Search

Guys, any solutions to combine the Members with Google (or any OpenID authentication system) ?

@timteka, you're planning to offer alternate login Members or Google(openid)?

Usually you'd need to create a member-driver not sure if anyone has built one for OpenID.

@gunglien, authentication by Google (or any other "social login" system), but authorization by Members. IMHO, it must be popular approach :-) Why should we store passwords in Symphony? Only logins for authorization. All authentication stuff could be handled by 3d-party systems. Or am i wrong?

Yes somewhat normal; but not everyone would agree :) I wouldn't want to use gmail/facebook for everything.

Anyhow, I think there is some extension providing OpenID, though not with members. I've usually added a new Members Class for the type of authorization required, and changed the extension driver to reflect the change. Basically you can manage your own login using any third party (however unless somewhere here has already built it has to be built...)

I've used this technique for an internal system API login for clients, nothing related to OpenID and cannot share the code unfortunatly. but you should look inside the lib folder of the extension.

When I working at Domain7, we had everyone logging into the intranet by authenticating via OpenID with their Google Apps account. We adapted Marco's OpenID authentication extension. The intranet is available in an open source form as the builders collective repository. As you can see, it hasn't yet been updated from Symphony 2.2.5RC1. The extensions will likely need to be updated, but it's something I've been meaning to do for a while.

Open ID integration would be super nice for the Members extension.

Hi guys, at my company we're in the discovery phase trying to decide on a CMS tool to use for a client of ours. The site we'd be building would require logging in via Twitter to create a user's local Member account. I just have a few easy (I hope) questions:

  1. When logging in via Twitter, we would want to add a custom field to the Member table to store the user's Twitter ID. Based on what I've read, it seems this is doable, yes?
  2. Is it possible to create a Member on the site without attributing a password? We would be using Twitter's Oauth for authentication, so we wouldn't need to register users via a standard registration flow, and thus would not need to ask users for a password. For logging in after a user already registered, we would just query for the user's Twitter ID to verify that they had a local user account. Twitter's oauth flow would handle the security side of it.
  3. Is there REST API capability for querying the Member backend? We'd be using Twitter's oauth, so all the Member submission/lookup logic would need to be custom coded I would think.
  4. Does anyone have or can direct me to a code example of submitting a Member record programmatically, passing the data retrieved from any 3rd party registration service (not necessarily Twitter)?

Sorry if this was asked already. I saw some questions about integrating 3rd party registration, but none specific to Twitter. Thanks in advance!

Echoing others as well. Anyone have experience using Facebook, Twitter, or Google sign-in systems with Members? How does Members work if there are no passwords?

Just something quick; if all the login does not require handling of passwords on Symphony you do not necessarily need to use the Members Extension.

A while back I had worked on an oAuth plugin; which manages login (multiple sources) it should still work & supports most common platforms. Never got to polish it.

The problem is that Facebook and oAuth cannot control permissions. Members (and Sections Event, which depends on Members) can restrict users from editing or creating entries.

It's probably something obvious, but what approach should I take if I wanted to verify that a password matches the current one before saving a member's changes?

Is this functionality built in the extension (sounds too good to be true!) or should I use a custom event?

I'd appreciate a lot your advice!

You can use fetchMemberIDBy. If it returns an integer and that matches the ID you gave the function, then it's the correct password, if it returns null then something went wrong (and that will be available in extension_Members::$_errors)

Hope that helps :)

Thanks, brendo.

