Doc

Do I need to add users ? (session->login problem)

4 posts in this topic

Hello,

Newbie question here.

I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races.

I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science.

So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up.

I'm retrieving user/pass from the sign-up form which has been posted before but :

if($session->login($user, $pass)) {
    // login successful
    $session->redirect(elsewhere);
}
else
    echo "failed";

... fails everytime.

Do I have to use something like :

$u = new User();
$u->name = "bill";
$u->pass = "billpwd";
$u->addRole("guest");
$u->save();

... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?)

I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ?

... Or I can add all information I need into PW but I'd like to understand where it is stored.

Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ?

Thanks

 

 

Share this post


Link to post
Share on other sites

I'm answering to myself to a part of the question :

I've just discovered by dumping all the DB that a user is stored like a page, in the "pages" table, which is not too convenient if I want to dump my users table I guess.

Share this post


Link to post
Share on other sites
On 1/16/2017 at 10:42 AM, Doc said:

... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?)

The $session->login($user, $pass) is going to return a user object if the user exists and password is correct. Otherwise, the session call will fail. That's why creating the user before the login check works when registering the user. It's okay to build users on-the-fly as long as you sanitize and do your role/permission assignments, etc. If you have a separate login form from the registration form, use one to create and login the user while the other simply logins in. I don't think you'll need to use any extra hashing, PW will compare the hashed value of the supplied password to that stored in the database.

3 people like this

Share this post


Link to post
Share on other sites

Thanks @Mindfull.

Actually I sanitize everything before creating the user, on the fly as you said. That wasn't obvious for me to have to create the user before the session login returns OK.

I won't add any extra hashing but I keep only the minimum info (username/password/email) on the PW DB and have another table to store everything I need for my players. Also it's easier to have all the player's information in one table for me, export is easier too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By fbg13
      When echoing a date field directly from the $user variable
      echo $user->date;  the timestamp is printed. Using
      echo $users->get($user->id)->date; prints the correct formated value.
      Is this a bug or or intended?
    • By modifiedcontent
      I have a simple front-end password update form like this:
      In the browser the label of the second field shows up as follows:
      WTH?!
      I can't figure out what is changing the label, what is inserting /processwire/ and reformatting the thing. Is this something in PW? A "helpful" thing that browsers do?
      Edit:
      The problem disappears if I simply rename the second field to 'Confirm Password'.
      So my problem is solved, but I'll leave this here in case this is some kind of bug.
    • By beto
      I can't add a new value to a custom PageArray field  for my user.
       
      However, when I create a new user, I CAN add the new PageArray value:
       
      I need help. Thank you very much.
       
    • By modifiedcontent
      How do you get the same 'set password' form/input fields on the front-end as in the admin area?
      I have a working front-end version, but the admin version has some nifty stuff around it. Should be easy to get the same on the front-end, right?
    • By Karl_T
      Greetings. I am here to share my first module. I make this module because I cannot find one to suit my need. I like SessionHandlerDB but I do not want to use mysql database to store session for performance. So, Redis seems to be the best choice. I have tried to use netcarver's SessionHandlerRedis but it lacks something I need, those are the active session checking and the easy module configuration while I do borrow some code from it (thanks to netcarver). So I take this chance to merge them together to form a new module. I am new to use github and I don't know if it is appropriate to publish another similar project, or fork from them. 
      You may grab this from Github: SessionHandlerDBRedis
      I hope this could give somebody a help.
       
      Updated to v0.4
      changelog: 
      v0.3 - added ability to get forwarded IP instead of normal remote IP. 
      v0.4 - added session lock