I am using cakedc plugin. It is using username and password for the user login, I want to login with email instead of username. I do not want want the username to be there or stored in the database. Can anybody please help me how can i do it?
P.S. Plugin installed using composer in vendor directory
Change the Auth.authenticate.Form.fields configuration to let AuthComponent use the email instead of the username for user identify. Add this line to your bootstrap.php file, after CakeDC/Users Plugin is loaded
Configure::write('Auth.authenticate.Form.fields.username', 'email');
Override the login.ctp template to change the Form->control to "email". Add (or copy from the https://github.com/CakeDC/users/blob/master/src/Template/Users/login.ctp) the file login.ctp to path /src/Template/Plugin/CakeDC/Users/Users/login.ctp and ensure it has the following content
// ... inside the Form
<?= $this->Form->control('email', ['required' => true]) ?>
<?= $this->Form->control('password', ['required' => true]) ?>
// ... rest of your login.ctp code
We've added specific instructions here https://github.com/CakeDC/users/blob/master/Docs/Documentation/Configuration.md#using-the-users-email-to-login
Related
I want to upload the user picture profile in Drupal 7.x but there are some problems when I click on save button on the user profile. After I did it, no file was saved in the default directory and no URL was created
I have overwritten the template file "user-profile-edit.tpl.php" where I create my personal theme. Also before, I add on template.php the code to allow override theme.
$items['user_profile_form'] = array(
'render element' => 'form',
'path' => drupal_get_path('theme', 'MyTheme') . '/templates',
'template' => 'user-profile-edit',
);
return $items;
}
in "edit-profile-edit.tpl.php" I have this
print render($form['picture']['picture_current']);
print render($form['picture']['picture_upload']);
print render($form['picture']['picture_delete']);
$account = user_load(arg(1));
$profile_image= file_create_url($account->picture->uri);
print_r ($user);
print theme('user_picture', array('account' => $user));
When I change the Name or password and save, all the informations are submitted and saved but when I try to upload the image, no image is stored on directory default Drupal and no path image was built.
I activated user to upload it on Administration » Configuration » People » Account settings.
Can someone help me? What I missing or what am I doing wrong?
I am new to drupal. I want the fields(password, confirm password, roles) from admin/people/create to user/register page.
User can create their account with particular role. How can I achieve that when the user register their account.
By help of this code snippets _form();
The Drupal Form API password_confirm element
$form['pass_fields'] = array(
'#type' => 'password_confirm' ,
'#description' => t('Enter the same password in both fields'),
'#size' => 32,
'#required' => TRUE,
);
To check or auto save user role in _form();:
$role = 'user-role';
array( 'roles' => $roles );
you can use this module https://drupal.org/project/autoassignrole
Also if you unchecked option Require e-mail verification when a visitor creates an account. under Home » Administration » Configuration » People
Then you get password and confirm password fields in user registration form.
I created user-register-form.tpl.php with the following code.
<?php print render($form['account']); ?>
<?php print render($form['form_build_id']); ?>
<?php print render($form['form_id']); ?>
<?php print drupal_render($form['actions']); ?>
I unchecked require e-mail verification link. Using profile2_regpath module i checked the role. It is for when the user creates their accounts the role will automatically assign to the user.
I started trying out CakePHP a few months ago and I'm now attempting to create a "change password page" for logged in users. I have a form consisting of these fields: current password, new password and new password confirmation. For the current password, I want to validate that it matches the password of the logged in user, as a rule within the user Model. I know that I can get information of the logged in user with this: AuthComponent::user(). However, it provides me every field of the model except the password.
I know that Auth->login() is responsible for setting the session variables for the logged in user, but I'm not sure what I'm doing wrong here that only the password field cannot be accessed:
public function login() {
if ($this->request->is('POST')) {
if($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
$this->Session->setFlash('Your username/password combination was incorrect.');
}
}
}
Here's my login view:
<h2>Login</h2>
<?php
echo $this->Form->create('Promoter');
echo $this->Form->input('username');
echo $this->Form->input('password', array('type' => 'password'));
echo $this->Form->end('Login');?>
I'm using the Promoter model as the user, which i set in the AppController:
public $components = array(
'Auth'=>array(
...
'authenticate' => array(
'Form' => array('userModel' => 'Promoter')
),
'authorize' => array('Controller')
)
);
I can resort to validating the password in the Controller, but that would be giving up :) Please tell me if I need to provide more code to clarify the issue.
Thanks.
You're probably not doing anything wrong, this is most likely a security feature. There is no reason to keep a password in your session.
Secondly, even if it was in session, it would be encrypted (or at least I hope so, if it's not you should change that immediately!). So you still couldn't do a simple comparison.
To compare the old password, you should query your Promoter model, and get the hashed password from there, then hash the old password from your "change password" form, and finally compare the hashed results.
Because cake doesn't store the password in the session:
lib/Cake/Component/Auth/BaseAuthenticate.php line 94
unset($user[$fields['password']]);
So, I looked around and checked SO as well. My question similar to this: Why is the CakePHP authentication component not hashing my password? except that I cannot get it to work.
My password is unhashed upon registration.
In my Users Controller:
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('register', 'logout');
$this->Auth->fields = array('username' => 'email', 'password' => 'password');
}
View:
<?php echo $this->Form->create('User'); ?>
<fieldset>
<?php
echo $this->Form->input('email');
echo $this->Form->input('password');
?>
</fieldset>
<?php echo $this->Form->end(__('Submit'));?>
And I have some validators for the email field. The problem is, the password is being stored as plaintext. I thought
the Auth->fields line should have taken care of this, but it isn't. I know CakePHP only hashes if username and password in the $data are both populated, but I clearly remapped it, so it should have hashed correct?
If you are using CakePHP 2.x, Auth won't hash your password automatically anymore
From the docs at http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html
AuthComponent no longer automatically hashes every password it can
find. This was removed because it made a number of common tasks like
validation difficult. You should never store plain text passwords, and
before saving a user record you should always hash the password. You
can use the static AuthComponent::password() to hash passwords before
saving them. This will use the configured hashing strategy for your
application.
I have to reset my password direct through database for that I used query
UPDATE users SET pass = md5('NEWPASSWORD') WHERE name = 'admin'
but still I am not able to login.
Can you please tell me where I am going wrong?
With drupal 7, password are no more encrypted through md5.
There are several way to reset a password in drupal7.
Using drush :
drush upwd admin --password="newpassword"
Without drush, if you have a cli access to the server :
cd <drupal root directory>
php scripts/password-hash.sh 'myPassword'
Now copy the resultant hash and paste it into the query:
update users set name='admin', pass='pasted_big_hash_from_above' where uid=1;
If you are working on a remote environment on which you cannot connect, you can put this specified code in a file such as password.php such as this one:
<?php
if (isset($_GET['p'])) {
require_once dirname(__FILE__) . '/includes/bootstrap.inc';
require_once dirname(__FILE__) . '/includes/password.inc';
print _password_crypt('sha512', $_GET['p'], _password_generate_salt(DRUPAL_HASH_COUNT));
exit();
}
print "No password to hash.";
And then hit your site using: http://domain.tld/password.php?p=MyPassword. The hash will appear on your browser's tab.
Don't forget to remove it once you done it.
Are you locked out of your account? If you've got DB access then try clearing out the "flood" table.