ankh2054 Posted April 25, 2014 Share Posted April 25, 2014 Hi all, I have been working on a login form using the following article from Kyle: https://processwire.com/talk/topic/4066-activate-user-account-via-email/ I cannot seem to get the form to output an error if the user is not activated, as it stands now my page does not load and gives an error, stating an unexpected { at line 104. <?php $login_errors = ""; $out = ""; $form = "<div class='container'> <div class='omb_login'> <h3 class='omb_authTitle'>Login or <a href='#'>Sign up</a></h3> <div class='row omb_row-sm-offset-3 omb_socialButtons'> <div class='col-xs-4 col-sm-2'> <a href='#' class='btn btn-lg btn-block omb_btn-facebook'> <i class='fa fa-facebook visible-xs'></i> <span class='hidden-xs'>Facebook</span> </a> </div> <div class='col-xs-4 col-sm-2'> <a href='#' class='btn btn-lg btn-block omb_btn-twitter'> <i class='fa fa-twitter visible-xs'></i> <span class='hidden-xs'>Twitter</span> </a> </div> <div class='col-xs-4 col-sm-2'> <a href='#' class='btn btn-lg btn-block omb_btn-google'> <i class='fa fa-google-plus visible-xs'></i> <span class='hidden-xs'>Google+</span> </a> </div> </div> <div class='row omb_row-sm-offset-3 omb_loginOr'> <div class='col-xs-12 col-sm-6'> <hr class='omb_hrOr'> <span class='omb_spanOr'>or</span> </div> </div> <div class='row omb_row-sm-offset-3'> <div class='col-xs-12 col-sm-6'> <form class='omb_loginForm' action='./' accept-charset='UTF-8' autocomplete='off' method='POST'> <div class='alert alert-error fade-in alert-dismissable'> </div> <div class='input-group'> <span class='input-group-addon'><i class='fa fa-user'></i></span> <input type='text' class='form-control' name='user' placeholder='Username'> </div> <span class='help-block'></span> <div class='input-group'> <span class='input-group-addon'><i class='fa fa-lock'></i></span> <input type='password' class='form-control' name='pass' placeholder='Password'> </div> <span class='help-block'></span> <input class='returnUrl' type='hidden' name='returnUrl' value='[[+request_uri]]' /> <input class='loginLoginValue' type='hidden' name='service' value='login' /> <button class='btn btn-lg btn-primary btn-block' type='submit' name='submit' value='Login'>Login</button> </form> </div> </div> <div class='row omb_row-sm-offset-3'> <div class='col-xs-12 col-sm-3'> <label class='checkbox'> <input type='checkbox' name='rememberme' value='1' checked='checked'>Remember Me </label> </div> <div class='col-xs-12 col-sm-3'> <p class='omb_forgotPwd'> <a href='[[~5]]'>Forgot password?</a> </p> </div> </div> </div>" ; // Check if user is already logged in - redirect to / if($user->isLoggedin()) { // user is already logged in, so they don't need to be here $session->redirect("/"); } //Check if submit is issued if($input->post->submit) { // check for login before outputting markup if($input->post->user && $input->post->pass) { $user = $sanitizer->username($input->post->user); $pass = $input->post->pass; if($user->user_activation != 0) { $login_errors .= "Sorry, but you need to activate your account!"; $out .= $form; } //Below is line 104 with the else statement. else($session->login($user, $pass)) { // login successful $session->redirect("/"); } } } else { $out .= $form; } ?> <?php include("./head.inc"); ?> <?php include("./navbar.inc"); ?> <div><?php echo $login_errors; ?></div> <?php echo $out; ?> <?php include ("./foot.inc"); ?> <?php include ("./java.inc"); ?> Link to comment Share on other sites More sharing options...
ankh2054 Posted April 25, 2014 Author Share Posted April 25, 2014 I have now changed my code to the below, so the form displays, but it does not stop the user from logging in if user_activation != 0. Any ideas? I have checked the user field in the backend, and it still contains the activation code. <?php $login_errors = ""; $out = ""; $form = "<div class='container'> <div class='omb_login'> <h3 class='omb_authTitle'>Login or <a href='#'>Sign up</a></h3> <div class='row omb_row-sm-offset-3 omb_socialButtons'> <div class='col-xs-4 col-sm-2'> <a href='#' class='btn btn-lg btn-block omb_btn-facebook'> <i class='fa fa-facebook visible-xs'></i> <span class='hidden-xs'>Facebook</span> </a> </div> <div class='col-xs-4 col-sm-2'> <a href='#' class='btn btn-lg btn-block omb_btn-twitter'> <i class='fa fa-twitter visible-xs'></i> <span class='hidden-xs'>Twitter</span> </a> </div> <div class='col-xs-4 col-sm-2'> <a href='#' class='btn btn-lg btn-block omb_btn-google'> <i class='fa fa-google-plus visible-xs'></i> <span class='hidden-xs'>Google+</span> </a> </div> </div> <div class='row omb_row-sm-offset-3 omb_loginOr'> <div class='col-xs-12 col-sm-6'> <hr class='omb_hrOr'> <span class='omb_spanOr'>or</span> </div> </div> <div class='row omb_row-sm-offset-3'> <div class='col-xs-12 col-sm-6'> <form class='omb_loginForm' action='./' accept-charset='UTF-8' autocomplete='off' method='POST'> <div class='alert alert-error fade-in alert-dismissable'> </div> <div class='input-group'> <span class='input-group-addon'><i class='fa fa-user'></i></span> <input type='text' class='form-control' name='user' placeholder='Username'> </div> <span class='help-block'></span> <div class='input-group'> <span class='input-group-addon'><i class='fa fa-lock'></i></span> <input type='password' class='form-control' name='pass' placeholder='Password'> </div> <span class='help-block'></span> <input class='returnUrl' type='hidden' name='returnUrl' value='[[+request_uri]]' /> <input class='loginLoginValue' type='hidden' name='service' value='login' /> <button class='btn btn-lg btn-primary btn-block' type='submit' name='submit' value='Login'>Login</button> </form> </div> </div> <div class='row omb_row-sm-offset-3'> <div class='col-xs-12 col-sm-3'> <label class='checkbox'> <input type='checkbox' name='rememberme' value='1' checked='checked'>Remember Me </label> </div> <div class='col-xs-12 col-sm-3'> <p class='omb_forgotPwd'> <a href='[[~5]]'>Forgot password?