benbyf

session->login($u,$p); what can the $u be?

11 posts in this topic

quick question, can the $username in login() be email OR username, or anything else?

Share this post


Link to post
Share on other sites
6 minutes ago, benbyf said:

quick question, can the $username in login() be email OR username, or anything else?

Two options:

https://processwire.com/talk/topic/1716-integrating-a-member-visitor-login-form/?page=4#comment-89599

https://processwire.com/talk/topic/1716-integrating-a-member-visitor-login-form/?page=4#comment-89616

You should read about the pros and cons of each.

1 person likes this

Share this post


Link to post
Share on other sites

Great options @adrian.

Strangely, I only asked as when login in with login() on my site it already allows either, which i thought was strange.

Share this post


Link to post
Share on other sites
2 hours ago, benbyf said:

Strangely, I only asked as when login in with login() on my site it already allows either, which i thought was strange.

Something sounds wrong there - are you sure you don't have something else that is handling the email to username check? I don't see anything in the login method to handle an email: https://github.com/processwire/processwire/blob/35df716082b779de0e53a3fcf7996403c49c9f8a/wire/core/Session.php#L704 and it doesn't work for me.

Share this post


Link to post
Share on other sites

@adrian Could it be that if the name and email are the same but the sanitizer is changing @ to - and thus making them equivalent?

Share this post


Link to post
Share on other sites

If you used the email for the name it does indeed work.

1 person likes this

Share this post


Link to post
Share on other sites

@adrian so i'm right in saying if the name is stored as e.g. yourname-web.com

then both yourname-web.com and yourname@web.com log me in.

Share this post


Link to post
Share on other sites
1 minute ago, benbyf said:

@adrian so i'm right in saying if the name is stored as e.g. yourname-web.com

then both yourname-web.com and yourname@web.com log me in.

That makes sense for sure. When I sent you those other links, I assumed that the usernames would be different to the email address.

1 person likes this

Share this post


Link to post
Share on other sites

ok, well something to bare in mind and maybe something that needs remedying or not. @ryan?

Share this post


Link to post
Share on other sites
On 1/13/2017 at 2:42 PM, benbyf said:

ok, well something to bare in mind and maybe something that needs remedying or not. @ryan?

Would be nice to know, if you can use this as a feature :-) It would make a custom front-end login with email easier (if you make sure email-address updates are reflected to the username as well).

1 person likes this

Share this post


Link to post
Share on other sites

using both at the moment to login, email and username created by PW out of the email.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By ragnarokkr
      Hi all guys! I've a BIG problem here and hope you can help me to solve it.
      Suddenly yesterday my PW installation stopped letting me to log in.
      I can access the front-end, but each time i try to log into the back-end it gives me "This request was aborted because it appears to be forged."
      I already have searched into the forum and tried every possible solution, without any result 
      In order:
      site/config.php is readable site/assets/{cache,logs,sessions} is present and 0755 (and setting them to 0777 doesn't make any difference) tried to backup site/assets/sessions directory and make another new empty one nothing is changed with user:group permissions setting $protectCSRF, $sessionChallenge, and $sessionFingerprint to false the error disappears but the login page still remains making the sessions table empty doesn't make any difference enabled/disabled the www. redirection in .htaccess, just in case but nothing enabled $debug and no error removed cookies restarted the server Anybody has an idea? 
    • By cybromancy
      Hi there, going a bit crazy here. Trying to be a user and change the role of another user.
      //get the user id to change $changeRole = $users->get($sanitizer->username('username'))->id; //add role $changeRole->addRole('moderator'); //save changes $users->save($changeRole);  
      What am I missing? Is it a user permissions setting? All I saw were permission settings for pages.
      Thanks up front for the help.
    • By Doc
      Hello,
      Newbie question here.
      I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races.
      I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science.
      So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up.
      I'm retrieving user/pass from the sign-up form which has been posted before but :
      if($session->login($user, $pass)) {
          // login successful
          $session->redirect(elsewhere);
      }
      else
          echo "failed";
      ... fails everytime.
      Do I have to use something like :
      $u = new User(); $u->name = "bill"; $u->pass = "billpwd"; $u->addRole("guest"); $u->save(); ... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?)
      I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ?
      ... Or I can add all information I need into PW but I'd like to understand where it is stored.
      Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ?
      Thanks
       
       
    • By godmok
      Hi everyone,
      I have a problem with a member site where I put a link in CKEditor field thatshould go to a users profile page. The profile page is a site with one urlSegment, that contains the name of the user from the admin.
      The structure looks like this:
      -profiles --username (urlSegment) -some page (CKEditor field with a link to /profiles/username) -admin (PW admin area) --users ---username (user profile) So "some page" has a CKEditor field with a link to a profile page. Now the problem is, that this link source is always changed to the admin path and not the profiles (with urlSegment). A guest user can not look into this. Can this be deactivated, or is it wanted to work like this?
      My solution now is to create an additional page under "profiles" that is linked by a pagefield in the user profile. So a Link will always link to the "real" page under "profiles". Could there be a easier solution than creating an extra page as there is already one under admin but still let the links in CKEditor untouched?
      Thanks!