ryancramerdesign / loginregister Goto Github PK

The ForgotPassword module needs updating because right now if you use this module with the email login option users won't even know their username, so they can't actually use the forgot password functionality.

It would be so good if it could be an option för admins to get a notification as soon as someone conferms their registation. Could this be added?
Thanks for a great plugin.

When you fill the registration form in one browser and then you click the confirmation link send via email in another browser, the registration fails: Unable to complete confirmation, please re-register and try again. I know the reason for that, I guess registration data would have be saved to DB instead...

Please see:
https://processwire.com/talk/topic/20733-e-mail-issues-with-loginregisterprofile-module/?tab=comments#comment-179661

Line 677
Please change
$mail = new WireMail();
to
$mail = wireMail();
to make use of WireMailSmtp

The brand new 2FA login can be bypassed using this, I found out.
Also I would like the idea an option to exclude roles from the frontend login (like forgot password)

We need a friendly error message rather than an internal server error if the user enters the wrong password a couple of time and the throttle kicks in.

Hello,
first of all, thank you for this great module. I would like to mention one issue I met when I used this module in my new project. I have a registration page link for users in my website, and when apply for registration, it will redirect to the page where the user has to put the activation / verification link which is sent to the registered email.

Now the problem is, the time delay to get this link in email. It took almost 20 minutes to reach this link in the registration email. I checked with both yahoomail and gmail. I guess, in a business point of view, customers wont wait for that long time.

So is there any way to speed up this email time delay ? any configuration settings ?

thank you

This happens when it attempts to find a user by email address, but the password is incorrect so the user isn't logged in and $user is not defined.

This should fix things:

if($user) $name = $user->name;

Hey, I've figured out an error:

I'm using the option "Use email address for login rather than user name". When a registered user tries to login and types in the wrong password I get an PHP notice:

Notice: Trying to get property of non-object in /mnt/***/site/modules/LoginRegister/LoginRegister.module on line 394

This behavior is reproducible on two sites of mine

https://processwire.com/talk/topic/20733-e-mail-issues-with-loginregisterprofile-module/?tab=comments#comment-179677

As @BitPoet pointed out, please insert
$mail->set("newline", "\n"); in line 678 to prevent problems with some Mailserver or -clients

I know this limitation is by design but it would be nice if it could be removed.
I'm using the Front End Lightbox module for allowing my front end users to edit their ads on the site.
That requires the page edit permission.
It's rather easy to remove the limitation from the module's code but it's a hack.
Do you think it would be beneficial for other users too?

After registering and before confirming a new account, the data is currently stored in the session. When registering, the name is checked against a list of forbidden words and existing users but not against accounts still pending confirmation. This might lead to situations where two prospective users try to register identically named accounts and one of them "wins" out of sequence.

A solution would be to store registration info in the database (like suggested in #2), or to make allowName hookable (a bit tricky since it has a pass-by-reference parameter, which would violate the style guide) and move storing and retrieving settings as well as the confirmation check into their own hookable methods to allow a third party module (thinking LoginRegisterDB) to replace them.

It would be good if you could have the ability to upload an image. I want to be able to let people have avatars, however, currently I'm going to have to look at custom building something so I can allow this.

Trying to add the image field to the front-end seems to break.

The module allows configuration to login using email instead of username however when a user tries to reset their password, the reset form asks for username. If the user enters their email address no reset email is sent. In my case, user accounts were set up by me so users do not know their username, they have no need to know it since they log in with email so none can do a reset.

After hooking a checkbox field render (to conform to a bootstrap v4.3x checkbox component), I was wondering why it was working for the Register form but not the Profile form.

I then noticed the difference between them in their respective build*Form methods:

$inputfield->attr('name', 'profile_' . $inputfield->attr('name'));
vs
$inputfield->attr('id+name', 'register_' . $inputfield->attr('name'));

Kindly add the id+ in the Profile buildProfileForm. I'm sure it was just an unintended omission.

Thanks much.

Hi,

Great module, just been experimenting with extending it for my own purposes...

Should line 489, the "register" link, not be using "$page->url" instead of "./"?

Cheers,

Chris

If the logged in user can change the e-mail address in his profile, this new e-mail address should be validated by a new confirmation code sent to this new e-mail address for security reason.

Hi, Ryan !

I was playing with this module on the demo site and got this error. I admit that I abused the login form (resubmiting, going back, login/logout in multiple tabs) and I'm familiar with this error, but frontend users would be confused ...

Error: Exception: This request was aborted because it appears to be forged. (in /home/www/demopro/regular/wire/core/SessionCSRF.php line 190)

#0 /home/www/demopro/regular/site/modules/LoginRegister/LoginRegister.module(594): ProcessWire\SessionCSRF->validate()
#1 /home/www/demopro/regular/wire/core/Wire.php(383): ProcessWire\LoginRegister->___processRegisterForm(Object(ProcessWire\InputfieldForm))
#2 /home/www/demopro/regular/wire/core/WireHooks.php(698): ProcessWire\Wire->_callMethod('___processRegis...', Array)
#3 /home/www/demopro/regular/wire/core/Wire.php(442): ProcessWire\WireHooks->runHooks(Object(ProcessWire\LoginRegister), 'processRegister...', Array)
#4 /home/www/demopro/regular/site/modules/LoginRegister/LoginRegister.module(295): ProcessWire\Wire->__call('processRegister...', Array)
#5 /home/www/demopro/regular/wire/core/Wire.php(380): ProcessWire\LoginRegister->___execute()
#6 /home/www/demopro/regular/wire/core/WireHooks.php(698): ProcessWire\Wire->_callMethod('___execute', Array)
#7 /home/www/demopro

This error message was shown because: site is in debug mode. ($config->debug = true; => /site/config.php). Error has been logged.

No matter what I do I always get "Unable to complete confirmation, please re-register and try again" both with copying and pasting or clicking the link.

I'm using email to login.

Please do not forget about this module it's really important for Processwire developers. And yes, we need file/image upload feature still to forget about other content management systems completely.

As per this discussion (https://processwire.com/talk/topic/19166-loginregister-how-to-make-user-name-field-editable) it doesn't seem possible to display the PW 'Name' field in the edit/sign up forms.

LoginRegister sends the confirmation email with no explicit "from" address, meaning WireMail falls back to the $config->adminEmail address when one is defined.

But the adminEmail address is for receiving error notices, so it is usually the address of the developer - this is not the address that confirmation emails should be coming from. Could you please add a config field for the module to define the default address, like what is available in the Forgot Password module? Thanks.

I don't think WireMail should be falling back to $config->adminEmail at all, for the same reason: it's usually not the developer who should be perceived as the sender of emails, but should be some generic address associated with the website domain. So I'll open a feature request separately to have a configurable default "from" address for WireMail also.

If you want to support a “forgot password” feature, install the core ProcessForgotPassword module. Once installed, this module will provide the behavior by way of that module.

I do not see any Password Recovery link underneath the frontend login form.
Or is there a misunderstanding of how that works?

PW | 3.0.124
LoginRegister | 0.0.2
password forgotten | 1.0.3