I am currently working on a side-project which involves user registration and login. I’ve nailed the login aspect, after following the article on authentication in the Kirby Cookbook. Unfortunately I haven’t found a way for the user to register on the site itself without me having to do add the user in the panel. Does anyone have any experience with such?
All help is highly appreciated!
Yes, you can let users register via a form on the frontend, look into $users->create(): https://getkirby.com/docs/cheatsheet/users/create
Thanks for the answer!
I have a login form that submits to a file with the code below to create a new user. Unfortunately, it keeps saying that the user could not be created. When replacing the $_GET[“firstname”] etc. with a regular string of text, it works. Any tips?
<?php try {
$user = $site->users()->create(array(
'firstName' => '.$_GET["firstname"];.',
'lastName' => '.$_GET["lastname"];.',
'username' => '.$_GET["username"];.',
'email' => '.$_GET["email"];.',
'password' => '.$_GET["password"];.'
));
echo 'The user has been created';
} catch(Exception $e) {
echo 'The user could not be created';
} ?>There shouldn’t be quotes around the variables either (otherwise they are considered as strings) and no dots:
<?php try {
$user = $site->users()->create(array(
'firstName' => strip_tags(get('firstname')),
'lastName' => strip_tags(get('lastname')),
'username' => strip_tags(get('username')),
'email' => strip_tags(get('email')),
'password' => strip_tags(get('password')),
));
echo 'The user has been created';
} catch(Exception $e) {
echo 'The user could not be created';
} ?>
Are you validating the email before submission?
I am not validating the email.
Still keep getting the error message.
Getting string(2) "fe" from a var_dump <?php var_dump(strip_tags(get('firstname'))) ?>.
How can I remove string(2) ", but still keep the content within the quotes?
Could you please post your form?
Here you go! The form submits to the file previously mentioned.
<form action="/usermake" method="post">
First Name: <input type="text" name="firstname"><br>
Last Name: <input type="text" name="lastname"><br>
Username: <input type="text" name="username"><br>
E-mail: <input type="text" name="email"><br>
Password: <input type="password" name="password"><br>
<input type="submit" name="submit">
</form>First of all, I would recommend using proper labels for your form and style it via CSS instead of using br tags (that has nothing to do with the error, though, it’s just about good coding style).
Also, in your controller or template of the usermake page, you should check if the request is a post request and if the request comes from the submit button:
<?php
if(r::is('post') and get('submit')) {
try {
$user = $site->users()->create(array(
'firstName' => strip_tags(get('firstname')),
'lastName' => strip_tags(get('lastname')),
'username' => strip_tags(get('username')),
'email' => strip_tags(get('email')),
'password' => strip_tags(get('password')),
));
echo 'The user has been created';
} catch(Exception $e) {
echo 'The user could not be created';
}
}
?>
Other than that, the code should work, unless the user already exists.
You didn’t post the validation part of your code, you would of course have to check if all required fields were filled in etc.
Also, and this is very important, you should give these new users that you create a role. Otherwise, they all have a default role, which might even be the admin role, which is probably not what you want.
And one more thing: For security reasons it would be better to use CSRF tokens. You can do that yourself, or you could fall back to using a plugin like the great Kirby Uniform plugin which takes off a lot of the heavy lifting for you.
Thanks a lot for your help, everything works fine now!
There is more to do for a proper front end user registration workflow:
e.g.
would be nice to have all this in a ‘plugin’… secure and bulletproof. dream 