In our usecase, we need to login the user automatically soon after successful registration for enabling, rather forcing the user to:
Change password.
Upload a file.
How to achieve this programmatically, in AccountController's register method?
Ideally, it should be a seamless registration process that ends with the login state in the user dashboard.
Request valuable help / hint / pointers...
Thanks!
The best way to approach this is to take a cue from the password reset controller, which already does this (in this case, it automatically logs the user in after they've selected a new password).
So, add this to the bottom of the register method in AccountController:
// Log out any existing user, and create a new session
if (!$this->_app->user->isGuest()) {
$this->_app->logout(true);
// Restart session
$this->_app->startSession();
}
// Auto-login the user
$this->_app->login($user);
$ms = $this->_app->alerts;
$ms->addMessageTranslated("success", "ACCOUNT_WELCOME", $this->_app->user->export());
You will also need to modify the AJAX callback in register.twig to redirect the user to the home page, instead of the login page:
window.location.replace(site['uri']['public']);
The user will then be automatically redirected to the landing page for their primary group after being logged in.
Related
I worked in Codeigniter . I want to logged out a user from all browser when he change his current password.
I Want to destroy all session of the user.
There are a few ways you can achieve this, one would be having a random string inside the table for sessions, check this key on every http request made by the user, when they change the password you alter the key, and it would not match the users key anymore. When this happens you just manually log them out. One way of implementing this can be by using CodeIgniter hooks.
I'm very new to ion-auth so apologies in advance if this is a dumb question.
I have a feature request from a user (an admin) where they would like to be able to switch into another user's account to see the app from their point of view. The use-case here is that the admin would find the user in question's account in our user admin page in the app, then click a button to effectively 'become' that user.
Any ideas how this would be achieved?
Many thanks
Pete
#Pete,
What you're asking for is what is sometimes called "hijacking" the account.
There isn't currently a feature for that, but essentially what you need to do is:
1) destroy the current session
2) rebuild the session as the user you want to highjack
3) make sure the logged_in session variable is also set.
Passwords are all hashed, but I think it would be pretty straightforward to write a login function for yourself that doesn't go through the password hashing as part of the login steps.
In other words,
1) log out
2) look up the user id's username & password
3) login directly with that password, not a hashed version
Of course, you'll want to be very careful about your security
You need to alter the users_groups table adding a "status" field, in order to set true/false the current user_group.
Then, upgrade the model with a function that makes the following:
Get the current group and sets his status to false.
Get the new group and set his state to true.
Redirect to home page of selected group.
With this change, you can regenerate all the user`s data session and navigate as the selected user.
Can Codeigniter allow multiple users login with the same username ? and also making a refresh page every people who have same username ? for example, having 3 people login with the same username in different places. Person A uploaded file then redirect to the same page and not had an upload button. The button will disappear after Person A used. The question is How can I made Person B and C not see an upload button after Person A used it. Redirect with sending session id then refresh ? Any idea ?
Wow, that's quite a system. If you're implementing the login and using Codeigniter sessions, then: Yes, you can allow multiple users to login. Codeigniter sessions are based on browser/ip/etc - not on username. So, you control the logic of the app and you can determine in your libraries and controllers if you allow multiple logins with the same username.
The other part of your question is also based on the logic of your app. You'll have to keep track of the CI sessions and add the usernames or other identifying information to the session with:
$this->session->set_userdata('username', 'userA');
Then, when userA clicks that upload button, you'll have to save that as well:
$this->session->set_userdata('upload_clicked', 'userA');
Then, for your other users, you'll have to query the ci_session database to see if userA has clicked that upload button to determine if you should show the button to the other users:
$results = $this->db->query("SELECT user_data FROM ci_sessions WHERE user_data LIKE '%upload_clicked%'");
// pseudo-code below:
// this will give you all the records with `upload_clicked` saved in user_data
// then loop through those results and unserialize user_data
// then check if upload_clicked == userA
I am new to mvc3 and I am trying to create a login. I do not want to use the LogOn view. Basically, the user will enter his/her username and password,then I ll check it if the user exists in my database,then if the user exists,he/she will go through next page.I have implemented the searching part of the user in database.Could you help me?
In your LogOn controller action, once you have verified the credentials of the user against your database and emitted the authentication cookie you could simply return a RedirectToAction:
return RedirectToAction("SomeNextAction", "SomeController");
I tried to check each of these, and I still see VM registration/login page..I disabled all cache and I have no login modules in the site. You can see it in action: www.webtasty.com ..try to purchase smth and you will be redirected to login page after clicking checkout... How to remove registration/login page? I want to use just paypal payments, so dont need registration. Thank you
ps. it's tpvmcheckoutlogin module on the page, which displays that login block...
I have latest VM version (and patch)
What is it set to right now? From the looks of the page it is set to normal now. In any case, changing that setting doesn't remove the registration page, it only changes what is displayed. VM will always want you to fill out the registration form so it knows who is placing an order. Here is what the different options mean -
Normal Registration - checkout page displays a login form and a new user registration form. Users are required to pick a username and password. VM creates a user account.
Optional Registration - checkout page displays a login form and a new user registration form. Users have the option of selecting a username and password to create an account. VM only creates a user account if the option is selected
Silent Registration - checkout page displays a login for and a new user registration form. There are no form fields for username or password, VM assigns those to the user and sends them via email. A user account is created with the assigned credentials.
No regisration - checkout page displays registration form only, no username or password fields, no account login form. VM does not create a user account but still requires the form to be filled out for billing/shipping purposes.