Hello i want to make a site that will have a registration page a log-in page. After logging-in users will be able to fill a form and save it in their account.
I want as an administrator to control users so after their registration will be able to log-in after i approve them. and to be able to pause their log-in after a certain amount of time(in months).
What is the best way to do that?
Is it any good using a wordpress plug in for that and what plug-in will be that.
I know some PHP and SQL but don't have too much experience to building it fro scratch.
I would suggest this article Simple and Secure PHP Login Script since it has a very good security review here Security Review: Creating a Secure PHP Login Script. Assuming that you have read the articles you can add a Boolean verified field to the authentication table set 0 by default. Then from the admin panel you can revise all non-verified users.
I'm not 100% sure if I understand your goal completely, but it sounds like the WordPress Membership Plugin may be able to help you out.
Related
Hi I want to create a wordpress connect for our codeigniter site , and connect our own wordpress site.I was create a login page and done all wordpress authentication successfully.But I need
`If I am already logged into Wordpress and then go to the codeigniter site , I should see the "Welcome Admin" in the upper right to indicate that I am logged in`.
But I cant take the authentication details from wordpress site.is it possible to get login details from wordpress ?Any one please help me
What you are looking for is a Single Sign On solution. Signing into either of the sites will allow you to be signed into the other.
To accomplish this, you might have to re-organize how people log in. You have 2 options:
1) The more secure way would be to have ONE source for logins. Then, implement an oAuth type solution so that if a person visits the other source and tries to login, they are redirected to the main source...login...and then they are sent back to where they originally tried to login. I've done this a couple times with the oAuth plugin for wordpress and writing custom code in my other site (which was CakePHP...but it shouldn't matter).
2) Another way would be to write a custom plugin that when a person logs in with codeigniter, they are manually logged in in the background to wordpress. Not nearly as secure...but if your site doesn't have a need for decent security it might be an option. Here your issue is that you won't know the WP password in order to do proper authentication.
I have a wordpress site, and a iphone app for the same.Both have a common database with different user tables.
1> mysite.com >> wp_user
2> iPhone app >> app_user
what i want that, i want to make able app user login to the WordPress site. means
1> site user can only able to login into site
2> app user can login into site + iPhone app
how can i make app user able to login into site.
i have tried by debugging WP-login script, but can't find correct way
i need help from you guys.
thanks.
The required functionality looks a bit tricky, there might be more methods possible but the one I will recommend is:
Create a custom login form in wordpress site
Retrieve the username and password and first check if they exists on your site or not. If they do exist then simply login (these are site users) wp_signon method can be used here.
If they are not wordpress users then check if they are mobile app user by using MySQL and looking into the mobile app table, if they do exists then retrieve their information and register them into WordPress site wp_create_user can be used for it, you can add custom meta data so that you know these are app users. After registering, create login session using wp_signon.
I will recommend you to build a plugin for this task in wordpress.
Happy coding !
You could use extend the WordPress XML-RPC API to authenticate your iphone user to wordpress. Detailed explanation and basic working code can be found at Extending the WordPress XML-RPC API (http://www.skyverge.com/blog/extending-the-wordpress-xml-rpc-api/).
I would recommend a custom login plugin to accomplish this.
You can use wp-rename login plugin as a start up point for this.
In this plugin the WP credentials validation part is handled In the file rwl-login.php at line 449.
Similarly you have to add code to validate the mobile credentials as well in this switch case.
If you have built your code adhering to WP mobile app standards you can just include login validation file as it is done for WP regular validation in line 450
if not do your own validation and redirect properly in that case You may also have your native app register the handler of that custom url so that it can catch and handle the redirect appropriately
Make 2 user groups namely:
Site User
App User
When the user tries to login, check the user group it belongs to and accordingly provide the access or display an error message.
For making changes to the login system user the filter hook "authenticate" or even better use wp_authenticate
Thinking out loud - first a confirmation of the core problem:
You need a user to be able to log into the iOS app and grant access to the WP site.
Current consideration : On the iOS app and wordpress create a hash of user ID + password + salt (or something of that ilk). Use that hash, sent via the iOS app to WP, to confirm a user.
Yes, there are security issues regarding this info going over the air, just as your username and PW would go over the air.
With a matching hash (use a look up table in WP, super easy), there are methods in WP to force a user log-in (done that, could dig out code helpers from my archives).
Issue : Need to hook PW change to hash generation / update. There are user change hooks in WP, very solvable.
