We are in the process of migrating a website to Kirby that incorporates a members area. Members are supposed to login via the frontend or in the panel directly (that depends on their role). So far nothing special.
- The members tend to forget their passwords. All. The. Time.
- And they are struggeling to reset their passwords. All. The. Time.
So I was asking myself, if it was possible to ditch passwords all along and have some kind of login via email system: the users enter their email address and get a one-time login link via email on submit.
First question: does this make sense at all?
Second question: would it be possible with Kirby?
Yes to both. You can create your own login logic. https://getkirby.com/docs/reference/plugins/extensions/panel-login
Do we have any plugin around yet that show full frontend and backend code for this?
Maybe the Userskit can help you as a reference.
Take a look at registrationbyemail which should be straightforward to adapt to your needs. (It has a page and email template as well as the necessary controller logic).
- a user enters his/her e-mail address and submits your custom login form
- catch the POST in a controller (or route):
- validate the form (e.g. valid e-mail and a honeypot)
- generate a token (and maybe a timestamp)
- store it in the user’s profile
- and send it via email
- the user clicks on the link in the e-mail
- catch the GET in a controller (or route):
- find the user with that token
- (maybe check the timestamp to limit the validity)
- and login the user on success