Cannot get Login/Register to login user

Recommended Posts

Having problems with the new Login/Register module and hoping someone can help.

Desired result:

  • Guest lands on site (or later specific page) and is redirected to the Login page.
  • The user’s landing page is saved to a session and once logged-in, is redirected back to the original landing page

What’s happening:

  • Guest lands on any page on the site and is redirected to the Login page
  • Guest enters credentials, hits submit, then sometimes a variety of error messages get written to the logs including sessionCSRF and MYSQL errors. Guest user is presented with the Internal Server Error. Regardless, guest is not logged in


  • Using PW 3.0.76 and PHP 5.6


  • User account created manually in admin with login-register privilege
  • User is my old mate:


  • Site is configured to use delayed output with Regions & Functions API

In _init.php I have:

<?php namespace ProcessWire;
if(!$user->isLoggedin() && $page->id!=1193) { // not for login page
    $session->set('returnPage', $page->url);

In login.php template:

<?php namespace ProcessWire;

if($user->isLoggedin() && !$input->get('profile') && !$input->get('logout')) {
    // login and go back to the previous page or go to the home page
    $goToUrl = $session->returnPage ? $session->returnPage : '/';
} else {
    // let the LoginRegister module have control
    $content = $modules->get('LoginRegister')->execute();

<div id="regContent">
    <div class="content-wrap">
        <div class="container clearfix">
            <region id="regPostContent">
                <!-- Post Content
                ============================================= -->
                <div class="postcontent nobottommargin clearfix col_three_fourth">
                 </div><!-- .postcontent end -->
</div><!-- #content end -->


What am I doing wrong? Why can’t Fred login?

Any help to resolve much appreciated.




PS: Tried to use TracyDebugger to see what was happening but got js errors. Just not my day. Uninstalled TD and no errors :(

Edited by psy

Share this post

Link to post
Share on other sites

Tested your exact same code with ProcessWire 3.0.79 and PHP 5.6.25.

It works as expected with all kinds of users.

No entries in the logs or errors on the page.


Are there any security or session related functions or modules installed?

  • Like 2

Share this post

Link to post
Share on other sites

@wbmnfktr thanks for recreating the scenario - epic :) and also for the feedback.

Still more weirdness on my site and I have a horrible feeling the conflicting session-related module may be FormBuilder even though at one point, I removed all FB forms from the login page (there was one in the footer) and turned off SessionCSRF on all FB forms. :( Will keep working on it. Any other help/suggestions in the meantime most welcome

Share this post

Link to post
Share on other sites

Managed to get Login/Register working on a clean install with no FormBuilder with a few minor tweaks to the code:

Firstly, to be on the safe side, I changed $page->url to $page->httpUrl. Secondly, on occasion my frontend page named 'login' got confused with the admin page named 'login' so specified exactly where to redirect.

if(!$user->isLoggedin() && $page->id!=1193) { // not for login page
    $session->set('returnPage', $page->httpUrl);

Still having issues with SessionCSRF with LoginRegister + FormBuilder. Will post in the FB forum.


  • Like 1

Share this post

Link to post
Share on other sites

In order to complete the testing scenario I added a form to my login page now as well - embed method A, B, and C with FormBuilder form above and below login form.

Login still works fine without any errors.

  • Like 1

Share this post

Link to post
Share on other sites

@wbmnfktr Wow! Thank you again. I'm still having problems.  My forms are embedded via the API. Back to the drawing board :( 


Share this post

Link to post
Share on other sites

I saw your question in the FormBuilder linking to this thread, so replying here rather than there because I don't think it's related to FormBuilder, as it doesn't look like you are using FormBuilder for the forms here and as a result it shouldn't come into play. A couple things to look into: I'm wondering if there is an unexpected extra redirect occurring somewhere. It might be good to watch your developer tools Network tab (in Chrome) to look for 301 requests. It could be as simple as a page requiring a trailing slash and one not being present, or the opposite, and thus a redirect occurring. Or it could be that you've got those pages access protected using PW's template access control, and its redirects are happening before your _init.php even gets called. While you are testing, you might want to disable the _init.php code just to see what difference it makes.

Take a look at markup regions and make sure that your final output is as you expect when viewing the source of the pages. I noticed you are using the markup region tag termination hint <!--#regPostContent-->, which is good—that gives Markup Regions a shortcut to find where your tag ends, saving it time. But in another case you are using <!-- #content end -->, which might be confusing the markup regions because it should instead be <!--#regContent-->, and I don't see a <div id='content'> in the markup you pasted in. I think markup regions is probably just ignoring your <!-- #content end -->, but try replacing it with <!--#regContent--> just in case. 

  • Like 1

Share this post

Link to post
Share on other sites

Thank you @ryan for pointing me in the right direction. Problem solved.

FormBuilder was a red herring, all good there. The cryptic debug message was key to finding the cause.


Fatal error: Uncaught PDOException: You cannot serialize or unserialize PDO instances in [no active file]:0 Stack trace: #0 [internal function]: PDO->__sleep() #1 [internal function]: session_write_close() #2 {main} thrown in [no active file] on line 0

I refer to the home page throughout the site and normally add $homePage = $pages->get('/'); in the _init.php file.

Tried to be too clever and tweak page load speed by reducing the number of database calls so put the following below the LoginRegister code:

// shortcut to home page saved in session
$homePage = $session->get('home-page');  // Fairly certain this is the culprit!
if (!$homePage) {
    $homePage = $pages->get('/');
    $session->set('home-page', $homePage);

While the above works for $cache, it doesn't for $session, or even replacing $session with $_SESSION and using array_key_exists('home-page', $_SESSION), etc.

Reverted to $homePage = $pages->get('/'); for every page and Login/Register working perfectly. 

