rainlab / user-plugin Goto Github PK
View Code? Open in Web Editor NEWFront-end user management.
License: Other
Front-end user management.
License: Other
Thanks to the sharp eye of user alxy on IRC it has become apparent that the password verification is bypassed by User plugin:
See here:
https://github.com/rainlab/user-plugin/blob/master/components/Account.php#L121
i tried this code for a logout link : Sign out
but it's creating a clickable link, it's just text that says, "Sign out"...
i tried : Sign out
this makes the link clickable, but it's not ending the session. any suggestions?
This is probably just my own lack of indepth knowledge of the inner workings of laravel, and maybe this is more of an issue in octobercms then this plugin....But I need to be able to override part of the authentication process provided by this user plugin.
Basically I have imported a bunch of users from a wordpress database and the passwords are stored in the same format that wordpress hashes them in. After digging thru the wordpress code, I found the custom password hasher that they use. So i see no issue importing that class into my october plugin.
But I am struggling to figure out how i can override the authentication routine to say that if the password fails try again using the wordpress hasher, if that succeeds update the password to the hash that laravel uses and proceed to authenticate.
After digging around I have found how users are authenticated in October\Rain\Auth\Manager. Im just not clear on how to inject some of my own logic into that process.
Thanks
Hello!
I have set up a partial with the account components (account/session) placed on a page. The account component is configurated to redirect to a protected page. But after I enter the correct username and password the user input is placed in the url (like this, sign-in?login="username"&password="password in uncrypted format(!)"
) and nothing more (no redirect or anything).
How can I fix this?
As i am new to octobercms. How can i override the sign and register form of the plugin without changing the source. Since the source may change with new update.
I got this error when clicked forgot link (http://example.com/amnesia):
An exception has been thrown during the rendering of a template ("The partial 'resetPassword::default' is not found.").
This is my account management:
title = "Account"
url = "/account/:code?"
layout = "default"
[account]
redirect = "account/dashboard"
paramCode = "code"
==
{% component 'account' %}
<a href="{{ 'amnesia'|page }}">Forgotten your password?</a>
And my page for forgotten password:
title = "Forgotten your password?"
url = "/amnesia/:code?"
layout = "default"
[resetPassword]
paramCode = "code"
==
{% component 'resetPassword' %}
==
{% component 'account' %}
<a href="{{ 'amnesia'|page }}">Forgotten your password?</a>
Have I missed something? Thanks.
Hi,
I'd like to add China's states to seed_all_tables.php, can I use Chinese to add China's states? and can I use Chinese to modify China to ** in country list?
I would like to suggest adding a feature to hook into the core admin user system, so that a user, as provided by this plugin, can also be an admin user, so it is not necessary to define separate user accounts for the front-end and back-end of the site.
Nice work on this system!
https://github.com/rainlab/user-plugin/blob/master/models/User.php#L12
The table name should be rainlab_user_users - convention is convention :P
Hi,
I get an error on the User Settings page:
The partial 'C:\wamp\www\lab\modules\backend\widgets/form/partials/_field_hint.htm' is not found.
Hi. A suggestion if the Settings is set to 'User Activation Mode'.
If a User changes his email address, which is used for signing in. His account should be de-activated and a new Activation email be sent to this new email address.
Thanks
Account Component needs to include a simple footer partial:
{% if user %}
<a href="">Login</a>
{% else %}
<p>Currently Logged in as: UserName - <a href="">logout</a></p>
{% endif %}
It's not very forward thinking to have a name
column over first_name, last_name
with a dynamically generated name
column. A lot of sites like having a Hello, first! message in the header. I can see it becoming a common complaint from clients.
Hello,
It would be nice to have a sign in event or something that would then let you change the redirect url or do stuff on signin before you call the Redirect::intended
so plugins could perhaps redirect to a different area depending on things or what not.
If the user has been removed, the avatar is not deleted from the table system_files.
