Protect content of a personal blog with guest users

Dragondz · 2018-01-02 14:15:23

Hi kirito,

if i am not mistaken, you can connect with email address without any change right now.

For the other question : you can change txp_users table with phpmyadmin and check uniq for email adress.

For mem_self_register you can add this code (arounf line 507 in mem_self_register 0.9.8):

if (safe_row('user_id', mem_get_user_table_name(), "email = '".doSlash($email)."'")) {
		return mem_form_error(mem_self_gTxt('email_exists'));
	}

right below:

if (safe_row('user_id', mem_get_user_table_name(), "name = '".doSlash($username)."'")) {
		return mem_form_error(mem_self_gTxt('user_exists'));
	}

for gTxt add this line (if not exist) in mem_self_lang array (change the string for your language) (line 12)

'email_exists'		=>	'Email déjà utilisé. Choisissez un autre SVP',

Hope this can help you.

Cheers

uli · 2018-01-02 18:24:19

kirito wrote #308524:

I would like to write a small tutorial with all the forms that I wrote down (also for my own future reference, just in case). Where is the best place for this?

The community post their tips on textpattern.tips. Thanks! (Thanks also for making abl_droploader 4.6-ready.)

kirito · 2018-01-03 08:45:47

Dragondz wrote #308525:

if i am not mistaken, you can connect with email address without any change right now.

I just tried to login with email address, but doesn’t work. It would be weird, because as email uniquness is not checked when registering user, potentially there could be multiple users with same address.

For the other question : you can change txp_users table with phpmyadmin and check uniq for email adress.

For mem_self_register you can add this code (arounf line 507 in mem_self_register 0.9.8):

if (safe_row('user_id', mem_get_user_table_name(), "email = '".doSlash($email)."'")) {...

right below:

if (safe_row('user_id', mem_get_user_table_name(), "name = '".doSlash($username)."'")) {...

for gTxt add this line (if not exist) in mem_self_lang array (change the string for your language) (line 12)

'email_exists' => 'Email déjà utilisé. Choisissez un autre SVP',...

Hope this can help you.

Cheers

I will give it a try as soon as I can. Thanks!

kirito · 2018-01-03 08:48:00

uli wrote #308526:

The community post their tips on textpattern.tips. Thanks! (Thanks also for making abl_droploader 4.6-ready.)

You’re welcome! And thank you, too! I will try to post a tutorial there, then.

Bloke · 2018-01-03 09:24:34

kirito wrote #308529:

I just tried to login with email address, but doesn’t work.

It takes some trickery, but logging in via email address does work. I’ve done it before.

as email uniquness is not checked when registering user, potentially there could be multiple users with same address.

In core, the name field (login name) has a unique key on it, so you should only be able to register one unique email address. Whether mem_self_register also enforces that, I’m unsure, but if it tries to insert a second record with the same name (a.k.a. email address) Txp will complain.

FWIW, since they were released, I’ve tended to use cbe_frontauth or mck_login for user handling.

Last edited by Bloke (2018-01-03 09:26:19)

kirito · 2018-01-03 12:31:04

Bloke wrote #308531:

It takes some trickery, but logging in via email address does work. I’ve done it before.

In core, the name field (login name) has a unique key on it, so you should only be able to register one unique email address. Whether mem_self_register also enforces that, I’m unsure, but if it tries to insert a second record with the same name (a.k.a. email address) Txp will complain.

FWIW, since they were released, I’ve tended to use cbe_frontauth or mck_login for user handling.

You actually can register a valid e-mail address as your username, but with mem_self_register you should compile both the inputs (username and e-mail). I simply want that, if a username is not specified, the e-mail address is used as username, too. Plain and simple :) I think I have to do some work in the plugin code… I’m not that good at PHP, but I’ll try.

I didn’t know mck_login. My implemention with mem_self_register and cbe_frontauth seems good, so I think I’ll stick with it. Maybe next time I’ll take a look at it.

Last edited by kirito (2018-01-03 12:33:31)

Dragondz · 2018-01-03 12:37:28

kirito wrote #308529:

I just tried to login with email address, but doesn’t work. It would be weird, because as email uniquness is not checked when registering user, potentially there could be multiple users with same address.

I will give it a try as soon as I can. Thanks!

Hi, from cbe_front_auth doc there is :

Login method <txp:cbe_frontauth_loginwith />
What to use as login name : username (as textpattern usually does), email, or auto for automatic detection.

