Cannot get Login/Register to login user

Recommended Posts

Having problems with the new Login/Register module and hoping someone can help.

Desired result:

  • Guest lands on site (or later specific page) and is redirected to the Login page.
  • The user’s landing page is saved to a session and once logged-in, is redirected back to the original landing page

What’s happening:

  • Guest lands on any page on the site and is redirected to the Login page
  • Guest enters credentials, hits submit, then sometimes a variety of error messages get written to the logs including sessionCSRF and MYSQL errors. Guest user is presented with the Internal Server Error. Regardless, guest is not logged in


  • Using PW 3.0.76 and PHP 5.6


  • User account created manually in admin with login-register privilege
  • User is my old mate:


  • Site is configured to use delayed output with Regions & Functions API

In _init.php I have:

<?php namespace ProcessWire;
if(!$user->isLoggedin() && $page->id!=1193) { // not for login page
    $session->set('returnPage', $page->url);

In login.php template:

<?php namespace ProcessWire;

if($user->isLoggedin() && !$input->get('profile') && !$input->get('logout')) {
    // login and go back to the previous page or go to the home page
    $goToUrl = $session->returnPage ? $session->returnPage : '/';
} else {
    // let the LoginRegister module have control
    $content = $modules->get('LoginRegister')->execute();

<div id="regContent">
    <div class="content-wrap">
        <div class="container clearfix">
            <region id="regPostContent">
                <!-- Post Content
                ============================================= -->
                <div class="postcontent nobottommargin clearfix col_three_fourth">
                 </div><!-- .postcontent end -->
</div><!-- #content end -->


What am I doing wrong? Why can’t Fred login?

Any help to resolve much appreciated.




PS: Tried to use TracyDebugger to see what was happening but got js errors. Just not my day. Uninstalled TD and no errors :(

Edited by psy

Share this post

Link to post
Share on other sites

Tested your exact same code with ProcessWire 3.0.79 and PHP 5.6.25.

It works as expected with all kinds of users.

No entries in the logs or errors on the page.


Are there any security or session related functions or modules installed?

  • Like 2

Share this post

Link to post
Share on other sites

@wbmnfktr thanks for recreating the scenario - epic :) and also for the feedback.

Still more weirdness on my site and I have a horrible feeling the conflicting session-related module may be FormBuilder even though at one point, I removed all FB forms from the login page (there was one in the footer) and turned off SessionCSRF on all FB forms. :( Will keep working on it. Any other help/suggestions in the meantime most welcome

Share this post

Link to post
Share on other sites

Managed to get Login/Register working on a clean install with no FormBuilder with a few minor tweaks to the code:

Firstly, to be on the safe side, I changed $page->url to $page->httpUrl. Secondly, on occasion my frontend page named 'login' got confused with the admin page named 'login' so specified exactly where to redirect.

if(!$user->isLoggedin() && $page->id!=1193) { // not for login page
    $session->set('returnPage', $page->httpUrl);

Still having issues with SessionCSRF with LoginRegister + FormBuilder. Will post in the FB forum.


  • Like 1

Share this post

Link to post
Share on other sites

In order to complete the testing scenario I added a form to my login page now as well - embed method A, B, and C with FormBuilder form above and below login form.

Login still works fine without any errors.

  • Like 1

Share this post

Link to post
Share on other sites

@wbmnfktr Wow! Thank you again. I'm still having problems.  My forms are embedded via the API. Back to the drawing board :( 


Share this post

Link to post
Share on other sites

I saw your question in the FormBuilder linking to this thread, so replying here rather than there because I don't think it's related to FormBuilder, as it doesn't look like you are using FormBuilder for the forms here and as a result it shouldn't come into play. A couple things to look into: I'm wondering if there is an unexpected extra redirect occurring somewhere. It might be good to watch your developer tools Network tab (in Chrome) to look for 301 requests. It could be as simple as a page requiring a trailing slash and one not being present, or the opposite, and thus a redirect occurring. Or it could be that you've got those pages access protected using PW's template access control, and its redirects are happening before your _init.php even gets called. While you are testing, you might want to disable the _init.php code just to see what difference it makes.

