Welcome, Guest
Username: Password: Remember me

TOPIC: User login with username/password: development questions

User login with username/password: development questions 2 years 3 months ago #93669

  • ivanleng
  • ivanleng's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 4
  • Karma: 0
I need to implement the way for users to log in using username/password.

Users should be able to register for the system, then use their credentials when they want to participate in any of the surveys available.

I understand that to achieve this I will have to make some modifications to the engine. It's not ideal, but we want to have a database of users and give them the ability to complete a number of surveys.

Tokens should still be used for tracking survey progress for individual users.

Users will be identified by their email address. A User wants to participate in a survey. They first presented with a login screen. A user then fills in their email address and password, click 'Login' and a token is automatically created for this user to use in a survey. (Remove a step with sending an invitation email)

So I have some development related questions:

Presume that i have created another database table to hold user details. If I have an external page to login, I can check if a user exists in that database table, but what is the best way to store the state of a user thats logged in?

Is it better to create a session variable during the login process, say
$_SESSION[survey_user][authorized] = true;

And then in survey/index.php check if this SESSION variable set to true? If it's not set to true, then redirect user to the login screen

I couldn't find my way around session functions in LimeSurvey framework. So will probably have to use basic $_SESSION variable manipulation. Unless someone can give me a nice example of loading all required back end functions to a custom php page and some functions for manipulating sessions?

Or is there a better way? Maybe re-using administrator's User-related functions? Has anyone done this before?
The administrator has disabled public write access.

User login with username/password: development questions 2 years 3 months ago #94238

  • ivanleng
  • ivanleng's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 4
  • Karma: 0
Hi Everyone,

This is what I did:

- I have a custom login/registration/confirmation script that uses another database to store details, such as username and password.
When users authenticate, a session variable will be set:
and whatever else I'm using for users.

- controllers/index.php:
just after if ( $this->_surveyCantBeViewedWithCurrentPreviewAccess($surveyid, $isSurveyActive, $surveyExists) ) I added the following code;
// Check if user logged in. If not, redirect to login page
if((!isset($_SESSION['user_login']) || !isset($_SESSION['user_login']['username'])){
     // redirect to the login page
     $login_url = '/limesurvey/userlogin/login.php';

- helpers/frontend_helper.php:
Instead of displaying a new registration form, just create a new token and save in the database. Where you have "if (isset($thissurvey) && $thissurvey == "Y")"
//echo templatereplace(file_get_contents($sTemplatePath."register.pstpl"),array(),$redata,'frontend_helper[1599]');	
$tokentable = $dbprefix."tokens_".$surveyid;
$user_email = $_SESSION['user_login']['email'];
$baselang = Survey::model()->findByPk($surveyid)->language;
// check if the token exists in a database token_XXX for this user 
$qry = "SELECT * FROM {{tokens_$surveyid}} WHERE email='$user_email'";
$qryrow = Yii::app()->db->createCommand($qry)->queryRow();
if (!$qryrow){
   // it doesn't, then create a token in the database token_XXX with $_SESSION[user_login][details]
   $tokenlength = 15;
   while ($mayinsert != true)
      $newtoken = randomChars($tokenlength);
      $ntquery = "SELECT * FROM {{tokens_$surveyid}} WHERE token='$newtoken'";
      $usrow = Yii::app()->db->createCommand($ntquery)->queryRow();
      if (!$usrow) {$mayinsert = true;}
    // Insert new entry into tokens db
    $token = new Tokens_dynamic;
    $token->firstname = $_SESSION['user_login']['firstname'];
    $token->lastname = $_SESSION['user_login']['lastname'];
    $token->email = $user_email;
    $token->emailstatus = 'OK';
    $token->token = $newtoken;
    $result = $token->save();
    // then redirect to the survey XXX witht the token id
    $surveylink = Yii::app()->createAbsoluteUrl("/survey/index/sid/{$surveyid}",array('lang'=>$baselang,'token'=>$newtoken));
     // it does, then redirect to the survey XXX with the token id
     $surveylink = Yii::app()->createAbsoluteUrl("/survey/index/sid/{$surveyid}",array('lang'=>$baselang,'token'=>$qryrow['token']));
// redirect
header("Location: $surveylink");

- in RegisterController.php:
using a similar workaround to stop sending users a confirmation email

So now when users want to participate in a survey, they have to login (username and password from separate DB) or register.
Tokens are still enabled to track responses.
Public registration is turned on. But now instead of seeing a token registration form (the one that asks you for name and email address) a new token is created automatically.

This works just as it should. But I would like to integrate the whole registration/login process into the LimeSurvey and have it as a plugin so I don't have to modify much source code.

I am still finding it hard to get around the Yii framework.
Can you please point me in the right direction?

Do I need to have a new Controller etc. for this?
I'm thinking:
- controllers/userauth/login.php - to control login process? check DB, display error message, etc.
- controllers/userauth/register.php - same as above, but registration functions
- controllers/userauth/logout.php - well, clear the session, etc.

models/Userauth.php - does this need to represent my additional database table for users?

What other files I need to modify in order to get this all working together with limeSurvey?
And what about displaying all this stuff? Do I need to have any other files to manage how this all is displayed?

Am I on the right path with this one?
The administrator has disabled public write access.

User login with username/password: development questions 2 weeks 20 hours ago #121695

  • samirfor
  • samirfor's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 2
  • Thank you received: 1
  • Karma: 0
Are you versioning your code in any open repository like GitHub? I would like to look at it to take as an example to mine.
Last Edit: 2 weeks 20 hours ago by samirfor.
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.337 seconds