Jump to content
mindplay.dk

Login using e-mail rather than username (and general login issues)

Recommended Posts

Thanks for posting @Can - I am curious though - did you try: 

Does this no longer work?

Share this post


Link to post
Share on other sites

haven't checked this threat actually, but as far as i understand i'm doing the same?! ;-)

Share this post


Link to post
Share on other sites

I have tried to do this with:

$finduser = $users->get( $input->post->email  );
$user = $finduser->user;

But get a server error. Is the approach obviously wrong or should I look for silly syntax errors?

Email address should be unique imho. More and more organizations, including banks etc., use email address as the main unique identifier.

Edit:

$finduser->user; should have been $finduser->name

Share this post


Link to post
Share on other sites

Just do:

$user = $users->get("email=".$input->post-email);

 

  • Like 1

Share this post


Link to post
Share on other sites

 

$user = $users->get("email=".$input->post->email('email'));

this will email sanitize the email input field value combining WireInput and WireSanitizer ;-)

  • Like 3

Share this post


Link to post
Share on other sites

Hi guys,

I want to share what I found working on my custom front-end email login:  

Even if no user were found for the submit email, Processwire should check for login because the login throttle api will be triggered and it will prevent multiple login tries. If the $session->login() is only called when the email owner is found, then the login throttle api will not be triggered and that tells requesters that a user with the email they try to login exists or not in your DB.

 

 

/**
* Login a user with the given name and password
*
* @param string $email
* @param string $password
*
* @return bool|string
*
*/
public static function signIn(string $email, string $password) {
	$signedIn = false;

	if(!empty($email) && !empty($password)) {
		// taken from ProcessLogin->execute();
		if($email = wire("sanitizer")->email($email)) {
			$emailUser = wire("users")->get("email=$email");
			$name = "";

			if($emailUser->id) {
				$name = $emailUser->get("name");
			}

			$password = substr($password, 0, 128);

			try {
				/**
                 * even if the user is not found, try a login with a empty username 
                 * because the Processwire Login throttle API will be triggered and 
                 * prevent multiple login tries on the same email
                 */                          
				$result = wire("session")->login($name, $password);

				if($result instanceof User) {
					$signedIn = true;
				}
			} catch(\Exception $exception) {
				return $exception->getMessage();
			}
		}
	}

	return $signedIn;
}

 

Look at pw_login_throttle_api_nessage.png for the message it will return if many tries are made.

 

Thanks hope this help.

 

pw_login_throttle_api_nessage.png

  • Like 5

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...