So, I have an activation mode set to user and while I'm able to send activation email to yandex email, I'm unable to do the same for the gmail one. As it says in backend section, mail is successfully sent, though It doesn't appear in my inbox. I'm using a php mail method. Any help would be appreciated.
Translate the forms without translate plugin.
I failed to log in a few times with the account component and got the following SQL error when attempting to log in again:
SQLSTATE[42S22]: Column not found: 1054 Unknown column 'is_suspended' in 'field list' (SQL: update
user_throttle
setattempts
= 5,last_attempt_at
= 2014-06-26 09:14:00,suspended_at
= 2014-06-26 09:14:00,is_suspended
= 1 whereid
= 1)
I'm on version 1.0.4.
Hi,
Can you add some setting.
The setting is about the expiry of the user.
If the user is logined and the browser is close and open again the browser, the user is still logined.
I want to have that if user is logined and if the browser is closed the cookie must also expired.
We can do this via editing the session.php config in core.
But how to change it without changing the core.
A have a problem, after making system upgrade to the latest october version build 250, the variable path not return the correct path for the avatar image:
the array content return:
{"id":"112","disk_name":"553f63dd8fbed291660246.png","file_name":"f1.png","file_size":"1166992","content_type":"image\/png","title":null,"description":null,"field":"avatar","sort_order":"112","created_at":"2015-04-28 10:41:33","updated_at":"2015-04-28 10:41:38","path":"\/storage\/app\/uploads\/public\/553\/f63\/dd8\/553f63dd8fbed291660246.png","extension":"png"}
The variable path print: -1
$ php artisan tinker
Full REPL not supported. Falling back to simple shell.
$user = RainLab\User\Models\User::find(1);
$user->save();
The password must be between 2 - 32 characters.
The validation is obviously testing against the hashed password which is more like 60 chars in length.
See issue #5
Related to this topic I found a possible bug at backend of User plugin. As I explain on the referenced post
I created one account from the backend. The account is enabled since I check the database and
is_activated is set to 1 and also I enabled from backend (BTW: in users administration I have not seen it anywhere something about if the user is active or > not, would be good to add a column showing such
information as reference for administrators). Then, having this information I
made the following tests:Tried to login using email/password: no success with error "A user was not found with the given
credentials." on line 185 of /var/www/html/alomicuba/vendor/october/rain/src/Auth/Manager.php" (also
will be nice if we can customize this message since that for common users is ugly)Change the field type from email to text to allow non email strings at login form and tried to login using > username/password: no success with error "Not a valid email"
Finally and thanks to +Flynsarmy I found where the problem is:
At backend User create form, the login field is set to "text" type so any administrator can misunderstood this and write a single "username" as I did for example in my case I wrote reynierpm
as username, then any time I tried to login from frontend I have the issues mentioned above due to reynierpm
is not a valid email, so I think will be good to set that field to email
to force enter an email address instead of any other string, maybe I wrong if so then apologies
Hello,
I am wondering if there is a way to ignore the backend users with the auth check? Like I have a bunch of redirects on certain pages depending on if the user is logged in or not. But I don't want them to proc if your a backend user (so they can see the pages, or edit them or what not).
Any thoughts on how to do this? Auth::check()
seems to be how it is done but I don't see any way to determine if they are backend or not.
Hi,
Would it be possible to login with social networks such as Twitter, Facebook, Google, Yahoo and more in the next release ?
Thx,
Is it possible to login with a request like "https://website.com/october/login?user=toto&password=toto1234" ? or through a JSON request ? I'm building a basic android app in whitch I want my user to be able to register the credential in "settings" and then use them to login automaticaly.
This option would be useful in many cases. If you find the idea necessary then I develop it.
If you set a page restriction on a page to users
then set the redirect to maybe /error.htm
or error
, if you are logged into the CMS this works fine, but as soon as you log out of the CMS and navigate to the same page, it instead redirects you to the login page of the CMS?
How would I ceck in my custom Plugin if a user is logged in and get the id of that user?
