login user without his pass.

[vxda]

Hi. On my new site i have 2 ways users can login / register.

First is a normal way = input email and pass

second is facebook login i used apeisa module for that : http://modules.processwire.com/modules/facebook-login/ .

But i changed it a bit to suit my needs ie.:

User has registered with normal form, so his acc is created, next time user wants to login with facebook. so im looking for his email address then i populate his account with new data from facebook and im login him in.

Thing is that i need to input his password for that, module itseld generates new password on every login. Im trying to prevent this to happend, so that user can login in a normal way anytime he wants.

now when im trying to use:
 

$session->login($u->name, $u->pass);

it does not work. it works only when i attatch a new password to him.

 

	// First we create random pass to use in login
$uniqid = uniqid();
$pass = sha1($uniqid . $id . $fbUserData->updated_time);

// User has logged in earlier with facebook id, great news let's login
if ($u->id) {
$u->of(false);
$u->pass = $pass;
$u->addRole(self::name);
$u->save();
}

My question ... Is there a way to login user without changing his pass on each login  ?

Cheers
 

[Craig]

Hi xvda

Please feel free to have a look at the code for my LoginPersist module, where I create a hook for Session's authenticate() method for that request. I store a temporary password for the user in the session, and in my hooked authenticate() I check the temporary one rather than the one in the database, and return true if it matches.

I've also created a TwitterLogin module (like the Facebook one you're using) using the above method, but it hasn't been fully tested yet. You're more than welcome to have a look at it though.

[vxda]

Hi xvda

Please feel free to have a look at the code for my LoginPersist module, where I create a hook for Session's authenticate() method for that request. I store a temporary password for the user in the session, and in my hooked authenticate() I check the temporary one rather than the one in the database, and return true if it matches.

I've also created a TwitterLogin module (like the Facebook one you're using) using the above method, but it hasn't been fully tested yet. You're more than welcome to have a look at it though.

Ty Craig, your code saved my life here

what i did was ...

i added your function to FacebookLogin.module

public function authenticate($event) {
        if ($event->return) return; // already authenticated

        $sess_name = $this->wire('session')->get('tmp_name');
        $sess_pass = $this->wire('session')->get('tmp_pass');

        $user = $event->arguments('user');
        $pass = $event->arguments('pass');

        if ($sess_name == $user->name && $sess_pass == $pass) {
            $this->wire('session')->remove('sess_name');
            $this->wire('session')->remove('sess_pass');
            $event->return = true;
        } else {
            $event->return = false;
        }
    }

and at the bottom i replaced

$session->login($u->name, $u->pass);

with:

$name = $u->name;
	$this->wire('session')->set('tmp_pass', $pass);
        $this->wire('session')->set('tmp_name', $name);
        $this->wire('session')->addHookAfter('authenticate', $this, 'authenticate');
        $this->wire('session')->login($name, $pass);

if i find user on my site i also removed all instances of.

$u->pass = $pass;
$u->save();

and its working ty again

[diegonella]

Hello vxda,

Could you share how I stay with your facebook login module without changing the password?

I'm going through the same problem and I could not find resolve

thank you very much

[vxda]

@diegonella
Hi the solution is one post above yours :
https://processwire.com/talk/topic/6619-login-user-without-his-pass/?p=64829

If u still have problems please give me some more details .
cheers