Jump to content

Login using e-mail rather than username (and general login issues)


mindplay.dk

Recommended Posts

  • 1 month later...

I have tried to do this with:

$finduser = $users->get( $input->post->email  );
$user = $finduser->user;

But get a server error. Is the approach obviously wrong or should I look for silly syntax errors?

Email address should be unique imho. More and more organizations, including banks etc., use email address as the main unique identifier.

Edit:

$finduser->user; should have been $finduser->name

Link to comment
Share on other sites

  • 4 months later...

Hi guys,

I want to share what I found working on my custom front-end email login:  

Even if no user were found for the submit email, Processwire should check for login because the login throttle api will be triggered and it will prevent multiple login tries. If the $session->login() is only called when the email owner is found, then the login throttle api will not be triggered and that tells requesters that a user with the email they try to login exists or not in your DB.

 

 

/**
* Login a user with the given name and password
*
* @param string $email
* @param string $password
*
* @return bool|string
*
*/
public static function signIn(string $email, string $password) {
	$signedIn = false;

	if(!empty($email) && !empty($password)) {
		// taken from ProcessLogin->execute();
		if($email = wire("sanitizer")->email($email)) {
			$emailUser = wire("users")->get("email=$email");
			$name = "";

			if($emailUser->id) {
				$name = $emailUser->get("name");
			}

			$password = substr($password, 0, 128);

			try {
				/**
                 * even if the user is not found, try a login with a empty username 
                 * because the Processwire Login throttle API will be triggered and 
                 * prevent multiple login tries on the same email
                 */                          
				$result = wire("session")->login($name, $password);

				if($result instanceof User) {
					$signedIn = true;
				}
			} catch(\Exception $exception) {
				return $exception->getMessage();
			}
		}
	}

	return $signedIn;
}

 

Look at pw_login_throttle_api_nessage.png for the message it will return if many tries are made.

 

Thanks hope this help.

 

pw_login_throttle_api_nessage.png

  • Like 5
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...