Add Locations manager to User plugin.
Users and Locations are coupled, so they should be together.
hi, i found a bug on User tab if you have already installed User and Forum Plugin and you click on "Forum username" tab, you have this exception :
SQLSTATE[42S22]: Column not found: 1054 Unknown column '@username' in 'order clause' (SQL: select users
.*, (select rainlab_forum_members.username from rainlab_forum_members
where rainlab_forum_members
.user_id
= users
.id
) as forum_member_username
from users
order by @username
desc limit 20 offset 0)
Thank you in advance for solving this problem :)
Cordially, Jackblue
Hi guys there is a strange error i get if i try to delete users in the backend?
Error message:
{"#Lists":"<div class=\"control-list\" data-control=\"listwidget\">\n <table class=\"table data\" data-control=\"rowlink\">\n <thead>\n <tr>\n <th class=\"list-checkbox\">\n <div class=\"checkbox custom-checkbox nolabel\">\n <input type=\"checkbox\" id=\"Lists-checkboxAll\" \/>\n <label for=\"Lists-checkboxAll\"><\/label>\n <\/div>\n <\/th>\n \n \n <th\n class=\"sort-desc active list-cell-name-name\"\n >\n <a\n href=\"javascript:;\"\n data-request=\"list::onSort\"\n data-stripe-load-indicator\n data-request-data=\"sortColumn: 'name', page: 1\">\n Name <\/a>\n <\/th>\n <th\n class=\"sort-desc list-cell-name-email\"\n >\n <a\n href=\"javascript:;\"\n data-request=\"list::onSort\"\n data-stripe-load-indicator\n data-request-data=\"sortColumn: 'email', page: 1\">\n Email <\/a>\n <\/th>\n <th\n class=\"sort-desc list-cell-name-created_at\"\n >\n <a\n href=\"javascript:;\"\n data-request=\"list::onSort\"\n data-stripe-load-indicator\n data-request-data=\"sortColumn: 'created_at', page: 1\">\n Registered <\/a>\n <\/th>\n \n <th class=\"list-setup\">\n <a href=\"javascript:;\"\n title=\"List setup\"\n data-control=\"popup\"\n data-handler=\"list::onLoadSetup\"><\/a>\n <\/th>\n <\/tr>\n <\/thead>\n <tbody>\n <tr class=\"list-tree-level-0 \">\n <td class=\"list-checkbox nolink\">\n <div class=\"checkbox custom-checkbox nolabel\">\n <input\n type=\"checkbox\"\n name=\"checked[]\"\n id=\"Lists-checkbox-1\"\n value=\"1\" \/>\n <label for=\"Lists-checkbox-1\">Check<\/label>\n <\/div>\n<\/td> \n \n <td data-title=\"Name\" class=\"list-cell-index-1 list-cell-name-name list-cell-type-text \">\n <a href=\"http:\/\/snippetbox.raphaelschrempf.at\/backend\/rainlab\/user\/users\/update\/1\">\n sepp <\/a>\n <\/td>\n <td data-title=\"Email\" class=\"list-cell-index-2 list-cell-name-email list-cell-type-text \">\n [email protected] <\/td>\n <td data-title=\"Registered\" class=\"list-cell-index-3 list-cell-name-created_at list-cell-type-text \">\n 2015-03-29 11:52:28 <\/td>\n \n <td class=\"list-setup\"> <\/td>\n <\/tr>\n\n <\/tbody>\n <tfoot>\n <tr>\n <td colspan=\"5\" class=\"list-pagination nolink\">\n <div class=\"loading-indicator-container size-small pull-right\">\n <div class=\"control-pagination\">\n <span class=\"page-iteration\">\n Displayed records: 1-1 of 1 <\/span>\n <\/div>\n<\/div> <\/td>\n <\/tr>\n <\/tfoot>\n <\/table>\n<\/div>\n","#layout-flash-messages":" <p data-control=\"flash-message\" class=\"flash-message error\" data-interval=\"5\">There are no selected users to delete.<\/p>\n","X_OCTOBER_ASSETS":{"js":["http:\/\/snippetbox.raphaelschrempf.at\/modules\/backend\/widgets\/lists\/assets\/js\/october.list.js?v225"],"css":[],"rss":[]}}
Any suggestion what to do?
thanks
When User Settings -> Login attribute is set to Username, the Password recovery form fails to locate user when they enter their email.
