applab Posted July 13, 2020 Share Posted July 13, 2020 I have configured ProcessLogin to use email instead of username (and enforced unique values for the email field). I can login to my admin just fine using an email address but I'm trying to create a front-end login form and it's failing. I've copied the example from https://processwire.com/api/ref/session/login/ and replaced the two params with hard-coded values known to work for backend login but I just get 'Sorry Bob'. Anyone have pointers on how to get this working from the front end? Link to comment Share on other sites More sharing options...
applab Posted July 13, 2020 Author Share Posted July 13, 2020 Ok, I've found a workaround by using the email to lookup the user name and then logging in with that instead. $e = $input->post->email; $p = $input->post->pswd; $u = $pages->get("email={$e}")->name; $session->login($u, $p); Link to comment Share on other sites More sharing options...
BillH Posted July 13, 2020 Share Posted July 13, 2020 Your approach seems a good one. I don't know how you've configured things, but in similar circumstances I have usernames based on email addresses. As ProcessWire usernames are page names (mostly this just means replacing the @ with a hyphen), the following works for me: $email = $this->sanitizer->email($input->post->username); $username = $this->sanitizer->pageName($email); Sanitizing the email address might be a small improvement to your approach. Link to comment Share on other sites More sharing options...
applab Posted July 13, 2020 Author Share Posted July 13, 2020 I had a feeling that the failure of $session->login($email, $pswd); might be related to email sanitization, but since my solution worked I gave up pondering. Before trying it I didn't expect it to work as I thought that without a logged-in admin session I wouldn't have permission to query admin pages. But your solution of using a sanitized email as the username and then sanitizing $input->post->email before calling $session->login() also makes a lot of sense. I'll be doing the registration form next so I might adopt that approach. Link to comment Share on other sites More sharing options...
Jan Romero Posted July 13, 2020 Share Posted July 13, 2020 43 minutes ago, BillH said: Your approach seems a good one. I don't know how you've configured things, but in similar circumstances I have usernames based on email addresses. As ProcessWire usernames are page names (mostly this just means replacing the @ with a hyphen), the following works for me: $email = $this->sanitizer->email($input->post->username); $username = $this->sanitizer->pageName($email); Sanitizing the email address might be a small improvement to your approach. I figure this could lead to a collision if there were someone with the e-mail jim@ex-ample.com and someone with the e-mail jim-ex@ample.com. 3 Link to comment Share on other sites More sharing options...
BillH Posted July 16, 2020 Share Posted July 16, 2020 @Jan Romero Yes, very good point. It could indeed cause a collision. In the particular solution I was copying from, it's not really a problem because the collision would occur when a user was being set up. And it's a membership society, so the user could be contacted and a different username arranged. Or I could improve the method! Link to comment Share on other sites More sharing options...
applab Posted July 16, 2020 Author Share Posted July 16, 2020 3 hours ago, BillH said: Or I could improve the method! My method is this... The user will register using their email address and never actually know the username that's used to log them in behind the scenes. On registration the username will be derived from the email address and if there's a clash I'll simply add an incremental numeric suffix. When the user comes to login, the username is looked up from the email address (which is, of course, unique) and it doesn't matter if a suffix has been added or not, as long as it's the right username for the email address. Link to comment Share on other sites More sharing options...
Jan Romero Posted July 16, 2020 Share Posted July 16, 2020 4 hours ago, applab said: the username is looked up from the email address (which is, of course, unique) Technically, the username isn’t needed at all. Unless it’s exposed to users, it might as well be the the same as numeric page ID. If the email address is sufficiently unique, that’s all you need to look up the User object like $users->find("email={$email}") and call $session->login() with it. That is to say, you can pass the username to $session->login() as a string, but you can also pass a User object. https://processwire.com/api/ref/session/login/ Link to comment Share on other sites More sharing options...
applab Posted July 16, 2020 Author Share Posted July 16, 2020 44 minutes ago, Jan Romero said: username ... might as well be the the same as numeric page ID Yes, that makes a lot of sense, thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now