Sorry for the late answer.
The snipper i used was ManagerLogin
/*
* Written by: Adam Crownoble
* Contact: [email protected]
* Created: 7/31/2005
* Updated: 8/6/2005
* Updated: 12/05/2005 - Updated for MODx 0.9.1 support including login startup pages
* Name: ManagerLogin
* Description: Allows you to login to the manager through the frontend
*/
// TODO: Include Captcha support
$errors = array();
$_lang = array('username'=>'Användarnamn',
'password'=>'Lösenord',
'remember_username'=>'Kom ihåg mig.',
'login_button'=>'Logga in');
$db = $modx->dbConfig['dbase'];
$pre = $modx->dbConfig['table_prefix'];
$max_attempts = 3;
if(!($action = $_POST['action'])) { $action = $_GET['action']; }
$username = $_POST['username'];
$form_password = $_POST['password'];
$rememberme = $_POST['rememberme'];
$modx->db->connect();
switch($action) {
case 'login':
session_start();
// invoke OnBeforeManagerLogin event
$modx->invokeEvent("OnBeforeManagerLogin", array("username"=>$username, "userpassword"=>$form_password, "rememberme"=>$rememberme));
$sql = "SELECT ATT.*, USR.*
FROM $db.{$pre}user_attributes ATT
INNER JOIN $db.{$pre}manager_users USR ON ATT.internalKey = USR.id
WHERE username = '$username';";
$result = $modx->db->query($sql);
// Was blocked, not anymore
if($usr_failedlogins >= $max_attemts && $usr_blockeduntil < time()) {
$sql = "UPDATE $db.{$pre}user_attributes
SET failedlogincount = '0',
blockeduntil = '".(time()-1)."'
WHERE internalKey = '$usr_internalKey';";
$modx->db->query($sql);
}
if($modx->db->getRecordCount($result) == 1) {
extract($modx->db->getRow($result), EXTR_PREFIX_ALL, 'usr');
// ERROR CHECKING //
// Username exists?
} else {
$errors[] = 'Username not found';
}
// Still blocked?
if($usr_failedlogins >= $max_attempts && $usr_blockeduntil > time()) { $errors[] = 'Your account is blocked. Try again later.'; }
// Blocked?
if($usr_blocked == '1') { $errors[] = 'Your account is blocked'; }
// Still blocked?
if($usr_blockeduntil > time()) { $errors[] = 'Your account is blocked. Try again later.'; }
// Account expired?
if($usr_blockedafterd > 0 && $usr_blockedafter < time()) { $errors[] = 'Your account is blocked. Try again later.'; }
// IP allowed?
if($allowed_ip && strpos($usr_allowed_ip, $_SERVER['REMOTE_ADDR']) === false) { $errors[] = 'Login not allwed from this IP address.'; }
// Weekday allowed?
$today = getdate();
if ($allowed_days && strpos($allowed_days, $today['wday']+1) === false) { $errors[] = 'You are not allowed to login today.'; }
// invoke OnManagerAuthentication event
$rt = $modx->invokeEvent("OnManagerAuthentication", array("userid"=>$usr_internalKey, "username"=>$usr_username, "userpassword"=>$form_password, "savedpassword"=>$usr_password, "rememberme"=>$rememberme));
// check if plugin authenticated the user
if (!$rt||(is_array($rt) && !in_array(true,$rt))) {
// Passwords match?
// Don't check unless there are no errors so far.
