Symphony.

We have a new feature, the Reset Password Email Template. (I updated the Big Picture). This email template is an important security feature. Read the background here: https://github.com/symphonycms/members/issues/139

Possible Precedent

Is Bauhouse's post related to the Spontaneous Login Break post I made? It sounds similar.

Probably not.

@michael-e

I think I've got the issue narrowed down to the login() method in member.symphony.php. I added some troubleshooting outputs after line 197 as such:

    public function login(Array $credentials, $isHashed = false) {
        $username = $email = $password = null;
        $data = array();

        // Map POST data to simple terms
        if(isset($credentials[extension_Members::getFieldHandle('identity')])) {
            $username = $credentials[extension_Members::getFieldHandle('identity')];
        }

        if(isset($credentials[extension_Members::getFieldHandle('email')])) {
            $email = $credentials[extension_Members::getFieldHandle('email')];
        }


        // Allow login via username OR email. This normalises the $data array from the custom
        // field names to simple names for ease of use.
        if(isset($username)) {
            $data['username'] = Symphony::Database()->cleanValue($username);
        }
        else if(isset($email) && !is_null(extension_Members::getSetting('email'))) {
            $data['email'] = Symphony::Database()->cleanValue($email);
        }

        // Map POST data for password to `$password`
        if(isset($credentials[extension_Members::getFieldHandle('authentication')])) {
            $password = $credentials[extension_Members::getFieldHandle('authentication')];

            // Use normalised handles for the fields
            if(!empty($password)) {
                $data['password'] = $isHashed ? $password : extension_Members::getField('authentication')->encodePassword($password);
            }
            else {
                $data['password'] = '';
            }
        }

        echo "<pre>"; var_dump($credentials); echo "</pre>";
        echo "<hr/>";
        echo 'extension_Members::getFieldHandle('identity') : '; 
        echo extension_Members::getFieldHandle('identity') ? extension_Members::getFieldHandle('identity') : 'NULL';
        echo "<hr/>";
        echo "username: "; echo ($username ? $username : 'NULL'); echo " :: email: "; echo ($email ? $email : 'NULL'); 
        echo "<hr/>";
        echo "<pre>"; var_dump($data); echo "</pre>";
        die();

This resulted in the following output upon attempting to login:

array(2) {
  ["username"]=>
  string(3) "username"
  ["password"]=>
  string(8) "myunencryptedpassword"
}
extension_Members::getFieldHandle('identity') : NULL
username: NULL :: email: NULL
array(1) {
  ["password"]=>
  string(40) "493bbbbc2ee9349c9775b730ab54305623311511"
}

It appears that the extension_Members::getFieldHandle('identity') (extension.driver.php) method is not arriving at the correct identity and so the username goes blank and consequently cannot log "no one" in.

@michael-e wrote:

Probably not.

@bauhouse's MEMBERS array in the manifest/config.php file looks like this according to the post you mentioned:

###### MEMBERS ######
'members' => array(
    'cookie-prefix' => 'sym-members',
    'section' => '1',
    'identity' => '148',
    'email' => '149',
    'authentication' => '150',
    'role' => '151',
    'activation' => '152',
    'timezone' => '153',
    'reset-password-template' => 'etm-reset-password',
    'regenerate-activation-code-template' => 'etm-account-activation',
),
########

Mine looks different (viz keys not values); however, I have not messed with it at all. I'm missing the following keys:

1. identity
2. reset-password-template
3. regenerate-activation-code-template

MY MEMBERS

'members' => array(
    'cookie-prefix' => 'sym-members',
    'authentication' => '456',
    'email' => '458',
    'role' => '467',
    'timezone' => '469',
    'activation' => '470',
    'section' => '54',
),

Any ideas why this is and whether they are important (viz, the identity key)?

RESOLVED: manifest/config.php must have 'members' => array( 'identity' => xxxxx) key.

