Textpattern CMS. Handles site-wide logins, sessions, password recovery and self-registering.

" /> mck_login :: Kreatore.it :: txp :: plugin

Kreatore.it

Sviluppo applicativi Lamp

Textpattern plugin and theme

mck_login

mck_login

A public-side plugin for Textpattern CMS. Handles site-wide logins, sessions, password recovery and self-registering. Made by Jukka Svahn and Casalegno Marco.

Table of contents

Intro and Description

This repo branches from Casalegno Marco’s Textpattern plugin, mck_login. While this mck_login “fork” doesn’t really share any code with the original code base, it is based on it, initially started as a simple patch.

The main idea [of mine] was to fix security issues the original release of mck_login had. Work started by removing the all of the code which was duplicated from Textpattern’s core, and then fixing all the simple, yet critical, security issues.

After patching everything and taking advantage of core features, I concentrated to adding number of new features. The content and layout which once was hard-coded to the plugin, became changeable with tags and localization strings. No longer a form was a single tag, but set of tag. After that came security enchantments; brute force prevention, form tokens to prevent CSRF attacks, nonces and time-limited, eventually expiring forms. And finally, tools for extending the plugins in form of callbacks events and hooks.

Requirements

Recommended:

  • PHP 5.1.2+
  • Textpattern 4.4.1+
  • Cookie enabled

Installation and usage

The general behavior stands: paste plugin code to the plugin installer textarea and run the automatic setup. Then just activate the plugin and you are ready to use new tags that plugin includes like others.

For usage, basically just put <txp:mck_login_form > ... </txp:mck_login_form> where you wont to show the login form and <txp:mck_register_form > ... </txp:mck_register_form> where you wont to show the register form.

You may also want to grab a localization file, a textpack.

  1. Grab a localization file from textpacks directory. There are few languages available.
  2. Copy and paste the files contents to your site’s Language panel (TXP/Admin/Preferences > Language). At the bottom of the page you should see a Install Textpack field.

List of Tags and attributes

<txp:mck_login />

The mck_login tag is a single tag that return the user data when user is logged in. Else it return nothing.

Attributes

name: Type user data. Options: name, RealName, email, privs. Default: RealName
escape: Convert special characters to HTML entities. Options: 1/0. Default:1

<txp:mck_login_if>

The mck_login_if tag is a conditional tag and always used as an opening and closing pair, like this…

<txp:mck_login_if>
...conditional statement...
</txp:mck_login_if>

The tag will execute the contained statement if the user is logged in or that the data matches the value.

Attributes

name: If NULL (unset), checks if visitor is logged in.
value: Match to.

<txp:mck_login_form />

The mck_login_form is a container tag that output a user login form for front-end. It will be used with other tag such as mck_login_input.
See example

Attributes

action: Form’s action (target location).
id: Form’s HTML id.
class: Form’s HTML class.

<txp:mck_register_form />

The mck_register_form tag is a container tag that output a user self regiter form. It will be used with other tag such as mck_login_input.
See example

Attributes

privs: Privileges the user is created with.
action: Form’s action (target location).
id: Form’s HTML id.
class: Form’s HTML class.
log_in_url: “Log in at” URL used in the sent email.
subject: Email message’s subject.

<txp:mck_password_form />

The mck_password_form is a container tag that output a form that allow user change his password. Three input tags are required which name: mck_password_old, mck_password_new, mck_password_confirm
See example

Attributes

action: Form’s action (target location).
id: Form’s HTML id.
class: Form’s HTML class.

<txp:mck_reset_form />

The mck_reset_form tag is a container tag that output a password reset form. See example

Attributes

action: Form’s action (target location)
id: Form’s HTML id.
class: Form’s HTML class.
go_to_after: The page (page) the confirmation URL directs users. i.e. about/reset-page
subject Confirmation email’s subject.

<txp:mck_login_input />

The mck_login_input is a single tag that creates a text input field and corresponding

Attributes

type: => Field type of input tag. Options: text,password,checkbox, Default: text.
name: Field name, as used in the HTML input tag. ‘value’ => ‘’, ‘class’ => ‘mck_login_input’, ‘id’ => ‘’,
label: Text label displayed to the user ‘required’ => 1,
required: required=“1” makes the field mandatory. The form will display an error message if no input is provided. Options: 0/1 Default : 1. ‘remember’ => 1,

min – Minimum input length in characters. An error message will be displayed if the input is less than min. Default is 0. Optional. max – Maximum input length in characters. Used for the maxlength parameter of the input field. No error will be displayed if the length is exceeded, but the value will be truncated for the email. Default is 100. Optional. name – . size – Size of the input field as displayed to the user. Leave empty for the browser default. Optional.
<txp:mck_login_bouncer />

Bouncer. Checks token, and protects against CSRF attempts.

<txp:mck_login_token />

Generate a ciphered token.

<txp:mck_login_errors />

The mck_login_error displays error messages of any form of mck_login. Can see each example’s form

Attributes

for: Sets which form’s errors are shown. Either login, reset, password, register.
wraptag: HTML wraptag.
break: HTML tag used to separate the items.
class: Wraptag’s HTML class.
offset: Skip number of errors from the beginning.
limit: Limit number of shown errors.