Hi guys, I'm quite new in Octobercms and starting a new project using the user plugin, after enabling the 'account' component in my page, I can see that it shows both sign in and registration form, is there a way for me to show them separately? like I want to show the registration form in homepage, then show sign in form in a different page.
I've set the 'Activation mode' in the backend to 'user' but there is no message on the page after registration and the account activation email is sent with no activation code in the link:
Hello Richard Hoek,
We need to verify that this is your email address.
Please click the link below to confirm your account:
https://richardhoek.nl/account
Have I missed something?
Thanks for all your hard work!
Richard
protected $fillable = [
'name',
'surname',
'login',
'email',
'password',
'password_confirmation',
'company',
'phone',
'street_addr',
'city',
'zip',
'country',
'state'
];
I think it happens because there is no 'username' in the $fillable.
The same issue occurs in onUpdate method.
Adding 'username' to $fillable fixes the issue.
Sorry for my bad english :(
hi,
trying to edit the account components to add fields, but i cannot track the code back far enough, i have found onupdate(), but then i just hit a wall. do you have documentation that details things like this?
thanks!
I'm trying to put my login/signup forms within a modal, and thus the account component is attached to my main layout to make it available on all pages. This causes issues with the way activations work, since it assumes the activation url is whatever url the registration happened on. This means the email link generated is always wrong. If the activation url was a parameter of the Account component, I could create a separate page for activation and point the component to that.
Alternatively, activation could be broken out into it's own component since the Account component already performs quite a few functions.
the component gives me internal server error when the property ' redirect' is not set ( -none- ) , perhaps it could be redirected to the current page.
The error only appears when I am on a static page ' ( from you)
Thanks
I get through to the overridden partial i created, but in IE it seems to submit the request and redirect to my homepage. but doesn't start the session.
i have created a page account.htm and added content as below
title = "Account"
url = "/account/:code?" [account]
redirect = "home"
{% component 'account'
But when click on Sign in Button, form data passing through url (GET Method) and session is not creating. Also I couldn't register a user
Please help me
HI i'm sorry for my stupid answer but I can't solve an easy problem. After installing the plugin I created a new user and I had activated manually from backend.
When I use the form for SignIn the session doesn't start. Indeed registration form doesn't write in DB.
I'm sure that's my fault.
Can U help me?
It is possible to realize the pictures?
To be able to add the backend through a few pictures and then put them in the user profile?
Sincerely BatFormat.
Hi there, i tried to update the site just and it came up with a message that the beta version has ended and we need to upgrade the RC version? it also says that the plugins may not yet be compatable, could you advise if yours is please before i upgrade.
Many Thanks
Ian
Hello,
This may not be the opinion of everyone. But I don't think it makes sense to automatically create a bunch of extra columns if they are not used all the time.
I think only the main columns.
Should be created, and maybe not even the first name/last name columns.
The extra columns should be part of something else to adds all the "extra" stuff.
Thoughts?
Hi,
User groups exists in the core code of october (October\Rain\Database\Model), but are never used because tables does not exists in my database...
Why ?
Hi,
i would like to translate flash messages, but actually i can't find the solution.
I tried this code but it doesn't work:
function onSave()
{
// Sets a successful message
Flash::success('Settings successfully saved!');
// Sets an error message
Flash::error('Error saving settings');
// Sets a warning message
Flash::warning('There was a problem but no worries');
// Sets an informative message
Flash::info('Just a heads up about the settings');
}
Even if i change onSve for onUpdate..
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.