problem implementing front-end login with email

[applab]

I have configured ProcessLogin to use email instead of username (and  enforced unique values for the email field).  I can login to my admin just fine using an email address but I'm trying to create a front-end login form and it's failing.  I've copied the example from https://processwire.com/api/ref/session/login/ and replaced the two params with hard-coded values known to work for backend login but I just get 'Sorry Bob'.

Anyone have pointers on how to get this working from the front end?

 

[applab]

Ok, I've found a workaround by using the email to lookup the user name and then logging in with that instead.

$e = $input->post->email;
$p = $input->post->pswd;
$u = $pages->get("email={$e}")->name;
$session->login($u, $p);

 

[BillH]

Your approach seems a good one.

I don't know how you've configured things, but in similar circumstances I have usernames based on email addresses. As ProcessWire usernames are page names (mostly this just means replacing the @ with a hyphen), the following works for me:

$email = $this->sanitizer->email($input->post->username);
$username = $this->sanitizer->pageName($email);

Sanitizing the email address might be a small improvement to your approach.

 

[applab]

I had a feeling that the failure of

$session->login($email, $pswd);

might be related to email sanitization, but since my solution worked I gave up pondering.

Before trying it I didn't expect it to work as I thought that without a logged-in admin session I wouldn't have permission to query admin pages.

But your solution of using a sanitized email as the username and then sanitizing $input->post->email before calling $session->login() also makes a lot of sense.  I'll be doing the registration form next so I might adopt that approach.

[Jan Romero]

43 minutes ago, BillH said:

Your approach seems a good one.

I don't know how you've configured things, but in similar circumstances I have usernames based on email addresses. As ProcessWire usernames are page names (mostly this just means replacing the @ with a hyphen), the following works for me:

$email = $this->sanitizer->email($input->post->username);
$username = $this->sanitizer->pageName($email);

Sanitizing the email address might be a small improvement to your approach.

 

I figure this could lead to a collision if there were someone with the e-mail jim@ex-ample.com and someone with the e-mail jim-ex@ample.com.

[BillH]

@Jan Romero Yes, very good point. It could indeed cause a collision.

In the particular solution I was copying from, it's not really a problem because the collision would occur when a user was being set up. And it's a membership society, so  the user could be contacted and a different username arranged. Or I could improve the method!

 

 

[applab]

3 hours ago, BillH said:

Or I could improve the method!

My method is this...

The user will register using their email address and never actually know the username that's used to log them in behind the scenes.  On registration the username will be derived from the email address and if there's a clash I'll simply add an incremental numeric suffix.  When the user comes to login, the username is looked up from the email address (which is, of course, unique) and it doesn't matter if a suffix has been added or not, as long as it's the right username for the email address.

[Jan Romero]

4 hours ago, applab said:

the username is looked up from the email address (which is, of course, unique)

Technically, the username isn’t needed at all. Unless it’s exposed to users, it might as well be the the same as numeric page ID. If the email address is sufficiently unique, that’s all you need to look up the User object like $users->find("email={$email}") and call $session->login() with it. That is to say, you can pass the username to $session->login() as a string, but you can also pass a User object. https://processwire.com/api/ref/session/login/

[applab]

44 minutes ago, Jan Romero said:

username ... might as well be the the same as numeric page ID

Yes, that makes a lot of sense, thanks.