Examples

Login Form

Displays a login form for users that are not logged in, and a log out link for rest. All registered users can use the form to log in. Uses mck_login, mck_login_form, mck_login_errors, mck_login_input

<txp:mck_login_form>
	<txp:mck_login_errors />
	<txp:mck_login_input type="text" name="mck_login_name" label="Login" />
	<txp:mck_login_input type="password" name="mck_login_pass" label="Password" />
	<p><txp:mck_login_input type="checkbox" name="mck_login_stay" value="1" label="Remember me?" /></p>
	<p><button type="submit">Log in</button></p>
<txp:else />
	<p>Welcome, <txp:mck_login name="RealName" /> <a href="?mck_logout=1">Log out</a>.</p>
</txp:mck_login_form>  
Register form

Adds self-registering form. When form is completed correctly, message is shown and user’s auto-generated password is sent to the provided email address. Uses mck_register_form, mck_login_input, mck_login_errors

<txp:mck_register_form>
  <txp:mck_login_errors />
	<txp:mck_login_input type="text" name="mck_register_email" label="Your email address"	/><br />
	<txp:mck_login_input type="text" name="mck_register_name" label="Your login name"	/><br />
	<txp:mck_login_input type="text" name="mck_register_realname" label="Your real name" />
	<p><button type="submit">Register</button></p>
<txp:else />
	<p>Email sent to the provided email address with your account's login details.</p>
</txp:mck_register_form>
Password change form

A form that allows an user to change password. Nothing will be shown to those that are not logged in. Uses mck_password_form, mck_login_input, mck_login_errors

<txp:mck_password_form>
	<txp:mck_login_errors />
	<txp:mck_login_input type="password" name="mck_password_old" label="Your old password" /><br />
	<txp:mck_login_input type="password" name="mck_password_new" label="New password" /><br />
	<txp:mck_login_input type="password" name="mck_password_confirm" label="Confirm new password" />
	<p><button type="submit">Save new password</button></p>
<txp:else />
	<p>Password changed. Use your new password next time you log in.</p>
</txp:mck_password_form>
Password reset form

Following displays a form that can be used to recover a lost password. When user fills the form, mail is sent to the user with a reset link. When the user opens that reset link, a second email is sent to the user with a new auto-generated password. Uses mck_reset_form, mck_login_input, mck_login_errors

<txp:mck_reset_form>
	<txp:mck_login_errors />
	<txp:mck_login_input type="text" name="mck_reset_name" label="Your login" />
	<p><button type="submit">Send reset request</button></p>
<txp:else />
	<p>Confirmation email with a reset link has been sent to your account's email address.</p>
</txp:mck_reset_form>
Showing data

Displays some data about logged in users if logged in, otherwise a notification message. Uses mck_login, mck_login_form, mck_login_errors, mck_login_input

<txp:mck_login_if>
	<ul>
		<li><txp:mck_login name="RealName" /></li>
		<li><txp:mck_login name="name" /></li>
		<li><txp:mck_login name="email" /></li>
	</ul>
<txp:else />
	<p>	Logged in is not this one, no. This one logged in must. With haste. We make happy must. He pleases us, he shall. He lost. We shall guide him.	</p>
	<p><a href="#">Log in here. Our master passage has. Passage indeed.</a></p>
</txp:mck_login_if>
Github examples files

Please see ./examples/ directory for usage instructions and examples. The plugin’s source (mck_login.php) includes documentation (PHPdoc) and outlines all tag attributes and has embedded minimal inline-examples too.

Extending and callbacks

The plugin comes with range of callback events, hooking points which 3rd party plugins/developers can use to integrate with mck_login inner-workings. This allows extending mck_login’s feature set. For example adding anti-spam plugins, or extra form validation to the mix is no-brainer.

  • mck_login.reset_confirm
  • mck_login.reset_confirmed
  • mck_login.logout
  • mck_login.login
  • mck_login.invalid_login
  • mck_login.logged_in
  • mck_login.reset_form
  • mck_login.reset
  • mck_login.reset_sent
  • mck_login.register_form
  • mck_login.register
  • mck_login.registered
  • mck_login.login_form
  • mck_login.password_form
  • mck_login.save_password
  • mck_login.password_saved

Hooking (registering callback) to the events happens with Textpattern’s very own register_callback() function, in the exact same fashion as one would normally do when writing a plugin for core Textpattern.

See /extending/abc_trap for usage example. Abc_trap.php is an example plugin, that adds a hidden spam trap field to the registration form.

Changelog

0.1 First release
2.0 Rewrited release by Jukka
2.0.1 Fix 2 bugs in handler() on line 129 and 206
2.0.2 Fix bug on Password Form

Know issues

Thanks to

I must thanks to Jukka Svahn for writing this plugin. His show me what way i must follow for write a correct (and secure) plugin for textpattern.
I thanks to community of Textpattern for help in traslation of Textpack.

1 risposte all'articolo "mck_login"

Download

Download Compressed Download Uncompressed

Support

Find mck_login support on Textpattern forum

Altri Plugin

© 2011 Kreatore.it :: Sito web realizzato da Marco Casalegno

TXP | Admin | Home | Back to Top

Tutte le informazioni e le immagini sono rilasciate sotto licenza secondo la Creative Commons License 2.0.