</a> </p> </div> </div> </div>" ; // Check if user is already logged in - redirect to if($user->isLoggedin()) { // user is already logged in, so they don't need to be here $session->redirect("/"); } //Check if submit is issued if($input->post->submit) { //check for login before outputting markup if($input->post->user && $input->post->pass) { $user = $sanitizer->username($input->post->user); $pass = $input->post->pass; if($user->user_activation != 0) { $login_errors .= "Sorry, but you need to activate your account!"; $out .= $form; } elseif($session->login($user, $pass)) { // login successful $session->redirect("/"); } } } else { $out .= $form; } ?> <?php include("./head.inc"); ?> <?php include("./navbar.inc"); ?> <div><?php echo $login_errors; ?></div> <?php echo $out; ?> <?php include ("./foot.inc"); ?> <?php include ("./java.inc"); ?> Link to comment Share on other sites More sharing options...
ankh2054 Posted April 25, 2014 Author Share Posted April 25, 2014 If I change if($user->user_activation != 0) { echo "Sorry, but you need to activate your account!"; } TO if($user->user_activation == 0) { echo "Sorry, but you need to activate your account!"; } Then no users can login, even if that field does == 0. Does anyone have any ideas? Link to comment Share on other sites More sharing options...
kongondo Posted April 25, 2014 Share Posted April 25, 2014 What is this user_activation? A checkbox field? Some other type of field? Maybe also a case of this? Link to comment Share on other sites More sharing options...
ankh2054 Posted April 25, 2014 Author Share Posted April 25, 2014 It is a text field added to the systems default user template. Link to comment Share on other sites More sharing options...
kongondo Posted April 25, 2014 Share Posted April 25, 2014 A text field? Why are you checking it with 1 then? ....I haven't read you code properly but I suggest you use checkbox instead if all you want is to toggle true (==1) or false (==0) for user activation. So, if a user registers, use the API to set the value of the checkbox to 1 [checked]. If not, the checkbox remains un-ticked. For reference, in case you want to check if a text field has content just do something similar to: if($page->nameOfTextfield)//do something.[this is just an example saying if there's content in this field...] There are other ways as well, including using PHP's empty method.... Link to comment Share on other sites More sharing options...
ankh2054 Posted April 25, 2014 Author Share Posted April 25, 2014 Lol I really am such a PHP newbie, thanks for all your help. What happens is the following: During registration a activation code is set for the user. $p = new Password(); $activation = $p->randomBase64String(100); // 100=length of string $activation_code = $config->httpHost."/activation/?user=".$username."&hash=".$activation; Then an email is send to the user with the activation link, when clicked the below is executed. $activate_username = $sanitizer->text($_GET['user']); $activate_hash = $sanitizer->text($_GET['hash']); if(wire("users")->get($activate_username)->id) { if(strcmp(wire("users")->get($activate_username)->user_activation, $activate_hash) == 0 || wire("users")->get($activate_username)->user_activation == 0) { echo "Your account has been activated!<br><br>"; $activate_user = wire("users")->get($activate_username); $activate_user->of(false); $activate_user->user_activation = "0"; $activate_user->save(); } else { echo "There was an error activating your account! Please contact us!<br><br>"; } } else { echo "Sorry, but that we couldn't find your account in our database!<br><br>"; } This then changed the value to 0. Should I change this, or could I check against that value of 0? thanks again for your help. Link to comment Share on other sites More sharing options...
ankh2054 Posted April 27, 2014 Author Share Posted April 27, 2014 I see what the problem is now, it always returns NULL, because it cannot access the user field. I guess it doesn't now which user you want to access. Doing a var_dump($user->user_activation); returns NULL Link to comment Share on other sites More sharing options...
Pete Posted April 27, 2014 Share Posted April 27, 2014 In your other related topic I've suggested making them log in first (extra security, and if they've just registered you can log them in automatically and just restrict what they can do until they activate the account). However, all you need to do if the activation code is truly unique and the user isn't logged in is something like $u = $users->get($input->get->activation_code); If that $u has an ID then the system found a user with that code and you can activate the account. The problem is if the user isn't logged in you don't want to activate and automatically log them in using this alone - what if I hacked someone's email account and found this email? I would then be able to click the link myself and activate the account and be automatically logged in myself. Better to force them to be logged in before the link will work for added security. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now