Jump to content

If user is not activated - show error


ankh2054
 Share

Recommended Posts

Hi all,

I have been working on a login form using the following article from Kyle:

https://processwire.com/talk/topic/4066-activate-user-account-via-email/

I cannot seem to get the form to output an error if the user is not activated, as it stands now my page does not load and gives an error, stating an unexpected { at line 104.

<?php

$login_errors = "";
$out = "";
$form = "<div class='container'>
        

        <div class='omb_login'>
            <h3 class='omb_authTitle'>Login or <a href='#'>Sign up</a></h3>
            <div class='row omb_row-sm-offset-3 omb_socialButtons'>
                <div class='col-xs-4 col-sm-2'>
                    <a href='#' class='btn btn-lg btn-block omb_btn-facebook'>
                        <i class='fa fa-facebook visible-xs'></i>
                        <span class='hidden-xs'>Facebook</span>
                    </a>
                </div>
                <div class='col-xs-4 col-sm-2'>
                    <a href='#' class='btn btn-lg btn-block omb_btn-twitter'>
                        <i class='fa fa-twitter visible-xs'></i>
                        <span class='hidden-xs'>Twitter</span>
                    </a>
                </div>  
                <div class='col-xs-4 col-sm-2'>
                    <a href='#' class='btn btn-lg btn-block omb_btn-google'>
                        <i class='fa fa-google-plus visible-xs'></i>
                        <span class='hidden-xs'>Google+</span>
                    </a>
                </div>  
            </div>

            <div class='row omb_row-sm-offset-3 omb_loginOr'>
                <div class='col-xs-12 col-sm-6'>
                    <hr class='omb_hrOr'>
                    <span class='omb_spanOr'>or</span>
                </div>
            </div>

            <div class='row omb_row-sm-offset-3'>
                <div class='col-xs-12 col-sm-6'>    
                    <form class='omb_loginForm' action='./' accept-charset='UTF-8' autocomplete='off' method='POST'>
                        <div class='alert alert-error fade-in alert-dismissable'>
                        </div> 
                        <div class='input-group'>
                            <span class='input-group-addon'><i class='fa fa-user'></i></span>
                            <input type='text' class='form-control' name='user' placeholder='Username'>
                        </div>
                        <span class='help-block'></span>
                                            
                        <div class='input-group'>
                            <span class='input-group-addon'><i class='fa fa-lock'></i></span>
                            <input  type='password' class='form-control' name='pass' placeholder='Password'>
                        </div>
                        <span class='help-block'></span>
                        <input class='returnUrl' type='hidden' name='returnUrl' value='[[+request_uri]]' />

                   
                    
                    <input class='loginLoginValue' type='hidden' name='service' value='login' />

                        <button class='btn btn-lg btn-primary btn-block' type='submit' name='submit' value='Login'>Login</button>
                    </form>
                </div>
            </div>
            <div class='row omb_row-sm-offset-3'>
                <div class='col-xs-12 col-sm-3'>
                    <label class='checkbox'>
                        <input type='checkbox' name='rememberme' value='1' checked='checked'>Remember Me
                    </label>
                </div>
                <div class='col-xs-12 col-sm-3'>
                    <p class='omb_forgotPwd'>
                        <a href='[[~5]]'>Forgot password?</a>
                    </p>
                </div>
            </div>          
        </div>"
;

// Check if user is already logged in - redirect to /
if($user->isLoggedin()) {
    // user is already logged in, so they don't need to be here
    $session->redirect("/"); 
}

//Check if submit is issued
if($input->post->submit) {

// check for login before outputting markup
if($input->post->user && $input->post->pass) {

    $user = $sanitizer->username($input->post->user);
    $pass = $input->post->pass; 

    if($user->user_activation != 0) {
    $login_errors .= "Sorry, but you need to activate your account!";
    $out .= $form;
    }

    //Below is line 104 with the else statement.
    else($session->login($user, $pass)) {
        // login successful
        $session->redirect("/"); 
        }

    }

}
else {
    $out .= $form;
}

?>

<?php include("./head.inc"); ?>
<?php include("./navbar.inc"); ?>

 <div><?php echo $login_errors; ?></div>
  
<?php echo $out; ?>

   

<?php include ("./foot.inc"); ?>
<?php include ("./java.inc"); ?>

Link to comment
Share on other sites

I have now changed my code to the below, so the form displays, but it does not stop the user from logging in if user_activation != 0. Any ideas?  I have checked the user field in the backend, and it still contains the activation code.

<?php

$login_errors = "";
$out = "";
$form = "<div class='container'>
        

        <div class='omb_login'>
            <h3 class='omb_authTitle'>Login or <a href='#'>Sign up</a></h3>
            <div class='row omb_row-sm-offset-3 omb_socialButtons'>
                <div class='col-xs-4 col-sm-2'>
                    <a href='#' class='btn btn-lg btn-block omb_btn-facebook'>
                        <i class='fa fa-facebook visible-xs'></i>
                        <span class='hidden-xs'>Facebook</span>
                    </a>
                </div>
                <div class='col-xs-4 col-sm-2'>
                    <a href='#' class='btn btn-lg btn-block omb_btn-twitter'>
                        <i class='fa fa-twitter visible-xs'></i>
                        <span class='hidden-xs'>Twitter</span>
                    </a>
                </div>  
                <div class='col-xs-4 col-sm-2'>
                    <a href='#' class='btn btn-lg btn-block omb_btn-google'>
                        <i class='fa fa-google-plus visible-xs'></i>
                        <span class='hidden-xs'>Google+</span>
                    </a>
                </div>  
            </div>