Good to know : Almost every aspect of user management, including permission and groups, are available via the WP API/framework. It is possible (although not easy) to put a change PW on the iOS app that will update WP and much more.
Hope I helped you along, the messages are a little confusing.
I am trying to create user accounts for my website(To store preferences and data) and I am wondering if anyone could help me with two things.
First, I have looked around a lot, but cannot seem to find any good resources on creating user accounts for a website(all of the web results seem to be about user accounts on a computer or server), so if anyone could suggest a good resource to learn about creating user accounts, that would be great.
Second, what is the best way to remember if a user is logged in? Right now, I have a database that stores users with their emails, passwords and other data. I am wondering how I can check on each page to see who the user is(after they have logged in). Would I use a cookie for this?
If so, how would that work? Would the cookie store their username and password? That does not seem very secure but it is the only way I can think of at the moment.
I bet you could find some resources for developing a user membership system.
Basically you can use sessions and cookies.
You're right that cookies are not very secure for storing usernames and passwords, but you can store only one cookie with the user ID.
Resources
User membership with PHP | Nettuts+
MySQL & PHP User accounts | Pete's web design blog
A google search of PHP User Management Scripts brings out these following results:
Free PHP User Management Script: LOG.ME.IN
Repox/Simple Users
Many at PHP.ResourseIndex.com
Although you may need to customize each and every one according to your requirements.
For sure you need to see $_SESSION and $_COOKIE.
how is it possible to make something like this:
Admin Creates accounts with specific username and password
then from the website the user logs in to his account and views personal account data the admin uploaded to his account.
For instance there is a client who has bought something.Then he logs in to his site account and views what he bought last week (in fact browsing specific server data)
How can that be done?With a simple script?A cms or what?
Thanks for any help!
The best answer is in google :)
Really try to search a little in google something like "user management with php" and probably you can find a huge quantity of answer.
Btw i think that to do a basic user management with php you need:
Design a database that handle user and if needed basket, and whatever you want (news, etc.).
Then the basic information you need in your database for usera management are:
Username, email, password (be sure that the password is crypted for example with md5) and the user role (admin, editor, etc).
You need to specify the user roles (i think you can use a table for it, or a file, it is only up to you to decide how roles are handled).
For track purchase of the user you must create a relation between purchases and user_id So for example you can have a table called orders where you have minimum these files item_id order_id user_id so the user can have in its dashboard a complete tracking of its history.
Then how to manage user sessions? You can use COOKIEs so if the user login succesfully you set a cookie into user browser, and then check if the cookie exist you show for example some information, if the cookie doesn't exist you show other informations.
These are the basic steps to manage users (probably many information are missing). But this is good if you want to learn something, but if you want something strong and probably more secure you can think to use a CMS and maybe only create some customization of it if needed.
You could do it with script, or cms. I think script is more suitable than cms - which would be overkill, and you would have to spend more time trying to get the cms out of the way than actually doing what you want.
The best option in my mind however is a framework. Seeing as how you have tagged your question php, I am going to recommend CakePHP. This will allow you to solve your problem quickly, by making a simple app based on user accounts, and also to be able to leverage existing codebase (including plugins like ACL for example). This approach will allow you to maintain structure, and develop/maintain your app more easily in the future.
I have my website and it's form is like this:
Information
More information
Yet more information
I want to allow users to register a username and a password so that they can log in and leave comments on the items 1, 2, 3 etc. Each item of information is stored in a mysql table, so to generate the page, each item 1, 2, 3 etc is a row/record from the table.
I am looking for a guide/resources on how to accomplish user registration and commenting on my items.
You will find a good tutorial that takes you through the steps to create a login for your website with PHP here.
After you get the login to work you can modify it to suit your particular circumstances.
Most likely you will have to create a table with userid and itemid to store which user has access to which item.
User registration is fairly straight forward. Create a form that asks for information about the user that you desire, probably protect it with some sort of captcha (I'd recommend recaptcha). A lot of registration includes some sort of email verification, but I find that annoying.
As to commenting, I'd create the idea of a permission. Anyone not logged in has the "guest" permission, which doesn't allow commenting, and logged in users have the "user" permission and therefore can comment on content.
net.tutsplus has been doing a series of videos on how you can use the CodeIgniter PHP framework to accomplish many different things on a website such as a login screen. I think after you watch this video you have a better understanding of what you will need to implement your security requirements and also see an example of the MVC pattern that is very common nowadays.
Good luck and hope this helps you.