field->id) $field = new Field();
      $field->type = $this->modules->get("FieldtypePage");
      $field->name = 'mm_state';
      $field->label = 'State';
      $field->derefAsPage = 2;
      $field->inputfield = "InputfieldSelect";
      $this->fields->save($field);
      $field->labelFieldName = 'title';
      $field->template_id = 'mm_state';
      $field->columnWidth = 100;
      $field->required = true;
      $this->fields->save($field);
    • Lex Sanchez
      FrontEnd Login Not Work with AWS Cloudfront
      By Lex Sanchez
      Hi everyone:
      I do not know if someone before using ProcessWire with AWS CloudFront, currently I have problems with the login, it does not work for any reason, when I check in the logs generated by ProcessWire, it only indicates This request was aborted because it appears to be forged. (in /wire/core/SessionCSRF.php line 190).
      I have allowed CloudFront to forward all headers, cookies and allow all methods (GET, POST, PUT).
      When I perform the same process from the ip server if it works or from the balancer.
    • flydev
      OAuth2Login
      By flydev
      OAuth2Login for ProcessWire
      A Module which give you ability to login an existing user using your favorite thrid-party OAuth2 provider (i.e. Facebook, GitHub, Google, LinkedIn, etc.)..
      You can login from the backend to the backend directly or render a form on the frontend and redirect the user to a choosen page.
      Built on top of ThePhpLeague OAuth2-Client lib.
      Registration is not handled by this module but planned.
       
      Howto Install
      Install the module following this procedure:
       - http://modules.processwire.com/modules/oauth2-login/
       - https://github.com/flydev-fr/OAuth2Login
      Next step, in order to use a provider, you need to use Composer to install each provider
      ie: to install Google, open a terminal, go to your root directory of pw and type the following command-line: composer require league/oauth2-google
      Tested providers/packages :
          Google :  league/oauth2-google     Facebook: league/oauth2-facebook     Github: league/oauth2-github     LinkedIn: league/oauth2-linkedin
      More third-party providers are available there. You should be able to add a provider by simply adding it to the JSON config file.

      Howto Use It
      First (and for testing purpose), you should create a new user in ProcessWire that reflect your real OAuth2 account information. The important informations are, Last Name, First Name and Email. The module will compare existing users by firstname, lastname and email; If the user match the informations, then he is logged in.
      ie, if my Google fullname is John Wick, then in ProcessWire, I create a new user  Wick-John  with email  johnwick@mydomain.com
      Next step, go to your favorite provider and create an app in order to get the ClientId and ClientSecret keys. Ask on the forum if you have difficulties getting there.
      Once you got the keys for a provider, just paste it into the module settings and save it. One or more button should appear bellow the standard login form.
      The final step is to make your JSON configuration file.
      In this sample, the JSON config include all tested providers, you can of course edit it to suit your needs :
      { "providers": { "google": { "className": "Google", "packageName": "league/oauth2-google", "helpUrl": "https://console.developers.google.com/apis/credentials" }, "facebook": { "className": "Facebook", "packageName": "league/oauth2-facebook", "helpUrl": "https://developers.facebook.com/apps/", "options": { "graphApiVersion": "v2.10", "scope": "email" } }, "github": { "className": "Github", "packageName": "league/oauth2-github", "helpUrl": "https://github.com/settings/developers", "options": { "scope": "user:email" } }, "linkedin": { "className": "LinkedIn", "packageName": "league/oauth2-linkedin", "helpUrl": "https://www.linkedin.com/secure/developer" } } }  
      Backend Usage
      In ready.php, call the module :
      if($page->template == 'admin') { $oauth2mod = $modules->get('Oauth2Login'); if($oauth2mod) $oauth2mod->hookBackend(); }  
      Frontend Usage
      Small note: At this moment the render method is pretty simple. It output a InputfieldForm with InputfieldSubmit(s) into wrapped in a ul:li tag. Feedbacks and ideas welcome!
      For the following example, I created a page login and a template login which contain the following code :
      <?php namespace ProcessWire; if(!$user->isLoggedin()) { $options = array( 'buttonClass' => 'my_button_class', 'buttonValue' => 'Login with {provider}', // {{provider}} keyword 'prependMarkup' => '<div class="wrapper">', 'appendMarkup' => '</div>' ); $redirectUri = str_lreplace('//', '/', $config->urls->httpRoot . $page->url); $content = $modules->get('Oauth2Login')->config( array( 'redirect_uri' => $redirectUri, 'success_uri' => $page->url ) )->render($options); }
      The custom function lstr_replace() :
      /* * replace the last occurence of $search by $replace in $subject */ function str_lreplace($search, $replace, $subject) { return preg_replace('~(.*)' . preg_quote($search, '~') . '~', '$1' . $replace, $subject, 1); }  
      Screenshot