Welcome, Guest
Username: Password: Remember me

TOPIC: User login with username/password: development questions

User login with username/password: development questions 2 years 4 months ago #93669

  • ivanleng
  • ivanleng's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 4
  • Karma: 0
I need to implement the way for users to log in using username/password.

Users should be able to register for the system, then use their credentials when they want to participate in any of the surveys available.

I understand that to achieve this I will have to make some modifications to the engine. It's not ideal, but we want to have a database of users and give them the ability to complete a number of surveys.

Tokens should still be used for tracking survey progress for individual users.

Users will be identified by their email address. A User wants to participate in a survey. They first presented with a login screen. A user then fills in their email address and password, click 'Login' and a token is automatically created for this user to use in a survey. (Remove a step with sending an invitation email)

So I have some development related questions:

Presume that i have created another database table to hold user details. If I have an external page to login, I can check if a user exists in that database table, but what is the best way to store the state of a user thats logged in?

Is it better to create a session variable during the login process, say
$_SESSION[survey_user][authorized] = true;

And then in survey/index.php check if this SESSION variable set to true? If it's not set to true, then redirect user to the login screen

I couldn't find my way around session functions in LimeSurvey framework. So will probably have to use basic $_SESSION variable manipulation. Unless someone can give me a nice example of loading all required back end functions to a custom php page and some functions for manipulating sessions?

Or is there a better way? Maybe re-using administrator's User-related functions? Has anyone done this before?
The administrator has disabled public write access.

User login with username/password: development questions 2 years 4 months ago #94238

  • ivanleng
  • ivanleng's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 4
  • Karma: 0
Hi Everyone,

This is what I did:

- I have a custom login/registration/confirmation script that uses another database to store details, such as username and password.
When users authenticate, a session variable will be set:
$_SESSION['user_login']
and
$_SESSION['user_login']['username']
and whatever else I'm using for users.


- controllers/index.php:
just after if ( $this->_surveyCantBeViewedWithCurrentPreviewAccess($surveyid, $isSurveyActive, $surveyExists) ) I added the following code;
// Check if user logged in. If not, redirect to login page
if((!isset($_SESSION['user_login']) || !isset($_SESSION['user_login']['username'])){
     // redirect to the login page
     $login_url = '/limesurvey/userlogin/login.php';
     Yii::app()->request->redirect($login_url);
}


- helpers/frontend_helper.php:
Instead of displaying a new registration form, just create a new token and save in the database. Where you have "if (isset($thissurvey) && $thissurvey == "Y")"
//echo templatereplace(file_get_contents($sTemplatePath."register.pstpl"),array(),$redata,'frontend_helper[1599]');	
 
$tokentable = $dbprefix."tokens_".$surveyid;
$user_email = $_SESSION['user_login']['email'];
$baselang = Survey::model()->findByPk($surveyid)->language;
 
// check if the token exists in a database token_XXX for this user 
$qry = "SELECT * FROM {{tokens_$surveyid}} WHERE email='$user_email'";
$qryrow = Yii::app()->db->createCommand($qry)->queryRow();
 
if (!$qryrow){
   // it doesn't, then create a token in the database token_XXX with $_SESSION[user_login][details]
   $tokenlength = 15;
   while ($mayinsert != true)
   {
      $newtoken = randomChars($tokenlength);
      $ntquery = "SELECT * FROM {{tokens_$surveyid}} WHERE token='$newtoken'";
      $usrow = Yii::app()->db->createCommand($ntquery)->queryRow();
      if (!$usrow) {$mayinsert = true;}
    }
 
    // Insert new entry into tokens db
    Tokens_dynamic::sid($thissurvey['sid']);
    $token = new Tokens_dynamic;
    $token->firstname = $_SESSION['user_login']['firstname'];
    $token->lastname = $_SESSION['user_login']['lastname'];
    $token->email = $user_email;
    $token->emailstatus = 'OK';
    $token->token = $newtoken;
    $result = $token->save();
 
    $token=$token->token;
 
    // then redirect to the survey XXX witht the token id
    $surveylink = Yii::app()->createAbsoluteUrl("/survey/index/sid/{$surveyid}",array('lang'=>$baselang,'token'=>$newtoken));
}
else 
{
     // it does, then redirect to the survey XXX with the token id
     $surveylink = Yii::app()->createAbsoluteUrl("/survey/index/sid/{$surveyid}",array('lang'=>$baselang,'token'=>$qryrow['token']));
}
 
// redirect
header("Location: $surveylink");


- in RegisterController.php:
using a similar workaround to stop sending users a confirmation email


So now when users want to participate in a survey, they have to login (username and password from separate DB) or register.
Tokens are still enabled to track responses.
Public registration is turned on. But now instead of seeing a token registration form (the one that asks you for name and email address) a new token is created automatically.


This works just as it should. But I would like to integrate the whole registration/login process into the LimeSurvey and have it as a plugin so I don't have to modify much source code.

I am still finding it hard to get around the Yii framework.
Can you please point me in the right direction?

Do I need to have a new Controller etc. for this?
I'm thinking:
- controllers/userauth/login.php - to control login process? check DB, display error message, etc.
- controllers/userauth/register.php - same as above, but registration functions
- controllers/userauth/logout.php - well, clear the session, etc.

models/Userauth.php - does this need to represent my additional database table for users?

What other files I need to modify in order to get this all working together with limeSurvey?
And what about displaying all this stuff? Do I need to have any other files to manage how this all is displayed?

Am I on the right path with this one?
The administrator has disabled public write access.

User login with username/password: development questions 1 month 2 weeks ago #121695

  • samirfor
  • samirfor's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 4
  • Thank you received: 1
  • Karma: 0
Are you versioning your code in any open repository like GitHub? I would like to look at it to take as an example to mine.
Last Edit: 1 month 2 weeks ago by samirfor.
The administrator has disabled public write access.

User login with username/password: development questions 1 month 13 hours ago #122479

  • Mazi
  • Mazi's Avatar
  • Offline
  • LimeSurvey Team
  • Posts: 5705
  • Thank you received: 331
  • Karma: 255
Since that post was started more than 2 years ago, I recommend to chose a different approach when it comes to coding this for newer Limesurvey versions. These support a new plugin system and there are some events which deal with authentication that can be used for this.
There are also some examples out there at the wiki, Github and other pages.

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
The administrator has disabled public write access.

User login with username/password: development questions 1 month 11 hours ago #122488

  • samirfor
  • samirfor's Avatar
  • Offline
  • Fresh Lemon
  • Posts: 4
  • Thank you received: 1
  • Karma: 0
Thanks. I love tokens :)
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.325 seconds