            <div class='row omb_row-sm-offset-3 omb_loginOr'>
                <div class='col-xs-12 col-sm-6'>
                    <hr class='omb_hrOr'>
                    <span class='omb_spanOr'>or</span>
                </div>
            </div>

            <div class='row omb_row-sm-offset-3'>
                <div class='col-xs-12 col-sm-6'>    
                    <form class='omb_loginForm' action='./' accept-charset='UTF-8' autocomplete='off' method='POST'>
                        <div class='alert alert-error fade-in alert-dismissable'>
                        </div> 
                        <div class='input-group'>
                            <span class='input-group-addon'><i class='fa fa-user'></i></span>
                            <input type='text' class='form-control' name='user' placeholder='Username'>
                        </div>
                        <span class='help-block'></span>
                                            
                        <div class='input-group'>
                            <span class='input-group-addon'><i class='fa fa-lock'></i></span>
                            <input  type='password' class='form-control' name='pass' placeholder='Password'>
                        </div>
                        <span class='help-block'></span>
                        <input class='returnUrl' type='hidden' name='returnUrl' value='[[+request_uri]]' />

                   
                    
                    <input class='loginLoginValue' type='hidden' name='service' value='login' />

                        <button class='btn btn-lg btn-primary btn-block' type='submit' name='submit' value='Login'>Login</button>
                    </form>
                </div>
            </div>
            <div class='row omb_row-sm-offset-3'>
                <div class='col-xs-12 col-sm-3'>
                    <label class='checkbox'>
                        <input type='checkbox' name='rememberme' value='1' checked='checked'>Remember Me
                    </label>
                </div>
                <div class='col-xs-12 col-sm-3'>
                    <p class='omb_forgotPwd'>
                        <a href='[[~5]]'>Forgot password?</a>
                    </p>
                </div>
            </div>          
        </div>"
;

// Check if user is already logged in - redirect to 
if($user->isLoggedin()) {
    // user is already logged in, so they don't need to be here
    $session->redirect("/"); 
}

//Check if submit is issued
if($input->post->submit) {

//check for login before outputting markup
if($input->post->user && $input->post->pass) {

    $user = $sanitizer->username($input->post->user);
    $pass = $input->post->pass; 

    if($user->user_activation != 0) {
    $login_errors .= "Sorry, but you need to activate your account!";
    $out .= $form;
    }

    elseif($session->login($user, $pass)) {
        // login successful
        $session->redirect("/"); 
        }

    }

    
}
else {
    $out .= $form;
}

?>

<?php include("./head.inc"); ?>
<?php include("./navbar.inc"); ?>

<div><?php echo $login_errors; ?></div>
  
<?php echo $out; ?>

   

<?php include ("./foot.inc"); ?>
<?php include ("./java.inc"); ?>

Link to comment
Share on other sites

If I change 

if($user->user_activation != 0) {
    echo "Sorry, but you need to activate your account!";
}

TO

if($user->user_activation == 0) {
    echo "Sorry, but you need to activate your account!";
}

Then no users can login, even if that field does == 0.

Does anyone have any ideas?

Link to comment
Share on other sites

A text field? Why are you checking it with 1 then? :-)....I haven't read you code properly but I suggest you use checkbox instead if all you want is to toggle true (==1) or false (==0) for user activation. So, if a user registers, use the API to set the value of the checkbox to 1 [checked]. If not, the checkbox remains un-ticked.
 
For reference, in case you want to check if a text field has content just do something similar to:

if($page->nameOfTextfield)//do something.[this is just an example saying if there's content in this field...]

There are other ways as well, including using PHP's empty method....

Link to comment
Share on other sites

Lol I really am such a PHP newbie, thanks for all your help.

What happens is the following:

During registration a activation code is set for the user.

$p = new Password();
    $activation = $p->randomBase64String(100); // 100=length of string  
    $activation_code = $config->httpHost."/activation/?user=".$username."&hash=".$activation;

Then an email is send to the user with the activation link, when clicked the below is executed.

$activate_username =  $sanitizer->text($_GET['user']);
$activate_hash =  $sanitizer->text($_GET['hash']);

if(wire("users")->get($activate_username)->id) {
    if(strcmp(wire("users")->get($activate_username)->user_activation, $activate_hash) == 0 || wire("users")->get($activate_username)->user_activation == 0) {
        echo "Your account has been activated!<br><br>";
        $activate_user = wire("users")->get($activate_username);
        $activate_user->of(false);
        $activate_user->user_activation = "0";
        $activate_user->save();
    }
    else {
        echo "There was an error activating your account!  Please contact us!<br><br>";
    }
}
else {
    echo "Sorry, but that we couldn't find your account in our database!<br><br>";
}

This then changed the value to 0.

Should I change this, or could I check against that value of 0?

thanks again for your help.

Link to comment
Share on other sites

In your other related topic I've suggested making them log in first (extra security, and if they've just registered you can log them in automatically and just restrict what they can do until they activate the account).

However, all you need to do if the activation code is truly unique and the user isn't logged in is something like $u = $users->get($input->get->activation_code);

If that $u has an ID then the system found a user with that code and you can activate the account.

The problem is if the user isn't logged in you don't want to activate and automatically log them in using this alone - what if I hacked someone's email account and found this email? I would then be able to click the link myself and activate the account and be automatically logged in myself.

Better to force them to be logged in before the link will work for added security.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...