adrian Posted February 26, 2017 Share Posted February 26, 2017 Thanks for posting @Can - I am curious though - did you try: Does this no longer work? Link to comment Share on other sites More sharing options...
Can Posted February 26, 2017 Share Posted February 26, 2017 haven't checked this threat actually, but as far as i understand i'm doing the same?! ;-) Link to comment Share on other sites More sharing options...
modifiedcontent Posted March 27, 2017 Share Posted March 27, 2017 I have tried to do this with: $finduser = $users->get( $input->post->email ); $user = $finduser->user; But get a server error. Is the approach obviously wrong or should I look for silly syntax errors? Email address should be unique imho. More and more organizations, including banks etc., use email address as the main unique identifier. Edit: $finduser->user; should have been $finduser->name Link to comment Share on other sites More sharing options...
adrian Posted March 27, 2017 Share Posted March 27, 2017 Just do: $user = $users->get("email=".$input->post-email); 1 Link to comment Share on other sites More sharing options...
Can Posted March 27, 2017 Share Posted March 27, 2017 $user = $users->get("email=".$input->post->email('email')); this will email sanitize the email input field value combining WireInput and WireSanitizer ;-) 3 Link to comment Share on other sites More sharing options...
adrian Posted March 27, 2017 Share Posted March 27, 2017 Good tip @Can For those interested, here is the blog post about sanitizing directly with $input: https://processwire.com/blog/posts/processwire-2.6.14-brings-major-enhancements-to-sanitizer-and-input-api-variables/#sanitizer-and-input-are-now-a-couple 3 Link to comment Share on other sites More sharing options...
eangulo Posted August 8, 2017 Share Posted August 8, 2017 Hi guys, I want to share what I found working on my custom front-end email login: Even if no user were found for the submit email, Processwire should check for login because the login throttle api will be triggered and it will prevent multiple login tries. If the $session->login() is only called when the email owner is found, then the login throttle api will not be triggered and that tells requesters that a user with the email they try to login exists or not in your DB. /** * Login a user with the given name and password * * @param string $email * @param string $password * * @return bool|string * */ public static function signIn(string $email, string $password) { $signedIn = false; if(!empty($email) && !empty($password)) { // taken from ProcessLogin->execute(); if($email = wire("sanitizer")->email($email)) { $emailUser = wire("users")->get("email=$email"); $name = ""; if($emailUser->id) { $name = $emailUser->get("name"); } $password = substr($password, 0, 128); try { /** * even if the user is not found, try a login with a empty username * because the Processwire Login throttle API will be triggered and * prevent multiple login tries on the same email */ $result = wire("session")->login($name, $password); if($result instanceof User) { $signedIn = true; } } catch(\Exception $exception) { return $exception->getMessage(); } } } return $signedIn; } Look at pw_login_throttle_api_nessage.png for the message it will return if many tries are made. Thanks hope this help. 5 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now