Don't laugh because in the two years I've been using Symphony I haven't felt the need to learn PHP, so I doubt this is correct, but it's what I managed to write in the event:

public function load(){
    if(isset($_POST['action']['utente'])){
        if(isset($_POST['password-verify'])){
            $password_verify = $_POST['password-verify'];
            $id = getField('password')->fetchMemberIDBy($password_verify);
            if(is_array($id) && $id = $member_id){
                return $this->__trigger();
            }
            else {
                if(is_array(extension_Members::$_errors)) {
                    foreach(extension_Members::$_errors as $type => $error) {
                        $result->appendChild(
                            new XMLElement($type, null, array(
                                'type' => $error['type'],
                                'message' => $error['message'],
                                'label' => General::sanitize($error['label'])
                            );
                    }
                }
            }
        }
    }
}

It's needless to say it doesn't work. Could you give me a hand with the basics? I'm not sure if this is what I should be modifying, or how to use the fetchMemberIDBy to get the member id by a password.

I don't expect you to write it for me but I'll be grateful if you could tell me if this is the right direction and maybe point out the mistakes!

Thanks!

I think you need to pass both the password and the member id to fetchMemberIDBy. I don't think it would be possible to get a member id just by the password alone; e.g. what if someone used the same password as someone else?

It looks like you need to get all the data for the current user first. If I understand correctly, you would need to do something like:

  1. Get the member id for the current user. You would typically pass this in a hidden field in your form, and it would be available in the $_POST array inside your event. I assume this user is already logged in?
  2. Use the member id to grab a member row using EntryManager
  3. Once you have all the data for the member, compare the password field against the password provided.
  4. Everything else pretty much the same as what you have already written.

Thanks, Henry.

If I use EntryManager I'm uncertain on how to test the password once I have all the data, because I will have a hash and the plain password to compare.

I presume I could use fetchMemberIDBy with both the member id and the posted password, as you suggested, and set the trigger only if it's not null.

In that case, will it be:

$entry = getField('id')->fetchMemberIDBy($password_verify, $member_id);

The getField should probably have the password field, too, but I'm not sure about the synthax...

One other thing for more security: since the user is already logged in isn't their id available as a variable I could use, instead of using the one from $_POST?

Hey Ellie,

If you member is logged in, you can get their member ID like so:

$driver = Symphony::ExtensionManager()->create('members');
$member_id = $driver->getMemberDriver()->getMemberID();

When using getField, that needs to be:

extension_Members::getField('authentication')->fetchMemberIDBy()

If you're capturing the user's password in the form, you can encode it with the following. The result of this function should be passed into fetchMemberIDBy().

extension_Members::getField('authentication')->encodePassword($plaintext_password) 

If fetchMemberIDBy returns the same $member_id that you gave it, the member is who they say they are, otherwise they are not :)

Thanks, Brendan! I think I'm close.

I get the following error: Symphony Warning: Missing argument 2 for fieldMemberPassword::fetchMemberIDBy()

Do you see any mistakes in the way I'm calling the function?

$encoded_password = extension_Members::getField('authentication')->encodePassword($plaintext_password);
$entry_id = extension_Members::getField('authentication')->fetchMemberIDBy($encoded_password);

Almost, just need to to tweak the second line :)

   $entry_id = extension_Members::getField('authentication')->fetchMemberIDBy($encoded_password, $logged_in_member_id);

The $logged_in_member_id will be the current member ID (so the person who is submitting the form). If the fetchMemberIDBy function returns the same ID as the one that is passed as a parameter, then the person who is submitting the form is the same person.

Is that what you were trying to verify? That the person who is logged in is the person they say they are (Linked In-esque)? If not, what is you're trying to achieve? I may have misunderstood!

Thank you, Brendan, you made my week! It works.

Here's the piece of code if anyone else needs it:

$driver = Symphony::ExtensionManager()->create('members');
$logged_in_member_id = $driver->getMemberDriver()->getMemberID();
$plaintext_password = $_POST['password-verify'];
$encoded_password = extension_Members::getField('authentication')->encodePassword($plaintext_password);
$entry_id = extension_Members::getField('authentication')->fetchMemberIDBy($encoded_password, $logged_in_member_id);
if($entry_id == $logged_in_member_id){
    return $this->__trigger();
} 

Awesome, no worries happy to help :)

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details