// Otherwise blocked users will still be able to check for valid passwords.
if(!$errors) {
if($usr_password != md5($form_password)) { $errors[] = 'Invalid password.'; }
}
}
// If there were errors clear the session data
if($errors) {
session_destroy();
session_unset();
} else {
// Otherwise set the session data
$_SESSION['usertype'] = 'manager';
$_SESSION['mgrShortname'] = $usr_username;
$_SESSION['mgrFullname'] = $usr_fullname;
$_SESSION['mgrEmail'] = $usr_email;
$_SESSION['mgrValidated'] = 1;
$_SESSION['mgrInternalKey'] = $usr_internalKey;
$_SESSION['mgrFailedlogins'] = $usr_failedlogins;
$_SESSION['mgrLastlogin'] = $usr_lastlogin;
$_SESSION['mgrLogincount'] = $usr_nrlogins;
$_SESSION['mgrRole'] = $usr_role;
// Role permissions
$sql="SELECT * FROM $db.{$pre}user_roles where id=$usr_role;";
$result = $modx->db->query($sql);
$_SESSION['mgrPermissions'] = $modx->db->getRow($result);
// Document Group permissions
$groups = '';
$i = 0;
$sql = "SELECT access.documentgroup
FROM $db.{$pre}member_groups groups
INNER JOIN $db.{$pre}membergroup_access access ON access.membergroup = groups.user_group
WHERE groups.member = $usr_internalKey";
$result = $modx->db->query($sql);
while ($row = $modx->db->getRow($result)) {
$groups[$i++] = $row['documentgroup'];
}
$_SESSION['mgrDocgroups'] = $groups;
}
// invoke OnManagerLogin event
$modx->invokeEvent("OnManagerLogin", array("userid"=>$internalKey, "username"=>$username, "userpassword"=>$givenPassword, "rememberme"=>$rememberme));
if($_SESSION['mgrValidated']) {
// check if we should redirect user to a web page
$tbl = $modx->getFullTableName('user_settings');
$id = $modx->db->getValue("SELECT setting_value FROM {$tbl} WHERE user = '{$usr_internalKey}' AND setting_name = 'manager_login_startup';");
if(isset($id) && $id>0) {
$url = $modx->makeUrl($id);
header("Location: {$url}");
}
}
break;
case 'logout':
$usr_internalKey = $modx->getLoginUserID();
$username = $_SESSION['mgrShortname'];
$_SESSION = array();
if(isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); }
@session_destroy();
$sessionID = md5(date('d-m-Y H:i:s'));
session_id($sessionID);
session_start();
session_destroy();
break;
default:
}
if($_SESSION['mgrValidated']) {
$html = <<<EOD
<p id="logged_in">
<strong>You are already logged in.</strong><br />
<a href="index.php?id={$modx->documentIdentifier}&action=logout">Logout</a> | <a href="[~[(site_start)]~]">Return to Homepage</a>
</p>
EOD;
} else {
$error_html = '<p>'.implode('</p><p>',$errors).'</p>';
$css = <<<EOD
<style type="text/css">
#login_form{
width:150px;
}
#login_form label{
display:block;
font-weight:bold;
}
#login_form input.text, #login_form input.password{
width:150px;
}
#login_form input.checkbox {
float:left;
}
#login_form div.field_box {
margin:10px 0;
}
#login_form div.submit_box {
text-align:right;
}
#login_form p.error{
text-align:center;
color:#FFFFFF;
font-weight:bold;
}
#logged_in{
text-align:center;
}
</style>
EOD;
$html = <<<EOD
<div id="login_form">
$error_html
<form method="post" action="[~[*id*]~]">
<input type="hidden" name="action" value="login" />
<div class="field_box">
<label id="username_label" for="username">$_lang[username]</label>
<input id="username" class="text" type="text" name="username" value="$username" />
</div>
<div class="field_box">
<label id="password_label" for="password">$_lang[password]</label>
<input id="password" class="password" type="password" name="password" value="" />
</div>
<div class="field_box">
<input id="rememberme" class="checkbox" type="checkbox" name="rememberme" value="1" />
<label id="rememberme_label" for"rememberme">$_lang[remember_username]</label>
</div>
<div class="submit_box">
<button type="submit">$_lang[login_button]</button>
</div>
</form>
</div>
EOD;
}
$modx->regClientCSS($css);
return $html;