  • Like 3

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By matsn0w
      Hey all,
      I am working on a website and I want to style the login page, but I'm a bit confused. 
      I want either the existing login page styled in my own way using some CSS (I guess I prefer that) or I want to create a custom page with a form to login. (Which I could style too).
      I used the code from Ryan and Renobird posted here - which works great - but that doesn't replace the original login page. 
      Is there a way to some sort of 'disable' the original login?
      I hope my question is clear and thanks in advance,
    • By Lex Sanchez
      Hi everyone:
      I do not know if someone before using ProcessWire with AWS CloudFront, currently I have problems with the login, it does not work for any reason, when I check in the logs generated by ProcessWire, it only indicates This request was aborted because it appears to be forged. (in /wire/core/SessionCSRF.php line 190).
      I have allowed CloudFront to forward all headers, cookies and allow all methods (GET, POST, PUT).
      When I perform the same process from the ip server if it works or from the balancer.
    • By flydev
      OAuth2Login for ProcessWire
      A Module which give you ability to login an existing user using your favorite thrid-party OAuth2 provider (i.e. Facebook, GitHub, Google, LinkedIn, etc.)..
      You can login from the backend to the backend directly or render a form on the frontend and redirect the user to a choosen page.
      Built on top of ThePhpLeague OAuth2-Client lib.
      Registration is not handled by this module but planned.
      Howto Install
      Install the module following this procedure:
      Next step, in order to use a provider, you need to use Composer to install each provider
      ie: to install Google, open a terminal, go to your root directory of pw and type the following command-line: composer require league/oauth2-google
      Tested providers/packages :
          Google :  league/oauth2-google     Facebook: league/oauth2-facebook     Github: league/oauth2-github     LinkedIn: league/oauth2-linkedin
      More third-party providers are available there. You should be able to add a provider by simply adding it to the JSON config file.

      Howto Use It
      First (and for testing purpose), you should create a new user in ProcessWire that reflect your real OAuth2 account information. The important informations are, Last Name, First Name and Email. The module will compare existing users by firstname, lastname and email; If the user match the informations, then he is logged in.
      ie, if my Google fullname is John Wick, then in ProcessWire, I create a new user  Wick-John  with email
      Next step, go to your favorite provider and create an app in order to get the ClientId and ClientSecret keys. Ask on the forum if you have difficulties getting there.
      Once you got the keys for a provider, just paste it into the module settings and save it. One or more button should appear bellow the standard login form.
      The final step is to make your JSON configuration file.
      In this sample, the JSON config include all tested providers, you can of course edit it to suit your needs :
      { "providers": { "google": { "className": "Google", "packageName": "league/oauth2-google", "helpUrl": "" }, "facebook": { "className": "Facebook", "packageName": "league/oauth2-facebook", "helpUrl": "", "options": { "graphApiVersion": "v2.10", "scope": "email" } }, "github": { "className": "Github", "packageName": "league/oauth2-github", "helpUrl": "", "options": { "scope": "user:email" } }, "linkedin": { "className": "LinkedIn", "packageName": "league/oauth2-linkedin", "helpUrl": "" } } }  
      Backend Usage
      In ready.php, call the module :
      if($page->template == 'admin') { $oauth2mod = $modules->get('Oauth2Login'); if($oauth2mod) $oauth2mod->hookBackend(); }  
      Frontend Usage
      Small note: At this moment the render method is pretty simple. It output a InputfieldForm with InputfieldSubmit(s) into wrapped in a ul:li tag. Feedbacks and ideas welcome!
      For the following example, I created a page login and a template login which contain the following code :
      <?php namespace ProcessWire; if(!$user->isLoggedin()) { $options = array( 'buttonClass' => 'my_button_class', 'buttonValue' => 'Login with {provider}', // {{provider}} keyword 'prependMarkup' => '<div class="wrapper">', 'appendMarkup' => '</div>' ); $redirectUri = str_lreplace('//', '/', $config->urls->httpRoot . $page->url); $content = $modules->get('Oauth2Login')->config( array( 'redirect_uri' => $redirectUri, 'success_uri' => $page->url ) )->render($options); }
      The custom function lstr_replace() :
      /* * replace the last occurence of $search by $replace in $subject */ function str_lreplace($search, $replace, $subject) { return preg_replace('~(.*)' . preg_quote($search, '~') . '~', '$1' . $replace, $subject, 1); }  

    • By dragan
      If I have two PW sites that sit in separate folders, I can't be logged-in in both sites.
      If I login to project-a, then also login to project-b, get back to the first site, I have to login again.
      Is the cookie / session mechanism storing my domain? If it does, and it's meant to be some sort of security enhancement, it should not check my domain, but root-URL of the PW-installation. (strangely, this doesn't happen on localhost)
      Is it possible to prevent that behavior? Often I have two sites open (e.g. check to see if I have the same CKEditor setup and quickly copy and paste it, or copy a user-role)
    • By Jonathan Sachse Mikkelsen
      Hi everyone
      I've hit an error i can't seem to find a solution for. I build this website ( last year with processwire, and this week this error started showing up when my client tried to login:
      Catchable fatal error: session_regenerate_id(): Failed to create(read) session ID: memcached (path: in /srv/psa03/ on line 728
      Recoverable Fatal Error: session_regenerate_id(): Failed to create(read) session ID: memcached (path: (line 728 of /srv/psa03/ 
      The site has been up and running for many months and i have done no maintenance or updates on it since it went live and has been working flawless so far. 
      I've had no luck with googling this error, and I've no idea how to go about this.
      This is my first time posting on this wonderful forum that has proven a very valuable source of troubleshooting since i started working with processwire a year ago.
      hope to receive some valuable tips and bear with me for my less than great knowledge of php in general