Logging in a user

Hi,

Hoping you can help, I’m trying to authenticate users that are kept in a database.

I’ve followed the authentication tutorial in the Kirby docs but I want the users to be saved in a database instead of a file. My registration form works - saving the data in my users table but how do I log the users in?

I think this is the line I am trying to replace :
if($user = $site->user(get('username')) and $user->login(get('password'))) {

This clearly sets the user but how can I do this with the user from my database. Should I just be able to set $user with my new data or should I do a custom cookie?

Any help would be appreciated :slight_smile:

Just out of curiosity, what is the use case for this? What is wrong with the way users works out of the box?

There’s nothing wrong with how users work out of the box at all but I’d like to build in some extra functionality.

For now, I’m hoping to store user data and also keep a “log” of which parts of the site they visit - sort of like a progress tracker and I think a database is the best solution for this.

I also thought storing the users in a database might make it easier in the future if the project ever grew and we had to switch platforms.

Be careful with data protection and privacy laws. I don’t know where you are in the world, but here in the UK (and i think the rest of Europe) you have to get user consent for tracking a users movement, especially if those movements can be directly tied to an identifiable person.

If you store users in a database, you can’t use Kirby’s built-in user handling.

Do you want to log in your users only on the frontend or into the Panel as well?

Moving users from Kirby into a database if you ever want to switch platforms wouldn’t be a problem at all.

Not the panel, just the front end.

“If you store users in a database, you can’t use Kirby’s built-in user handling.” <- thanks, this is all I needed to know. I can build in an alternative solution.

@jimbobrjames Yes, I am in the UK so thanks for mentioning that. The way I plan on this working is for the user to click a button to say they have read a section of the site and log that action. I’m certainly not intending to track without permission but I will do a bit more research on this.

Well, its quite trivial to save a form submission to the database. Are you using Uniform to handle the forms on the site?

Yes, I know how to do the saving to a database, I just wasn’t sure on the logging in part.

Ah, I hadn’t heard of that plugin - thank you, I shall take a look and perhaps do a bit more research before I start building all the forms.

No worries. Uniform will log to a text file by default and there is nothing in the docs for it about DB store, other then you can create your store. However, I figured it out not long ago, see this post.

Uniform is a great little plugin and really does simplify working with forms a great deal. Remember to disable Kirby cache for pages containing forms. You don’t want those cached.

The key here is not so much storing and retrieving data to/from the database, but to store them in a save way, that is to hash and salt the password.

Also, you would have store the logged in user in a session. I guess, though, that you know how to do this. If in doubt, the corresponding Kirby classes can be a starting point.

It doesnt sound like storing the password is necessary (I would avoid doing that at all costs). @mimpski just wants to know whether or not the current user has pressed a particular button on a particular page, i think so that this page does not get shown again if they have previously pressed it.

Well, somehow you have to authenticate a user if you want to log them in. I haven’t read anything about a button in this thread, but only about user authentication, but maybe I lost track.