User login with username/password: development questions

4 years 2 weeks ago #93669 by ivanleng
I need to implement the way for users to log in using username/password.

Users should be able to register for the system, then use their credentials when they want to participate in any of the surveys available.

I understand that to achieve this I will have to make some modifications to the engine. It's not ideal, but we want to have a database of users and give them the ability to complete a number of surveys.

Tokens should still be used for tracking survey progress for individual users.

Users will be identified by their email address. A User wants to participate in a survey. They first presented with a login screen. A user then fills in their email address and password, click 'Login' and a token is automatically created for this user to use in a survey. (Remove a step with sending an invitation email)

So I have some development related questions:

Presume that i have created another database table to hold user details. If I have an external page to login, I can check if a user exists in that database table, but what is the best way to store the state of a user thats logged in?

Is it better to create a session variable during the login process, say
$_SESSION[survey_user][authorized] = true;

And then in survey/index.php check if this SESSION variable set to true? If it's not set to true, then redirect user to the login screen

I couldn't find my way around session functions in LimeSurvey framework. So will probably have to use basic $_SESSION variable manipulation. Unless someone can give me a nice example of loading all required back end functions to a custom php page and some functions for manipulating sessions?

Or is there a better way? Maybe re-using administrator's User-related functions? Has anyone done this before?

Please Log in to join the conversation.

4 years 2 days ago #94238 by ivanleng
Hi Everyone,

This is what I did:

- I have a custom login/registration/confirmation script that uses another database to store details, such as username and password.
When users authenticate, a session variable will be set:
and whatever else I'm using for users.

- controllers/index.php:
just after if ( $this->_surveyCantBeViewedWithCurrentPreviewAccess($surveyid, $isSurveyActive, $surveyExists) ) I added the following code;
// Check if user logged in. If not, redirect to login page
if((!isset($_SESSION['user_login']) || !isset($_SESSION['user_login']['username'])){
     // redirect to the login page
     $login_url = '/limesurvey/userlogin/login.php';

- helpers/frontend_helper.php:
Instead of displaying a new registration form, just create a new token and save in the database. Where you have "if (isset($thissurvey) && $thissurvey == "Y")"
//echo templatereplace(file_get_contents($sTemplatePath."register.pstpl"),array(),$redata,'frontend_helper[1599]');	
$tokentable = $dbprefix."tokens_".$surveyid;
$user_email = $_SESSION['user_login']['email'];
$baselang = Survey::model()->findByPk($surveyid)->language;
// check if the token exists in a database token_XXX for this user 
$qry = "SELECT * FROM {{tokens_$surveyid}} WHERE email='$user_email'";
$qryrow = Yii::app()->db->createCommand($qry)->queryRow();
if (!$qryrow){
   // it doesn't, then create a token in the database token_XXX with $_SESSION[user_login][details]
   $tokenlength = 15;
   while ($mayinsert != true)
      $newtoken = randomChars($tokenlength);
      $ntquery = "SELECT * FROM {{tokens_$surveyid}} WHERE token='$newtoken'";
      $usrow = Yii::app()->db->createCommand($ntquery)->queryRow();
      if (!$usrow) {$mayinsert = true;}
    // Insert new entry into tokens db
    $token = new Tokens_dynamic;
    $token->firstname = $_SESSION['user_login']['firstname'];
    $token->lastname = $_SESSION['user_login']['lastname'];
    $token->email = $user_email;
    $token->emailstatus = 'OK';
    $token->token = $newtoken;
    $result = $token->save();
    // then redirect to the survey XXX witht the token id
    $surveylink = Yii::app()->createAbsoluteUrl("/survey/index/sid/{$surveyid}",array('lang'=>$baselang,'token'=>$newtoken));
     // it does, then redirect to the survey XXX with the token id
     $surveylink = Yii::app()->createAbsoluteUrl("/survey/index/sid/{$surveyid}",array('lang'=>$baselang,'token'=>$qryrow['token']));
// redirect
header("Location: $surveylink");

- in RegisterController.php:
using a similar workaround to stop sending users a confirmation email

So now when users want to participate in a survey, they have to login (username and password from separate DB) or register.
Tokens are still enabled to track responses.
Public registration is turned on. But now instead of seeing a token registration form (the one that asks you for name and email address) a new token is created automatically.

This works just as it should. But I would like to integrate the whole registration/login process into the LimeSurvey and have it as a plugin so I don't have to modify much source code.

I am still finding it hard to get around the Yii framework.
Can you please point me in the right direction?

Do I need to have a new Controller etc. for this?
I'm thinking:
- controllers/userauth/login.php - to control login process? check DB, display error message, etc.
- controllers/userauth/register.php - same as above, but registration functions
- controllers/userauth/logout.php - well, clear the session, etc.

models/Userauth.php - does this need to represent my additional database table for users?

What other files I need to modify in order to get this all working together with limeSurvey?
And what about displaying all this stuff? Do I need to have any other files to manage how this all is displayed?

Am I on the right path with this one?

Please Log in to join the conversation.

1 year 9 months ago - 1 year 9 months ago #121695 by samirfor
Are you versioning your code in any open repository like GitHub? I would like to look at it to take as an example to mine.
Last Edit: 1 year 9 months ago by samirfor.

Please Log in to join the conversation.

1 year 8 months ago #122479 by Mazi
Since that post was started more than 2 years ago, I recommend to chose a different approach when it comes to coding this for newer Limesurvey versions. These support a new plugin system and there are some events which deal with authentication that can be used for this.
There are also some examples out there at the wiki, Github and other pages.

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)'"

Please Log in to join the conversation.

1 year 8 months ago #122488 by samirfor
Thanks. I love tokens :)

Please Log in to join the conversation.

1 year 4 months ago - 1 year 4 months ago #127926 by catpre2
If you want to enable user accounts on your website wouldn't it be easier to use a third-party solution? 1. It would be easier and faster to set up; 2. You wouldn't have to worry about ensuring that password are securely handled and stored.

Now for my shameless plug: is one such service. We make sure your user's information is safe and it takes 30min to set up. For PHP and nodejs backend you only have to copy-and-paste some lines of code from your dashboard and we're working on expanding that collection. Meanwhile, you can use our API.

API reference here:
Last Edit: 1 year 4 months ago by DenisChenu. Reason: remove direct link merchandising

Please Log in to join the conversation.