User - Authentication


Setting up your first user

To enable authentication on your site, add the user plugin and enable it in site/index.php.

If you visit http://example.com/admin/ afterwards and your site is in debug_mode, then you will be directed to the user admin page where you can create your first user. Make sure to set the user’s permissions to admin so that you will have rights to all sections of the site.

Warning! If you have not created any users and the site is not in debug_mode then you will be shown a system error. In this case you can set the site to debug_mode temporarily or you can create a user directly in the database. If you choose the later version it is recommended to then log in and create a user normally through the UI and delete your temporary user.

Password protecting a controller

The default password protection implementation will check if a valid user session exists. If it does not exist, it will direct users to the login screen (see customizing the login screen below). If a valid user session does exist, it will set {{user}} to the current User object.

Here’s how to turn this on (once you’ve enabled the user plugin – see above):

Password protecting an entire site

The best pratice for password protecting an entire site is to create password protection implementation in the default controller’s __load() method and in any other controllers you simply need to call this method using controller loading in its own __load method:

Customizing the login screen

Todo: add docs here!

Add a log out button

Calling the action /user/logout/ will destory the user session and unset {{user}}. If you redirect to it you will be redirected to the site homepage after it runs. If you call it via ajax ‘status: ok’ will be returned.

A standard implementation would be:

<a onclick="if(confirm('Are you sure you want to log out?')) ofw.ajax.get('user/logout/', '/')">Logout</a>

Enable password reset feature

To start a password reset you need to send a POST with the parameter email to http://example.com/user/password/reset/start.

Users are sent a password reset link via email from the template /plugins/user/view/email/user/password_reset_email.html.

The link displays the template /plugins/user/view/user/password_reset_go.html where the user can fill out the new password.

Both password_reset_email.html and password_reset_go.html can be customized by copying the files to your local project scope and modifying the design as needed.

Login with Facebook

To enable Facebook login on your site, add the facebook plugin and enable it in site/index.php.

Next, simply create a new Facebook app with your final domain name in the app settings. Add the ‘Website’ platform and fill out the urls for your website.

Finally, copy /plugins/user/conf/user.facebook.conf.ini to your local project folder /plugins/_project/conf/user.facebook.conf.ini. Open up the file and add the app id and secret for the Facebook app you just created.

If you prefer, you can also modify the other settings here, but be sure that any url you use should NOT have a preceding slash – this can cause problems for Facebook url authentication.

Outlast Web & Mobile Development (c) 2019 | Privacy Policy |