Doc

Do I need to add users ? (session->login problem)

Recommended Posts

Hello,

Newbie question here.

I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races.

I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science.

So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up.

I'm retrieving user/pass from the sign-up form which has been posted before but :

if($session->login($user, $pass)) {
    // login successful
    $session->redirect(elsewhere);
}
else
    echo "failed";

... fails everytime.

Do I have to use something like :

$u = new User();
$u->name = "bill";
$u->pass = "billpwd";
$u->addRole("guest");
$u->save();

... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?)

I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ?

... Or I can add all information I need into PW but I'd like to understand where it is stored.

Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ?

Thanks

 

 

Share this post


Link to post
Share on other sites

I'm answering to myself to a part of the question :

I've just discovered by dumping all the DB that a user is stored like a page, in the "pages" table, which is not too convenient if I want to dump my users table I guess.

Share this post


Link to post
Share on other sites
On 1/16/2017 at 10:42 AM, Doc said:

... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?)

The $session->login($user, $pass) is going to return a user object if the user exists and password is correct. Otherwise, the session call will fail. That's why creating the user before the login check works when registering the user. It's okay to build users on-the-fly as long as you sanitize and do your role/permission assignments, etc. If you have a separate login form from the registration form, use one to create and login the user while the other simply logins in. I don't think you'll need to use any extra hashing, PW will compare the hashed value of the supplied password to that stored in the database.

  • Like 3

Share this post


Link to post
Share on other sites

Thanks @Mindfull.

Actually I sanitize everything before creating the user, on the fly as you said. That wasn't obvious for me to have to create the user before the session login returns OK.

I won't add any extra hashing but I keep only the minimum info (username/password/email) on the PW DB and have another table to store everything I need for my players. Also it's easier to have all the player's information in one table for me, export is easier too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By webhoes
      Hello,
      I am working of a site for a sport organisation.
      All affiliated gyms can edit their profile. I have used the advaced mode so that if you create a new page under location the gym can login and edit their profile.
      i also want that they can add instructors as child of their profile and also are able to edit those instructors.
      I can not get passed the able to edit all subpaged or none.
      How should this be done? Or is this not possible?
    • By Jonathan Sachse Mikkelsen
      Hi everyone
      I've hit an error i can't seem to find a solution for. I build this website (www.petervigh.com) last year with processwire, and this week this error started showing up when my client tried to login:
      Catchable fatal error: session_regenerate_id(): Failed to create(read) session ID: memcached (path: nfs01.cl2000.ams1.nl.leaseweb.net:11211) in /srv/psa03/petervigh.com/httpdocs/wire/core/Session.php on line 728
      Recoverable Fatal Error: session_regenerate_id(): Failed to create(read) session ID: memcached (path: nfs01.cl2000.ams1.nl.leaseweb.net:11211) (line 728 of /srv/psa03/petervigh.com/httpdocs/wire/core/Session.php) 
      The site has been up and running for many months and i have done no maintenance or updates on it since it went live and has been working flawless so far. 
      I've had no luck with googling this error, and I've no idea how to go about this.
       
      This is my first time posting on this wonderful forum that has proven a very valuable source of troubleshooting since i started working with processwire a year ago.
      hope to receive some valuable tips and bear with me for my less than great knowledge of php in general
       
      Jonathan 
       
       
       
    • By anttila
      We are developing an App that sends data over the Internet to ProcessWire (POST/JSON). We want password to be protected somehow when sending it, but I should be able to compare it to PW's passwords. We were thinking of using md5 encryption, but PW uses different encryption.
      How can I be sure that user has active account when they use the App?
    • By Jarden Black
       
      Hi everyone,
      [edit: do not loose your time reading this post, I solved it by disabling cache in the Pages2Pdf module... sorry 😓]
       
      I do not know if I should post on the Pages2Pdf thread or here. Mods, feel free to move the post.
       
      Since three days I am scratching my head  to understand a weird thing happening with $session and $config->debug used in conjunction with Pages2Pdf module. For information, I tested it on a fresh install of ProcessWire 3.0.96 with PHP-7.0.28 and Pages2Pdf-1.1.7 (domain: http://session.sites.sek/). I will try to explain what is going on.
       
      What I am trying to achieve :
      In a template, I need to set some sessions variables which are then echo'd in the PDF document.
      (on the test installation, the basic-page template (page /about/?pages2pdf) serve the PDF, the home and sitemap template set the session variable.)
       
