louisstephens

Display Notifications after front-end login

Recommended Posts

I hope this is the correct place to post this. I currently am building a "dashboard" that displays some stats etc, but also handles login/logout with a form. Currently, when a user uses the form on the homepage, they redirected (if the credentials are correct) to the backend of processwire.

However, I was hoping to direct the user back to the dashboard and display an alert (for now until I get a library to handle this). I got it somewhat working if I dont redirect the user. However, if I refresh the page, the alert still "pops up". Does anyone know of a way to redirect to the home page, but then display an alert?

My Code to login:

<?php
if($input->post->user && $input->post->pass) {
	$user = $sanitizer->username($input->post->user);
    $pass = $input->post->pass; 

    if($session->login($user, $pass)) {
    	// login successful
        $session->redirect($dash); 
    }
}
?>

 

Share this post


Link to post
Share on other sites

Hello @louisstephens,

you could use a GET parameter inside your redirect. For example:

<?php
$session->redirect($dash . "?alert=success");

// On your dashboard template file
if ($input->get->alert === "success") {
	// Show your notification
}

If you plan to build a login be sure to use CSRF and maybe honeypot validation:

Regards, Andreas

  • Like 3

Share this post


Link to post
Share on other sites

Thanks  AndZyk . I will definitely give this a shot and see where this takes me. I completely forgot about GET (and I am still learning). Ill let you know how it goes. As for CSRF, that is a great idea. This is largely an internal site, but I will definitely take the precaution. 

  • Like 1

Share this post


Link to post
Share on other sites

That worked great @AndZyk! I appreciate the help. Now for a dumb question, once redirected, success="true" (in laments terms), notification displays, is there a way to remove the ?alert=success from the url ? As it stands, I have a script that refreshes the page every so often to get any new changes that might have been made on the site, and currently the alert will just keep posting.

 

There probably a better way to handle the refresh as well like ajax, but I dont quite know how to tackle that. I guess this was just an impromtu way of doing things.

  • Like 1

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By prestoav
      I have a site built with a user role 'member' that can view some extra 'member area' pages. I have a user with the role 'editor' that has been given 'user-admin' permission who can successfully generate new users. However, when they try to add / change a 'member' role password to a 'member' role they get the error:
      Unable to generate password hash Does anyone know how to assign the 'editor' role the permission to generate a password for other user types?
      Thanks!
    • By psy
      Having problems with the new Login/Register module and hoping someone can help.
      Desired result:
      Guest lands on site (or later specific page) and is redirected to the Login page. The user’s landing page is saved to a session and once logged-in, is redirected back to the original landing page What’s happening:
      Guest lands on any page on the site and is redirected to the Login page Guest enters credentials, hits submit, then sometimes a variety of error messages get written to the logs including sessionCSRF and MYSQL errors. Guest user is presented with the Internal Server Error. Regardless, guest is not logged in Scenario:
      Using PW 3.0.76 and PHP 5.6
      User account created manually in admin with login-register privilege User is my old mate: Username: fred Email: fred@flintstone.com Password: 1234test.
       
      Site is configured to use delayed output with Regions & Functions API In _init.php I have:
      <?php namespace ProcessWire; if(!$user->isLoggedin() && $page->id!=1193) { // not for login page     $session->set('returnPage', $page->url);     $session->redirect('/login/');     die; } In login.php template:
        <?php namespace ProcessWire; if($user->isLoggedin() && !$input->get('profile') && !$input->get('logout')) {     // login and go back to the previous page or go to the home page     $goToUrl = $session->returnPage ? $session->returnPage : '/';     $session->redirect($goToUrl); } else {     // let the LoginRegister module have control     $content = $modules->get('LoginRegister')->execute(); } ?> <div id="regContent">     <div class="content-wrap">         <div class="container clearfix">             <region id="regPostContent">                 <!-- Post Content                 ============================================= -->                 <div class="postcontent nobottommargin clearfix col_three_fourth">                     <?=$content?>                  </div><!-- .postcontent end -->             </region><!--#regPostContent-->         </div>     </div> </div><!-- #content end -->  
      What am I doing wrong? Why can’t Fred login?
      Any help to resolve much appreciated.
       
      TIA
      Psy
      PS: Tried to use TracyDebugger to see what was happening but got js errors. Just not my day. Uninstalled TD and no errors
    • By suntrop
      Sometimes I need pages in the site tree that are basically just a reference to another page – to redirect to the original page or display the same content under the new page url.
      I was surprised I couldn't find anything like that in the forum or as a module already. However, there is a new module by @Robin S but not exactly what I need.
      Example
      Home News Press Newsroom Media Services About Newsroom (virtual page for /news/newsroom/) Contact Example I: The page /about/newsroom/ should act as /news/newsroom/ – so, wehen I loop all pages for a sitemap both pages should have the URL /news/newsroom/.
      Example II: Another example (not often used) would be tu display the exact same content on /about/newsroom/ – although the page itself has no content on its own.
      Those examples don't have much in common, but they are just virtual or fake pages in the site tree.
      While the second one should be an easy task with wireRenderFile(), the first example isn't quite obvious to me. I think I have to use hooks and I have no idea where to start. I really appreciate you guys come up with a solution for everything, but I need to learn this myself  So just some hints to start would be great!
      Do I put the code into a module or some of the _init.php, ready.php etc. files? Or do I have to use a template file (e.g. virtual-page.php)? When I look into Captain Hook  – how do I find the appropriate point to hook into? (/wire/core/ Page.php and loaded()?) Do I need to create/manipulate each field separately (path, title, summary)? Sorry for the long read
       
    • By alan
      Sorry folks if this is obvious to most and I missed something in the docs or here in the forum, but, I have cheerfully used code such as:
      if($user->isLoggedin()) { echo " loggedIn"; } else { echo " notLoggedIn"; } in PW 2.x sites.
      Now on a v3 site I am finding even the most basic test to see if the viewer is logged in or `isSuperuser()` is not giving an error but simply doing nothing - not evaluating.
      For example, the top of a typical template reads:
      <?php namespace ProcessWire; if($user->isLoggedin()) { echo " loggedIn"; } else { echo " notLoggedIn"; } I have `debug` turned on.
      Is there something obvious I have missed, perhaps a step required for v3 that's not required for v2 to allow access to $user data?
      Thanks for any pointers.
    • By modifiedcontent
      I have my own register-login-profile/account page system. I know that Ryan recently released an official module for this, but there may be an advantage to having my own custom solution. Anyway, it seems to work well.
      But, I have been getting annoying Russian hack attempt accounts, mostly as 'guests' that don't bother to use the activation link.
      Most if not all of these accounts have this in the name field:
      No Subscription Detected
      Not Recognized
      ...which makes them relatively easy to filter out from real name accounts.
      Where do these "strings" come from? I can't find them in Processwire's source. Are the hackers using some kind of tool that inserts these for some reason? Or is it a PHP thing? Does anyone recognize them? Does it mean they are using some kind of backdoor instead of the registration form?
      In general, what are the best practices to secure my registration form, prevent spam accounts, etc.?
      I'll start with adding a check to block IP addresses that try to register with 'Not Recognized' etc. in the name field I guess.