Log User In Programmatically

[Pete]

Is there any way to log a user in programatically?

On the site in question I have forums and the logins are controlled through the forum software. Currently I create a user in PW automatically if they don't have one (forum member ID never changes and is stored in PW against that user) but looking at the login functionality in PW there is no way to log a user in without their password.

I know it's not good practice to do this anyway, but rather than create one global login form that logs them in in both places, I've got code to check if they're logged in in the forums and simply want to have them automatically logged in in PW like so:

if ($page->forumMemberData['logged_in']) {
   // Fetch the user or create if they don't exist in PW
   $u = wire('pages')->get("template=user, user_member_id=" . $page->forumMemberData['member_id'] . ", include=all");
   if (!$u->name) {
        $u = new User();
        $u->name = $page->forumMemberData['name'];
        $u->user_name = $page->forumMemberData['name'];
        $u->user_member_id = $page->forumMemberData['member_id'];
        $u->addRole("guest");
        $u->save();
   }
   // LOG USER IN HERE
}

I guess technically I don't need to log them into PW at all and can simply create/retrieve their details above, but wouldn't it be better to actually have them logged in for log purposes etc?

A side question that comes to mind - since I won't know their password with the above code, no password gets saved to the database as I haven't specified one. Is this a security issue waiting to happen if I elevate someone to a higher role? If it is I'll change the code to give them a random password (can't copy from the forum database as it's hashed!).

(The reason I don't want to create a separate login form for both systems and capture their actual password that way is that the forum software allows for Facebook and Twitter logins too, so I can't get their passwords anyway in those cases - plus I don't want to reinvent the wheel )

[Pete]

Ah, I see a possible solution by Apeisa here: http://modules.proce...facebook-login/

The solution there is to auto-generate the user, supply them with a random password on each session login.

I think a possible solution for me is the above (random-assign passwords after authentication - nothing could be safer ) and then a custom login module for PW purely for logging into the admin area that checks the username and password against the forum database, sets the corresponding PW password to match and then continues login.

If anyone is able to follow my rambling thoughts, does that sound like the most sensible course of action?

[apeisa]

Pete, this might be good help also: http://processwire.com/talk/topic/1901-possibility-to-login-user-through-api-without-knowing-password/

[nik]

Is there any way to log a user in programatically?

Yes there is, see http://processwire.c...rd/#entry21465. Do you still like it?

(Edit: I'm slow...)

[Pete]

Thanks guys - funny thing is I remember reading that a while back!

[Pete]

Okay, so I did this using nik's example from the other thread and lumped it into a module I've got that interacts with the forum software used here, but for another site.

If you're logged into the forums and then leave the forums to browse the site, it checks for a user account in PW with the forum member ID (this is stored in a field as an integer). If it finds one, it logs that user in - no real security issue as 99.9% of people will be a guest and you have to assume staff will be careful - otherwise it creates that user account with the guest role.

There's also some other checking for user groups and whether the user has been marked as a spammer. This means that those picked out by the anti-spam measures during registration don't get added as a user on the site and I also added some checks in so that if they turned out to be a spammer later on that their account on the site is trashed as long as they haven't contributed to any pages on the site.

Naturally there were a lot more things to check than I first thought, but I'm happy with the solution

Now I've paved the way for members to upload and maintain their own files, bookmark useful pages and all sorts of things... but since this wasn't paid work I need to go off and do some of that now Still, it's always nice to have a go at something in ProcessWire every so often just to see how you get on - it's never a question of being able to do it as there's always a way!