Users, Authentication &amp; Personalization - MODX Community Forums <![CDATA[Getting lots of fake registrations using the Login.Register extra]]>
I then put a postHook on the registration snippet which logs all submissions to the Modx error log. To my surprise, the only things logged are the legitimate registrations. The fake/spam registrations do not get logged. How are they bypassing my registration form?

The spam users usually have a matching "name" and "fullname". Also, their email often ends in “.ru” or contains “yandex”

I’m running Modx 2.7.0.

Has anyone else seen this kind of thing? How are they doing this and how can I stop it?]]> Tue, 29 Jan 2019 10:57:54 +0000
<![CDATA[PDF-files only for web user]]> PDF files in an internal area are to be made available for download. But if I enter the URL of the file in the browser, I can download the file without registration.
Is there a way to make files only for web users available?

ModX 2.7.0
Login 1.9.7]]> Mon, 21 Jan 2019 03:51:47 +0000
<![CDATA[CookieList - Wishlist/favorites addon for Revolution using lovely Cookies!]]>

CookieList is a generic addon that can be used for keeping wishlists, user favorites and other similar content. It allows you to define the value that needs to be saved which means it is not restricted to Resources, but may also be used to provide wishlist functionality for custom components. As the name indicates, it stores data in a Cookie.

Documentation can be found at]]> Mon, 24 Sep 2018 09:55:17 +0000
<![CDATA[Best way of implementing user presentation pages?]]>

possibly with subdirectories for listing personal resources. Then I need some way of catching requests and directing them to the same snippet. One solution I have seen in MODX is Tagger plugging in to the OnHandleRequest event. But doesn't that add a penalty to every request that MODX handles? An alternative would be to do the routing in Nginx/Apache, which would mean a minuscular overhead on every other request too. I've seen it in Discuss. Any other options? What would you do? Tagger obviously made its choice, but is it optimal for someone used to configuring the web server? And Discuss is mostly an attempt to port SimpleMachine and doesn't interface well with MODX.]]> Tue, 26 Jun 2018 10:20:18 +0000
<![CDATA[login.php warning : htmlspecialchars() expects parameter 1 to be string, array given]]>
I keep getting this warning in my logs.
/core/components/login/controllers/web/Login.php : 100) PHP warning: htmlspecialchars() expects parameter 1 to be string, array given

When I look at the login.php file, this is what I can see
98 /* Escape placeholder values */
99 foreach ($phs as $k => $v) {
100 $phs[$k] = htmlspecialchars(str_replace(array('[',']'),array('[',']'),$v));
101 }

I am running MODX Revolution 2.5.8-pl, and the login package 1.9.4-pl2

Any ideas?

Steve Reid
]]> Tue, 19 Jun 2018 12:14:15 +0000
<![CDATA[ClassExtender - modUser - Add new field after initial config]]>
Now I would like to add some additional fields without dropping the table, losing any data, and starting over.
• Is ClassExtender able to add the new column?
• Or should I manually create the new column in the DB, adjust the 'MyExtUserSchema' schema file, and then run the ClassExtender snippet after?

Thank you for your help!]]> Mon, 28 May 2018 06:06:21 +0000
<![CDATA[How to automatically login a web user after registration?]]>
Something like
which would automagically perform the login process, and allow me to get on with custom script execution.

i’ve searched the forums without luck, and default login snippet is too complicated to hack apart...
anything like this exists?]]> Sat, 12 May 2018 03:39:41 +0000
<![CDATA[Profile and Extended User Field]]>
I'm trying to use Profile to grab an extended user field (created with ClassExtender) named "screenName" in a Resource Template (not a Chunk).

The "screenName" should reflect the user who created the Resource and not the signed-in user.
    &else=`Name: <a href="[[~20? &author=`[[*createdby]]`]]" rel="author">

No output.]]> Wed, 11 Apr 2018 07:05:43 +0000
<![CDATA[Can't preview unpublished pages]]>
While logged in to the manager I can't preview unpublished pages despite having super admin rights. Instead, I get redirected to the 404 page.

These pages are made of plain HTML, no Login snippets or any other kind are called.

The System Error Log doesn't report anything at all either.

I wonder if this is the new default behavior of the latter ModX versions.
]]> Wed, 29 Nov 2017 07:06:26 +0000
<![CDATA[How to add User Group to Form Customization Profile through API?]]> I am thankfull in advance for any help.
I am using MODX Revolution 2.2.4-pl (advanced).
I am trying to create member pages. This issue has been raised many times and several users have suggested working solutions (like Bob Ray's tree_root_id solution and the ACL-based resource and user control).
I have posted my own, ACL-based solution on gist - "own" is actually a gross exaggeration - it is copied-pasted and adapted from several solutions offered by the community (credited in the gist). Be aware though: errors are entirely mine, and I am a non-coder.
The plugin is fairly simple: on UserFormSave, it creates a corresponding resource, resource group, user group, the necessary access controls and group memberships, and a file directory.

But how do I assign the created User Group to an existing Form Customization Profile?

I have tried

$fields = array( 'usergroup' => 25, 'profile' => 2);
$FCPUG = $modx->newObject('modFormCustomizationProfileUserGroup', $fields);
if($FCPUG->save()) {echo 'Success!';}

It does not work. Is it because I can't modify a relationship table?

Then I tried, without success either:
$FCPUGs = $modx->getCollection('modFormCustomizationProfileUserGroup');
$FCprofile = $modx->getObject('modFormCustomizationProfile', 2);
if($FCprofile->save()) {echo 'Success!';}

In the"" target="_blank" rel="nofollow">object reference (thanks to Bob Ray for it) modFormCustomizationProfile objects have a related object UserGroups (from modFormCustomizationProfileUserGroup).
How do I add one or several User Group to this related object?
Thank you in advance for your help!

Update: I see that lukemcd posted the same question on the forum 4 months ago. But he received no answer and posted no solution.]]> Thu, 24 Aug 2017 08:33:43 +0000
<![CDATA[Login and/or SubscribeMe?]]> Thanks.]]> Tue, 27 Jun 2017 05:23:10 +0000 <![CDATA[Specific content for users after login]]>
I have the Login plugin all setup and would like to have part of a page only accessible after login - without making two separated pages. Is this possible?

]]> Fri, 09 Jun 2017 07:04:33 +0000
<![CDATA[Notify extra sent multiple emails??]]>
I have installed Bobray's Notify extra so i can send an email to users in a specific user group.
I thought i'd got my head around it and successfully sent a few test emails to a test user group. However when i sent to my specific user group it appears that users received 6 emails over a period of 18 minutes. All emails were the same except that only the first 2 contained the username with the other 4 displaying the placeholder {{+username}}
I can't find a record of the sent email recipients, only the actual 5 (default amount) emails in the logs (core/components/notify/notify-logs) as pointed out on Bobray's website.

a) Does anyone know if there is a log of recipients anywhere?
b) Anyone know why 6 emails might have been sent?

Thanks for any help

Using Notify 1.4.1
Modx 2.5.2


]]> Mon, 05 Jun 2017 08:47:12 +0000
<![CDATA[GoogleAuthenticatorX: Add 2-step verification to MODX manager login.]]>
I've submit the extra today, awaiting moderators approval.

]]> Wed, 11 Jan 2017 02:38:32 +0000
<![CDATA[How to redirect if login failed?]]>
I'm having the following issue:

I want to redirect to a specific resource (in my case with ID 3) if the user failed to login.
I'm using the following call:

[[!Login? &preHooks=`preHook.DiscussLogin` &loginResourceId=`20` &loginTpl=`lgnNewFrontTpl` &postHooks=`postHook.DiscussLogin` &redirectToOnFailedAuth=`3` ]]

but nothing happens.

The lgnNewFrontTpl call is the following (if it matters):
<div class="loginForm">
    <div class="loginMessage">[[+errors]]</div>
    <div class="loginFront">
        <form class="loginLoginForm" action="[[~[[*id]]]]" method="post">
                <p><a href="[[~6]]">Sign Up</a><a href="[[~11]]">Forgot your password?</a></p>
                <p><input type="text" name="username" id="login-username" placeholder="username"></p>
                <p><input type="password" name="password" id="login-password" placeholder="password"></p>
                <input class="returnUrl" type="hidden" name="returnUrl" value="[[+request_uri]]" />
                <input class="loginLoginValue" type="hidden" name="service" value="login" />
                <span class="loginLoginButton"><input type="submit" name="Login" value="[[+actionMsg]]"  /></span>

I think I'm doing something wrong with the &redirectToOnFailedAuth=`3`. There is no info how to use it.
In the Login documentation ( is written the following:
redirectToOnFailedAuth (1.6.4-pl & +) redirects to a separate page on failed logins

Did somebody know how to use the &redirectToOnFailedAuth or if there is another way to make this redirection working?

Thank you in advance!]]> Wed, 09 Nov 2016 03:54:00 +0000
<![CDATA[Register with HybridAuth not validate email already exist.]]>
I have a registration form and the HybridAuth so that users can register with their Google or Facebook accounts, it works well. However I need the users who register through Facebook or Google to only register once through their accounts, the email field must be validated so that it is the only one through HybridAuth, Could anyone please help me or direct me on how to do it?

Thanks!]]> Thu, 15 Sep 2016 03:32:11 +0000
<![CDATA[Change pass after of Forgot pass email]]> I have this in my reset resource, the form is showed but the password is not changed.

[[!ResetPassword? &loginResourceId=`11` &tpl=`lgnResetPassChangePassTpl`]]

I know I should use the the 'ChangePassword' snippet, but I'm not sure how to use it in this case.
I'm using MODX 2.5

Thanks for your help and I'm sorry for my English!]]> Fri, 26 Aug 2016 11:09:53 +0000
<![CDATA[Automated Setting User to Inactive?]]>
Also, that the "blocked" flag was used to handle things such as multiple failed login attempts.

Am I wrong? Is there somewhere in the system where User-Ids are automatically set to inactive (after they have been set-up and the user has successfully login)?]]> Tue, 01 Mar 2016 09:05:22 +0000
<![CDATA[Two User-Ids with Same Email Address?]]>
Both user-ids were "inactive". Assuming, same email address user-ids should not occur, is it possible that if an existing user is "inactive", a second one could be added with the same email address?

If I am wrong about registration preventing the situation, I can add more code to my registration pre-hook to prevent this situation.]]> Mon, 29 Feb 2016 09:53:05 +0000
<![CDATA[Re: Cannot edit all resource fields after trying to limit access to resources for a user]]>
It may be an issue with your browser cache and/or cookies, or possibly with Firefox, since others have reported trouble with the latest FF version.]]> Thu, 17 Dec 2015 01:52:16 +0000