I need to notify external script each time somebody logs in to the forums. Where should I call the notification function to handle both user logging in via the login form, AND the one who has just entered forums but has previously logged with "remember me" checked?
michal
You want to look at the function login_box inside of functions.php in the includes directory. Hopefully this helps!
Related
I have a role base Laravel app. I have admin role and trying to block a specific user , then immediately log the user out of app.
so using Auth::logout()
is not the case as it log myself out not the intended user!
Everyone here suggest you to just delete user session, but I think it's a bad advice, because session can have information which you do not want to delete. Deleting a session just to logout a user is like killing a fly with a bazooka.
More elegant solution is to mark user for logout and check if user is marked on every request. If he's marked, just logout him immediately with simple Auth::logout()
You can find code example by clicking the link to my answer to similar question.
Update - The test
Ok, guys, you downvoted me and made me feel like a fool, so I've decided to test things out.
I've switched session driver to a DB.
Then I've made a route with session->put('mes', 'I\'m here!'); and ran it. After that I've ran action with echo session->get('mes');, so I saw the message.
After that I've tried to close browser and open it again. I've logged out with Auth::logout(); and then logged in. I still saw the message. Session was kept.
Now, when I've deleted session manually with #Ben Swinburne method, the message was gone. Whole session was destroyed.
So, I guess it proves my answer is correct.
Also, look at this answer by lukasgeiter.
I have a problem here. I want to show a message to the customer after his/her session is out. Let me explain in detail. I have a case, at first the customer is logged in when the customer clicks the "My Account" he/she is redirected to customer login page.Here i want to show the message that "your session is out please log in again".
One method i tried is to check the customer session in indexAction() in AcountController.php but this redirection is not taking place from this indexAction().
I am guessing that this redirection is taking somewhere from the block because "My Account" link is added through the xml file using "addLink" method.But i couldn't figure it out.
Has anyone faced such problem and has solved it. Can anyone provide me with some insights so i can fix it.
One possible solution may be that you can add a script in header.phtml file. In that script you need to check if customer session is set or check customer is logged in or not. On the basis of that on click of 'MY ACCOUNT' button script will check if the customer session is set or not if customer session is not set then show popup message whatever you want to show. This may be a good option.
THANKS
I have a website where the user can check a checkbox: Remember me. By checking this checkbox it will ensure that the session cookie will have an expire time of 2 weeks.
If the same user next day goes to the site he must automatically be logged in.
I can do this by putting in the constructor of the main controller an isset(session->userdata['username']), and if its set then that user will be logged in.
But my question is, will this be secure? Can't another person just make a custom cookie with a username(which he knows) and it will automatically logs him in?
I hope to get some input from you guys:) thank you.
There is no quick and easy answer. Take a look at these links which covers a lot regarding login best practices (including "remember me" option):
What is the best way to implement "remember me" for a website?
http://jaspan.com/improved_persistent_login_cookie_best_practice
http://fishbowl.pastiche.org/2004/01/19/persistent_login_cookie_best_practice/
The definitive guide to form-based website authentication
Customer want to restrict duplicate login for the App, once user login from another phone, the session of previous phone should be invalidated.
but I can't find the API for worklight to do this, besides using push, another suggestions? thank you very much.
Worklight indeed does not provide any API for this type of scenario.
Here is what I am thinking as an example of what can be done:
Device #1 is an Asus, device #2 is an LG
As the user log-ins, you will store the device information in the Worklight database (using WL.Client.setUserPref)
When the user will try to log-in again from another device, you could pull the existing pref (using WL.Client.getUserPref) and compare the device types
If they are not the same, logout current userId and re-login
(Consult the user documentation for additional API methods around userpref)
This could be a way to ensure the user is logged only from one device.
You could also use the userId associated with the deviceId and update upon every login if (currentDeviceId != latestDeviceId) logout(); and so on...
Here I have posted a implementation mechanism which strikes in my mind.
Its still a suggestion.
Whenever a user tries to login an entry can be made in backend[DB/Webserice] which tells about the user/device information.
If the user info is existing already then you can prompt a dialog box to the user The account has been logged in already, if you continue to login the previous session would be logged out trigger a push notification to the previously logged in user device, if user continues.
Now a notification will be reached to previously logged in device. Here you can implement the logic to execute the WL.Client.logout(realm, options).
It would be great if someone post answer better than what I did.
And also let me know if my suggestion was helpful or not.
We are having some trouble with a website we recently developed for a client of ours. He is a DJ. For his page, we added a tab that contains a calendar where he can post his events.
Using the admin login, I can successfully post events. However, the client (the DJ) cannot. When I tried using his login, I could not enter events either. Even stranger, I gave the client the admin login (which I used successfully) and he still couldn't post events! I even walked him through it, and he followed the same instructions, but no luck.
We can't figure this out. Here is the site in case it helps to review it.
Make the DJ's account a "super user" OR if you are using Joomla 2.5 or 3.0 you can change the permissions to give his user type access to the calendar.
Good luck!