Take a look at markup regions and make sure that your final output is as you expect when viewing the source of the pages. I noticed you are using the markup region tag termination hint <!--#regPostContent-->, which is good—that gives Markup Regions a shortcut to find where your tag ends, saving it time. But in another case you are using <!-- #content end -->, which might be confusing the markup regions because it should instead be <!--#regContent-->, and I don't see a <div id='content'> in the markup you pasted in. I think markup regions is probably just ignoring your <!-- #content end -->, but try replacing it with <!--#regContent--> just in case. 

  • Like 1

Share this post

Link to post
Share on other sites

Thank you @ryan for pointing me in the right direction. Problem solved.

FormBuilder was a red herring, all good there. The cryptic debug message was key to finding the cause.


Fatal error: Uncaught PDOException: You cannot serialize or unserialize PDO instances in [no active file]:0 Stack trace: #0 [internal function]: PDO->__sleep() #1 [internal function]: session_write_close() #2 {main} thrown in [no active file] on line 0

I refer to the home page throughout the site and normally add $homePage = $pages->get('/'); in the _init.php file.

Tried to be too clever and tweak page load speed by reducing the number of database calls so put the following below the LoginRegister code:

// shortcut to home page saved in session
$homePage = $session->get('home-page');  // Fairly certain this is the culprit!
if (!$homePage) {
    $homePage = $pages->get('/');
    $session->set('home-page', $homePage);

While the above works for $cache, it doesn't for $session, or even replacing $session with $_SESSION and using array_key_exists('home-page', $_SESSION), etc.

Reverted to $homePage = $pages->get('/'); for every page and Login/Register working perfectly. 

  • Like 3

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By CarloC
      I'm using the LoginRegister module and I'm getting an internal server error when I try to login with a wrong password more than one time.
      I've found that the error comes from the SessionLoginThrottle.module, because, for security reasons, is better to prevent too many failed logins.
      Ok, good. But, am I wrong if I think it's too bad to show an Internal server error to the user instead of a simple error in template saying the user to wait X seconds to retry to login?
      Is there a way to do that? It would be great if I could get the error string and style it in the page the way I like.
      And in the SessionLoginThrottle admin configuration, I think that could be a good idea to be able to change the maximum number of login attempts before the error is shown.
    • By prestoav
      I have a site built with a user role 'member' that can view some extra 'member area' pages. I have a user with the role 'editor' that has been given 'user-admin' permission who can successfully generate new users. However, when they try to add / change a 'member' role password to a 'member' role they get the error:
      Unable to generate password hash Does anyone know how to assign the 'editor' role the permission to generate a password for other user types?
    • By alan
      Sorry folks if this is obvious to most and I missed something in the docs or here in the forum, but, I have cheerfully used code such as:
      if($user->isLoggedin()) { echo " loggedIn"; } else { echo " notLoggedIn"; } in PW 2.x sites.
      Now on a v3 site I am finding even the most basic test to see if the viewer is logged in or `isSuperuser()` is not giving an error but simply doing nothing - not evaluating.
      For example, the top of a typical template reads:
      <?php namespace ProcessWire; if($user->isLoggedin()) { echo " loggedIn"; } else { echo " notLoggedIn"; } I have `debug` turned on.
      Is there something obvious I have missed, perhaps a step required for v3 that's not required for v2 to allow access to $user data?
      Thanks for any pointers.
    • By modifiedcontent
      I have my own register-login-profile/account page system. I know that Ryan recently released an official module for this, but there may be an advantage to having my own custom solution. Anyway, it seems to work well.
      But, I have been getting annoying Russian hack attempt accounts, mostly as 'guests' that don't bother to use the activation link.
      Most if not all of these accounts have this in the name field:
      No Subscription Detected
      Not Recognized
      ...which makes them relatively easy to filter out from real name accounts.
      Where do these "strings" come from? I can't find them in Processwire's source. Are the hackers using some kind of tool that inserts these for some reason? Or is it a PHP thing? Does anyone recognize them? Does it mean they are using some kind of backdoor instead of the registration form?
      In general, what are the best practices to secure my registration form, prevent spam accounts, etc.?
      I'll start with adding a check to block IP addresses that try to register with 'Not Recognized' etc. in the name field I guess.
    • By noelboss
      This module hooks into the login method to provide the possibility to login with the user's email address. This is my first module and it's very simple. Please provide feedback if you have any suggestions. Thanks
      The module can be found in the module repository:
      or on github: