We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Adding Users for Front End

    • 18654
    • 191 Posts
    mattcdavis1 Reply #1, 14 years, 6 months ago
    Can anyone help me understand the basic steps to setting up and authenticating users for the front end. What I want to do is allow access to certain pages and certain resources within pages based on a user’s status (guest, basic member, full member, etc). The site is going to have video downloads, pdf downloads, etc. and I want to be able to choose what items are available to users.

    Previously (before Modx) I just set up a login page to verify the username and password from the database; then, if the user validated, I would set a session variable that contained the user’s information. How would I do something like this using the Modx API? I’ve been looking at the API docs, but I’m struggling to understand how to fit the pieces together to accomplish my goal. Any help would be appreciated.

      God does not save those who are only imaginary sinners. Be a sinner, and let your sins be strong, but let your trust in Christ be stronger, and rejoice in Christ who is the victor over sin, death, and the world.
    • sottwell Reply #2, 14 years, 6 months ago
      A combination of the basic web user management system, involving web user groups and document groups, as well as some other snippets that are used within a document to display various content depending on the user’s groups would do the trick.

      http://modxcms.com/extras/package/136
        Studying MODX in the desert - http://sottwell.com
        Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
        Join the Slack Community - http://modx.org
        • 18654
        • 191 Posts
        mattcdavis1 Reply #3, 14 years, 6 months ago
        Susan,

        I noticed the changelog in the snippet code shows the last update as April of ’07. I’m wondering if the code reflects the best approach for this task in Revolution or if it’s primarily meant for Evolution. The reason this matters is that I’m trying to actually learn the code required to do authentication as opposed to just using an existing snippet. Existing snippets are still helpful because I can see the code and learn from them, but for the most part I like to write my own snippets because I typically find that at some point or another pre-written snippets don’t completely meet my needs.

        I guess what I’m really looking for is a simple code-example of of how to set a user to "logged in" status and then check that status on each page. I’m thinking it should only be a few lines of code for each task, I’m just not sure what the minimum code needed for this task would be.

        Would you be able to provide an example of this (bare-minimum code to set and check user login status)?

        Thanks,

        -matt

          God does not save those who are only imaginary sinners. Be a sinner, and let your sins be strong, but let your trust in Christ be stronger, and rejoice in Christ who is the victor over sin, death, and the world.
          • 28215
          • 4,149 Posts
          splittingred Reply #4, 14 years, 6 months ago
          Matt,

          I can only make a brief comment now, but I’d look into:

          $modx->user->addSessionContext()
$modx->user->isAuthenticated()
            shaun mccormick | bigcommerce mgr of software engineering, former modx co-architect | github | splittingred.com
            • 18654
            • 191 Posts
            mattcdavis1 Reply #5, 14 years, 6 months ago
            Ok, I’ve figured out the basics (see code below). I still have two questions:

            1. Is my approach below the best method or is there a better way.
            2. How can I make the current user’s profile information available via some type of method. I notice that when I’m logged into the manager there is all kinds of information available in various Session variables. How can I make this type of information available for web users and then what is the best way to access it?

            Here is the code I’m currently working with:

            <?php

$username = isset($_POST['name'])? $_POST['name'] : '';
$password = isset($_POST['password'])? $_POST['password'] : '';

$user = $modx->getObject('modUser', array(
	'username' => $username
	,'password' => md5($password)
	)
);

if(!is_object($user)){
	header('location: http://3eimpact.org');	
}

else {
	if ($user->isMember('Member')) {
		$modx->user->addSessionContext('member');
		header('location: http://www.3eimpact.org/index.php?id=82&tab=categories');
	}
	
	else if ($user->isMember('Guest')) {
		$modx->user->addSessionContext('guest');
		header('location: http://www.3eimpact.org/index.php?id=82&tab=categories');
	}
	
	else {
		header('location: http://3eimpact.org');
	}
}

?>

              God does not save those who are only imaginary sinners. Be a sinner, and let your sins be strong, but let your trust in Christ be stronger, and rejoice in Christ who is the victor over sin, death, and the world.
              • 18654
              • 191 Posts
              mattcdavis1 Reply #6, 14 years, 6 months ago
              Ok, I’ve figured out the basic authentication, but now I’m trying to figure out how to make a user’s information available on every page via a session variable.

              1.) How can I make a front end user the ’current user’ so that their information is available via $modx->user->get(’whatever’); without giving them access to the back-end?

              2,) What role should contexts play in a scenario where I’m wanting to limit access to certain front-end pages and resources?

              3.) Are the items under the security tab such as users, access controls and resource groups specifically intended for use with back-management or are these options meant to be used for the front-end as well?

              4.) splittingred - I’ve experimented with addSessionContext() and isAuthenticated() but I’m stuck with trying to figure out how to make additional user information available beyond whether a user is simply authenticated in a context (such as user profile information). Also, I’m confused as to why we would add a context for authentication instead of simply accessing existing user information (check to see if user is in user group and what role they have). The second part of my question kind-of ties in with my previous question. If users, access controls etc. are meant specifically for the backend then it would make sense to use an alternative approach such as contexts. But then, once again, I’m stuck trying to figure how to store and access user information with the context approach.

              5.) What kind of stuff can I do with session contexts?

              Any help would be greatly appreciated! I’m trying to finish this site before the Nov. 14 National Apologetics Conference here in Charlotte as we’re hoping to market the site to potential new members at the conference.

              Here’s a link to the site in case anyone is interested in getting a better idea of the type of thing I’m trying to accomplish http://www.3eimpact.org/index.php?id=82&tab=categories

              Thanks!
                God does not save those who are only imaginary sinners. Be a sinner, and let your sins be strong, but let your trust in Christ be stronger, and rejoice in Christ who is the victor over sin, death, and the world.