For Stef :
in txp 4.5.7 and txp 4.6.2 email uniqeness is not set on txp_users table (checked using phpmyadmin).

Bloke · 2018-01-03 12:38:43

kirito wrote #308534:

I simply want that, if a username is not specified, the e-mail address is used as username, too.

Yes, I had to hack around with the code to get it to do that I think. Or maybe I just went with mem_form or mck_login instead, can’t remember now, sorry. I could dig around and find out if it’s any use to you.

Bloke · 2018-01-03 12:46:58

Dragondz wrote #308535:

in txp 4.5.7 and txp 4.6.2 email uniqeness is not set on txp_users table

Correct, it isn’t. It’s the same in 4.7.0 – we permit multiple account names with the same email address, which is a good thing imo. But the name (login name) is unique, so if kirito was to use the login name with an email address (instead of just a plain string without an ‘@’ symbol) it would only permit one “login” name as an email address across the entire system.

It’s possible to make the actual email address (field) different to the email address used for the login (if someone wanted), and could therefore be the same as someone else’s email. But the login name itself is enforced unique at creation time.

One downside to this approach, btw, is that the login name is tied to the security token and we do not permit login names to be changed. So if someone was to change their real-life email address, they wouldn’t be able (from the interface at least) to alter their Txp login to match. It would have to be done via a MySQL client, which will probably invalidate their session and require logging in again.

kirito · 2018-01-03 13:28:55

Dragondz wrote #308535:

Hi, from cbe_front_auth doc there is :

Login method <txp:cbe_frontauth_loginwith />...

For Stef :
in txp 4.5.7 and txp 4.6.2 email uniqeness is not set on txp_users table (checked using phpmyadmin).

You’re totally right! cbe_frontauth permits login with e-mail address. I could just check uniqueness of e-mail by mem_self_register and someway set username as a random string, a hash of the e-mail or something.

Now I have an idea: if things are arranged in a way that multiple users (guests) with the same e-mail address are not possible (because the registering plugin checks for e-mail address in existing users), I could stay with registering separated username and e-mail and implement the password recovery by just e-mail (in case the guest had forgot username, too). I’ll think about it.

kirito · 2018-01-03 13:57:39

Changing this:

$mem_profile['name'] = $username = $mem_form_values['name'];

whith this:

if (isset($mem_form_values['name']) ? $mem_profile['name'] = $username = $mem_form_values['name'] : $mem_profile['name'] = $username = 'user'.uniqid( rand(), true ) );

and removing the username field from the registration form does the trick of an automatic username. Checking the e-mail uniqueness and setting cbe_authfront to login with e-mail address should work.

Now I have to work on the recovery password part, which must rely on e-mail address only.

EDIT: modified username with totally random generated string.

Last edited by kirito (2018-01-04 08:23:23)

kirito · 2018-01-04 09:01:54

kirito wrote #308542:

Now I have to work on the recovery password part, which must rely on e-mail address only.

Well, so easy! This option is already built in mem_self_register plugin. If you use the option check_name=“0” in the reset form, then username is not checked!

<txp:mem_self_password_reset_form check_name='0' />

Textpattern CMS

Textpattern CMS support forum

#13 2018-01-02 14:15:23

Re: Protect content of a personal blog with guest users

#14 2018-01-02 18:24:19

Re: Protect content of a personal blog with guest users

kirito wrote #308524:

#15 2018-01-03 08:45:47

Re: Protect content of a personal blog with guest users

Dragondz wrote #308525:

#16 2018-01-03 08:48:00

Re: Protect content of a personal blog with guest users

uli wrote #308526:

#17 2018-01-03 09:24:34

Re: Protect content of a personal blog with guest users

kirito wrote #308529:

#18 2018-01-03 12:31:04

Re: Protect content of a personal blog with guest users

Bloke wrote #308531:

#19 2018-01-03 12:37:28

Re: Protect content of a personal blog with guest users

kirito wrote #308529:

#20 2018-01-03 12:38:43

Re: Protect content of a personal blog with guest users

kirito wrote #308534:

#21 2018-01-03 12:46:58

Re: Protect content of a personal blog with guest users

Dragondz wrote #308535:

#22 2018-01-03 13:28:55

Re: Protect content of a personal blog with guest users

Dragondz wrote #308535:

#23 2018-01-03 13:57:39

Re: Protect content of a personal blog with guest users

#24 2018-01-04 09:01:54

Re: Protect content of a personal blog with guest users

kirito wrote #308542:

Board footer