I haven't messed with the config.php file. While it's not beyond me to make absent minded mistakes, I'm going to assert that this key was deleted by some use of the members extension.

Perhaps, when one attempts to disable the extension the key is deleted? Just a guess.

Interesting debug! Let's see what Brendan thinks about it. (He really knows the inner workings.)

Ah. That is strange that something changed the config file to remove those values. I came across the error when building from scratch: Fatal error when Members config settings not set.

It is really curious how this occurred. There is only one line in the extension that removes this value, and that's called when the field is deleted in the Section Editor.

I had thought that the extension was auto-discovering the field IDs internally, based on the section ID. What's actually happening is that when the Members section is saved the IDs for the Members extension fields in that section are saved to the configuration file.

That's correct, but I agree it's a bit flimsy and that the fields could be auto detected from the Active Section, so I'll look into converting that over.

Brendo,

The extension rocks to be sure. If I were to guess I think there are two possibilities assuming I am aware of everything that could have affected the identity key (which I'm not):

1. Attempting to disable the extension (doubtful, but I'll throw this out as a possibility).
2. Perhaps a GIT process (?). I reset and reverted several times to try and find a version that might correct the problem. (not really sure how that would cause a problem, but occasionally git can get confused).

Other than that, unfortunately, I don't have much to suggest. If this happens again I'll share the details (especially if I find out it's something I'm doing outside of your coding).

Thank you for your labor on this extension. It is a tremendous addition to the symphony CMS.

I've just pushed a commit that loads the Members setup using the Members section_id, this should prevent that strange issue from occurring ever again :)

Auto-login is now optional for both the Activate Account and the Reset Password event. I updated the Big Picture.

If you already have installed the Members integration branch and update to the latest code, here is Brendan's note on the issue tracker:

The updater takes care of pulling the data from the Activation field and removing the associated tables, but it should work without it updating, you'll just have to set your option again on the relevant events.

I've just pushed a commit that loads the Members setup using the Members section_id, this should prevent that strange issue from occurring ever again :)

Thank's a million Brendo and Michael-e.

I'd like to come back to my cookie/domain issue. Are there any ideas if/how this could be solved?

Pushed a commit that fixes how the Cookie class is created, which may or may not solve that issue.

It's probably worth noting that $domain is not null when Symphony creates the Session class, it uses the [getDomain][1] function to build the appropriate domain.

The Members 1.0 RC1 is here.

The Members extension allows you to add Membership functionality to your Symphony site. Barring any major bugs, this Release Candidate represents the code that will ship for 1.0 on June 1st.

Download

• Via Github
• Zip

Features

• Role Management - The ability to assign Roles to your Members to limit their Event abilities or access to Pages
• Activation - Members can require that they activate before accessing your site. Access may be complete lockout, or limited to a subset define by their Activation Role
• Password - Members uses SHA1 and a user defined salt to ensure that all passwords are secure. Passwords can additionally be required to be of a minimum length or strength
• Username/Email - Members allows you to use either the Member: Username or Member: Email fields to allow login

How can I help?

Install and test the extension! Members packages some complex functionality so it's been a challenge to us to make this as user friendly to setup and work with. We have a wiki setup to help document the extension and we are always looking to improve and make this more comprehensive. If you do find an bug, or encounter any error, please let us known on the Github issue tracker or in this thread (Github preferred).

Members is also looking for translators to help translate the extension into more languages to add to our German and Russian translations. If you can translate, please do so and submit a pull request :)

Big thanks to everyone who has installed, tested and provided feedback so far and those who have contributed.

Members is also looking for translators to help translate the extension into more languages to add to our German and Russian translations.

Please have a look at Localisation Manager if you like to create new or update existing dictionaries.

Can this be used with the master branch or do we need a more recent one?

@newnomad, it will work with Symphony 2.2.1, which is the current master branch :)

@brendo and @michael-e

Extension upgraded from 1.0 Beta 3 to 1.0 RC1 perfectly. Thank you for your labor and congratulations on the progress.