      The problem :
      From the template sitemap, I set a variable: $session->setFor('pdf', 'myvar', 'Session set from Sitemap template');
      From the template home, I set a variable: $session->setFor('pdf', 'myvar', 'Session set from Home template');
      Then in the PDF default template, I echo the session variable: <p>Session: <?= $session->getFor('pdf', 'myvar'); ?></p>
       
      Now I turn ON debug mode ($config->debug = true) :
      Then I navigate to  "http://session.sites.sek/home/" and the session variable "myvar" is set to "Session set from Home template". Then I navigate to  "http://session.sites.sek/sitemap/" and the session variable "myvar" is set to "Session set from Sitemap template". Now I want my PDF document, so I navigate to "http://session.sites.sek/about/?pages2pdf=1" and I get my PDF document with the right session var : "Session set from Sitemap template" For the moment, nothing special happen. Everything work great. We are in debug mode.
       
      Now I turn OFF debug mode ($config->debug = false) :
      Then I navigate to  "http://session.sites.sek/home/" and the session variable "myvar" is set to "Session set from Home template". Then I navigate to  "http://session.sites.sek/sitemap/" and the session variable "myvar" is set to "Session set from Sitemap template". Then I navigate back to "http://session.sites.sek/home/" and the session variable "myvar" is set back to "Session set from Home template". Now I want my PDF document - as expected, the "myvar" should be set to "Session set from Home template" - so I navigate to "http://session.sites.sek/about/?pages2pdf=1" and here the problem happen. Instead of echoing  "Session set from Home template" in the PDF document, the phrase "Session set from sitemap" is echo'd (the last value recorded before switching from debug ON).  
       
      I made two small screencasts to show the issue :
      DEBUG ON (Everything is OK)
       
      DEBUG OFF
       
       
      I am missing something ? EDIT: YES, you are dumb!
       
       
    • By flydev
      Hi everyone,
      [edit: do not loose your time reading this post, I solved it by disabling cache in the Pages2Pdf module... sorry 😓]
       
      I do not know if I should post on the Pages2Pdf thread or here. Mods, feel free to move the post.
       
      Since three days I am scratching my head to understand a weird thing happening with $session and $config->debug used in conjunction with Pages2Pdf module. For information, I tested it on a fresh install of ProcessWire 3.0.96 with PHP-7.0.28 and Pages2Pdf-1.1.7 (domain: http://session.sites.sek/). I will try to explain what is going on.
       
      What I am trying to achieve :
      In a template, I need to set some sessions variables which are then echo'd in the PDF document.
      (on the test installation, the basic-page template (page /about/?pages2pdf) serve the PDF, the home and sitemap template set the session variable.)
       
      The problem :
      From the template sitemap, I set a variable: $session->setFor('pdf', 'myvar', 'Session set from Sitemap template');
      From the template home, I set a variable: $session->setFor('pdf', 'myvar', 'Session set from Home template');
      Then in the PDF default template, I echo the session variable: <p>Session: <?= $session->getFor('pdf', 'myvar'); ?></p>
       
      Now I turn ON debug mode ($config->debug = true) :
      Then I navigate to  "http://session.sites.sek/home/" and the session variable "myvar" is set to "Session set from Home template". Then I navigate to  "http://session.sites.sek/sitemap/" and the session variable "myvar" is set to "Session set from Sitemap template". Now I want my PDF document, so I navigate to "http://session.sites.sek/about/?pages2pdf=1" and I get my PDF document with the right session var : "Session set from Sitemap template" For the moment, nothing special happen. Everything work great. We are in debug mode.
       
      Now I turn OFF debug mode ($config->debug = false) :
      Then I navigate to  "http://session.sites.sek/home/" and the session variable "myvar" is set to "Session set from Home template". Then I navigate to  "http://session.sites.sek/sitemap/" and the session variable "myvar" is set to "Session set from Sitemap template". Then I navigate back to "http://session.sites.sek/home/" and the session variable "myvar" is set back to "Session set from Home template". Now I want my PDF document - as expected, the "myvar" should be set to "Session set from Home template" - so I navigate to "http://session.sites.sek/about/?pages2pdf=1" and here the problem happen. Instead of echoing  "Session set from Home template" in the PDF document, the phrase "Session set from sitemap" is echo'd (the last value recorded before switching from debug ON).  
       
      I made two small screencasts to show the issue :
      DEBUG ON (Everything is OK)
       
      DEBUG OFF
       
       
      I am missing something ? EDIT: YES, you are dumb!
      Why it is working with debug mode ON and not vice-versa ?
      Is there someone who already spotted this strange behavior ?
      Is there a PHP settings which should be modified ?
       
      ====================================================
      Edit:
      I needed to post just to figure myself that Pages2Pdf cache the document when $config->debug is false.
      😬😬😬