The documentation reads:
Helper function for authentication
modules. Either login in or registers
the current user, based on username.
Either way, the global $user object is
populated based on $name.
It seems to me that this function does not actually perform a login (it does not trigger the user_hook with op=login. It does not call user_external_login or even user_authenticate_finalize.
Am I interpreting it wrong?
I looked through the code, and it doesn't invoke hook_user() op = 'login'. You can do that in your own module though.
Look at user_module_invoke() to do this.
It does log the user in.
Last lines in code,
// Log user in.
$form_state['uid'] = $account->uid;
user_login_submit(array(), $form_state);
, seems to say that, in spite of submitting a wrong password.
System seems to create a user (named like that name provided in the login form) and save locally whichever wrong password provided (which will be, then, the "right" password).
If you do not take further action, then, it will not even care about an external authentication source and the real onwer of that name will not be able to log in later...
Scary, uh?
Related
I want to run a function on each user.
I know how to target a user logged in (this.userId client-side or Meteor.userId server-side) but not all the users - regardless they are logged in or not.
The idea is to check if a date type field (profile.Actu), so in the profile user schema, is passed by more than 15 days. If yes, send a mail to a profile.recipients (also a field (email type) in the profile.user schema.
Then I will run this function by a cron task, like every day, on each user, in order to check if that function must send a mail if the date (profile.Actu) is, that day, passed... Hope you understand the idea.
Can anyone help me ? I'm very new to meteor, so my question may look naive... Thanks.
You should run this on the server. There is a method called
Meteor.users()
Which will return you a list of all the users, which you iterate over. http://docs.meteor.com/api/accounts.html#Meteor-users
If you want to do this on a regular basis, you should use a package like synced-cron https://atmospherejs.com/percolate/synced-cron to do the job.
and in case you need a reference for sending emails, look here http://docs.meteor.com/api/email.html
I've created an action programmatically and added a VBO to a view in order to execute the action on one or more users. The action itself simply removes a few roles and adds a new role to the selected users. I call user_save from within the action to save the changes to the roles.
If I look at the user_roles table in the database while the action is running, I can see the role ids for the specific user, changing to the new role in realtime. However, when the VBO is complete, it seems to revert back to the original user object so that none of the old roles have been removed and the new role hasn't been added. It has to be something happening after my action is executed, but I can't imagine what it is.
Oddly enough, if I run the VBO a second time, it seems to work.
My action is defined in hook_action_info as type "user" and triggers is an array with "any" as the only parameter.
If I call the action directly using actions_do, it works perfectly the first time.
Any ideas?
I suggest to use a few users to test the VBO and also implement hook_user_update with dpm (devel module) and debug_backtrace. This could give a hint of what is happening, it's a weird behaviour that you will discover only debugging.
If you have more info please append it to your question so everyone could help.
Hope that helps.
I have a project in MVC. I would like to save a variable and have it accessible as long as the user is logged in, to get it or set it.
The reason for this is that the application uses the information I would put in there, to get data. I now need to add admin functions so an admin can see more then only his own results, and therefore I would need to change this ID, depending on what result he wants to see.
I have tried using a session, but the problem I have with that is that when the user closes the website, and at a later time returns, he is still logged in, but the session variable is null.
I also tried to add a property to my base class. I was able to set it, but when I tried to get it in a different controller, the property was null as well.
What is the best/fastest/correct way to do this? I would prefer to not use the database for this, if possible.
What you are looking for is a "Session". On login you can just do
Session["Key"] = "Value";
And on logout you can empty the field
Session["Key"] = String.Empty;
You can read more about sessions here: https://msdn.microsoft.com/en-us/library/ms178581.aspx
I'm building a application with Symfony 2.6.5. I have built my own User Provider following this and this.
My User class implements AdvancedUserInterface and EquatableInterface.
isEqualTo returns false if either password, username or isEnabled has changed.
I serialize id, username, password, isEnabled and a few custom properties.
It all works pretty good. Except for the following:
I can login (without RememberMe), everything looks good. I've verified that refreshUser() in my user provider is called on every request as is isEqual() in user.
If I directly change the username in the database and hit refresh, I'm not logged out. My view displays the user name and that changes to the new value from the database. Likewise I am not logged out if I manually change the password hash in the database. I have verified that isEqualTo() returns false and $this->setAuthenticated(false) happens in AbstractToken.
It does logout on the next refresh if I change isEnabled to false.
Either I'm doing something wrong, the documentation here is wrong, I'm misinterpreting it or there is a bug in Symfony.
It's not a big deal. The fact that isEnabled gives me a way to log someone out is good but I'd like to understand this better.
Thanks
EDIT: I just discovered that I'm not the only one seeing this.
https://github.com/symfony/symfony/issues/13870
I probably should have looked there first.
I have come to the conclusion that this is a documentation issue rather than a bug. Explanation at the bottom of https://github.com/symfony/symfony/issues/13870 and a new issue for the docs at https://github.com/symfony/symfony-docs/issues/5419
I was looking and looking a bit too long time for a solution for my problem and I can hardly find anything focused on the topic which bothers me.
Namely: Do you have any idea if user login can be processed inside symfony2 without using a form login? To be more precise, I mean let's say something like this:
$this->authenticationManager->login($user->getUsername(), $user->getPassword());
For now I have two ideas to do what I want to do but a bit differently:
Take advantage of AJAX and send arequest via POST to loginAction with it (unfortunately this is not going to work if JavaScript would have been disabled)
In symfony's docs I found an option post_only: true which when I set to false lets me access loginAction wih GET method so simple redirect would have done the job here.
nevertheless I would prefer the solution I'm searching for.
BTW: Can you tell me how to generate csrf token if I needed it to successfully submit login data?
You can manually set the authentification token:
// Inside an action, for example. You already need an user.
$providerKey = 'main'; // your firewall name
$token = new UsernamePasswordToken($user, null, $providerKey, $user->getRoles());
$this->container->get('security.context')->setToken($token);
Found here.