Jump to content
Doc

Do I need to add users ? (session->login problem)

Recommended Posts

Hello,

Newbie question here.

I'm rebuilding my existing website with PW, it's a game where people can guess the winners of races.

I used to have a "players" table. Those are registered players, I used to identify them through their login/password, and when it matches, I give them access to the website. No rocket science.

So now with PW, I'm building my sign-up form and I'm trying to create a new session when a new user sign up.

I'm retrieving user/pass from the sign-up form which has been posted before but :

if($session->login($user, $pass)) {
    // login successful
    $session->redirect(elsewhere);
}
else
    echo "failed";

... fails everytime.

Do I have to use something like :

$u = new User();
$u->name = "bill";
$u->pass = "billpwd";
$u->addRole("guest");
$u->save();

... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?)

I already have my players table so perhaps I can have the minimum in the PW's table and keep my players info in my historical table ?

... Or I can add all information I need into PW but I'd like to understand where it is stored.

Last question, if there is a PW matching between "user" and "session", I need to give to the session->login function the password not hashed. I'm using the password_hash php function, any problem with that ?

Thanks

 

 

Share this post


Link to post
Share on other sites

I'm answering to myself to a part of the question :

I've just discovered by dumping all the DB that a user is stored like a page, in the "pages" table, which is not too convenient if I want to dump my users table I guess.

Share this post


Link to post
Share on other sites
On 1/16/2017 at 10:42 AM, Doc said:

... before doing a session->login('bill', 'billpwd') ?? (I've just checked, it works, so I guess this is the good way to do it ?)

The $session->login($user, $pass) is going to return a user object if the user exists and password is correct. Otherwise, the session call will fail. That's why creating the user before the login check works when registering the user. It's okay to build users on-the-fly as long as you sanitize and do your role/permission assignments, etc. If you have a separate login form from the registration form, use one to create and login the user while the other simply logins in. I don't think you'll need to use any extra hashing, PW will compare the hashed value of the supplied password to that stored in the database.

  • Like 3

Share this post


Link to post
Share on other sites

Thanks @Mindfull.

Actually I sanitize everything before creating the user, on the fly as you said. That wasn't obvious for me to have to create the user before the session login returns OK.

I won't add any extra hashing but I keep only the minimum info (username/password/email) on the PW DB and have another table to store everything I need for my players. Also it's easier to have all the player's information in one table for me, export is easier too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By derelektrischemoench
      Hi guys,
      I'm facing a somewhat strange issue here which I can't quite wrap my head around. 
      I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. 
      I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login  page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess.
      Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123
      Thanks for any input, greetings
      derelektrischemoench
       
      //edit: I've noticed something interesting; despite the directories of my web folders being the same layout; when I open the admin page i get a 404 on the processwire/ resource in the networks panel of chrome; on my laptop I get a  200.... I guess this is where my problem is; but why?
       
       
    • By derelektrischemoench
      Hi guys,
      I'm facing a somewhat strange issue here which I can't quite wrap my head around. 
      I have a PW site in development which runs on three machines simultaneously, one staging server which is accessible as a preview instance for my customer, my PC and my laptop. 
      I have three completely identical settings on each of the three machines (same apache version, same php version, same codebase, same database); however on my PC I am unable to log into the backend. I get no error message or anything, when I try to login; i just get redirected to the login  page. I have already enabled database driven sessions (I enabled them on my laptop, then I dumped the database and copied it to my pc); I have cleared the cache directory; I cleared the sessions in the database; I cleared my browser caches, I tried different browsers, all to no avail; I am unable to login when using my pc, the instances all have the same .htaccess.
      Is there something I'm missing here or does anyone have a clue as to what my issue here might be? I'm using processwire 3.0.123
      Thanks for any input, greetings
      derelektrischemoench
       
       
    • By Peter Knight
      How do you guys handle large session tables when sessions are being recorded to the database?
      I notice one of my sites has a session table of over 14MB 
      Am I missing a way in the Admin or a module to auto-remove any sessions older than X days?
      Thanks
       
    • By helmut2509
      In my PW-Application there is currently no session timeout.
      I want to set the user session to 60 minutes which means that after 60 minutes of inactivity the user will be redirected to the homepage.
      so I added the following entry to my config.php:
      $config->sessionExpireSeconds = 120; (120 seconds is just for testing).
      But after five minutes of inactivity I am still logged in, there is no redirection.
      Is there anything wrong or did I miss something?
      In php.ini I have the entry:
      session.cookie_lifetime = 3600
    • By franciccio-ITALIANO
      Hi, I need to provide a quite complex user registration form: description, subdescription, drop-down lists etc. 
      Through this registration, users will be able to access and comment.
      If someone responds to their comments, I would like a NOTIFICATION to appear when accessing their panel.
      My social interaction project is just that, it seems simple, I don't need more.
      Now I am undecided whether to use buddypress, elgg, or a native processwire system.
      What do you recommend? 
      If you recommend processwire, which modules should I install?
      Do they work or is processwire too immature for that?
      Translated with www.DeepL.com/Translator (free version)
×
×
  • Create New...