login template

[davo]

I can't understand what is wrong with my login template. It's the same one I've used before and not had issues.

when a user submits the form back to itself I get the 'login failed' message and $message is equal to 'not logged in', however, other parts of the experience would indicate the use IS logged in. If a user were to submit the form a second time, the page loads correctly and directs them to /contest.

I've been banging my head for three days with this and still can't work out the logic that is wrong with it.

any help much appreciated.

<?php 

if($user->isLoggedin()) {
	$mydash = "/contest";


$session->redirect($mydash); 
$message = "logged in";
}else{
$message = "not logged in";

if($input->post->username && $input->post->pass) {
  $username = $sanitizer->username($input->post->username); 
  $pass = $input->post->pass; 
  $u = $users->get($username); 
  if($u->id && $u->tmp_pass && $u->tmp_pass === $pass) {
    // user logging in with tmp_pass, so change it to be their real pass
    $u->of(false);
    $u->pass = $u->tmp_pass;
    $u->save();
    $u->of(true);
  }
  $u = $session->login($username, $pass); 
  if($u) {
    // user is logged in, get rid of tmp_pass
    $u->of(false);
    $u->tmp_pass = '';
    $u->save();
  }
}

// present the login form
$headline = $input->post->username ? "$message Login failed {$input->post->username} " : "$message Please login {$input->post->username} ";
$page->body = "
  <h2>$headline</h2>
  <form role='form' action='./' method='post'>
  <div class='form-group'>
  
  <label for='username'>Username </label> <input type='text' class='form-control' style='border-radius:0px' id='username' placeholder='username' name='username'>
  </div>

  <div class='form-group'>
  <label for='pass'>Password</label> <input type='password' class='form-control' style='border-radius:0px' id='pass' placeholder='Password' name='pass'>
  </div>

  <button type='submit' class='btn btn-sm btn-default'>Sign in</button>
  
  </form>
  <p><a href='/reset-pass/'>Forgot your password?</a></p>
  <p><a href='/forms/registration/'>Don't yet have a login?</a></p>
";

$page->editor = "Login to view content editor";

include("./main.php"); // main markup template
}

[pwFoo]

I use this code.

try {
            $login = $session->login($user, $pass);
            
            if($login && $login->id) return true;
            else return false;
        } 
        catch(Exception $e) {
            return $e->getMessage();
        }

[Soma]

Simple logic issue of your code.

1. User logged in? ... redirect

2. Form submitted, check and login

2. User not logged in show login

After sending the form, he's not yet logged in... you log them in later (but still show the form as if not logged in), but don't redirect after the login. So you get what you have.

[davo]

Of course! Thank you. I was showing the login and redirect test before the login was actually taking place.

Hence they were logged in by the time of the end of parsing the whole page but not at test time. Which also explains why when I then visited a different page I did appear to be logged in (because by then they were!)

Thank you for helping me see this.

[davo]

Soma, I thought I had this sorted but I'm still getting the same behaviour. I moved the session redirect to after the login lines of code hoping that this time the user would have been logged in and trigger the redirection.

Can you advise what I'm doing wrong please.

~David

<?php 



if($input->post->username && $input->post->pass) {
  $username = $sanitizer->username($input->post->username); 
  $pass = $input->post->pass; 
  $u = $users->get($username); 
  if($u->id && $u->tmp_pass && $u->tmp_pass === $pass) {
    // user logging in with tmp_pass, so change it to be their real pass
    $u->of(false);
    $u->pass = $u->tmp_pass;
    $u->save();
    $u->of(true);
  }

// this part actually logs the user in

  $u = $session->login($username, $pass); 
  if($u) {
    // user is logged in, get rid of tmp_pass
    $u->of(false);
    $u->tmp_pass = '';
    $u->save();
  }
}

// redirect if the user is login is successful which should have happened above
if($user->isLoggedin()) { 
	$message = "good!";
$session->redirect("/processwire"); 
}

// present the login form
$headline = $input->post->username ? "$message Login failed {$input->post->username} " : "$message Please login {$input->post->username} ";
$page->body = "
  <h2>$headline</h2>
  <form role='form' action='./' method='post'>
  <div class='form-group'>
  
  <label for='username'>Username </label> <input type='text' class='form-control' style='border-radius:0px' id='username' placeholder='username' name='username'>
  </div>

  <div class='form-group'>
  <label for='pass'>Password</label> <input type='password' class='form-control' style='border-radius:0px' id='pass' placeholder='Password' name='pass'>
  </div>

  <button type='submit' class='btn btn-sm btn-default'>Sign in</button>
  
  </form>
  <p><a href='/reset-pass/'>Forgot your password?</a></p>
  <p><a href='/forms/registration/'>Don't yet have a login?</a></p>
";

$page->editor = "Login to view content editor";



include("./main.php"); // main markup template

[Soma]

You don't need to check if user is logged in, cause you log him in just before and test if it's working with if($u) which should be if($u->id)

$u = $session->login($username, $pass); 
if($u && $u->id) {
   // user is logged in, get rid of tmp_pass
   $u->of(false);
   $u->tmp_pass = '';
   $u->save();
   // redirect here
}

Apart from that $user->isLoggedin() wouldn't work anyway cause you have $u which is the logged in user. The template var $user at that moment isn't updated.

[davo]

That works  - thank you.

but just to clarify so i understand what i'm doing, "if($u && $u->id)" checks to see if the variable $u exists AND $u->id exists?

[Soma]

login() returns null if login failed so a test like $u->id would give a warning or error that $u is not an object. if($u) would also work here.