5. The Functions "Login", "Reset Password" and "Change Password"

5.1. User Login at the Frontend

With ConPresso there are two variants for integrating the login into the frontend of your project.

Variant 1

Provide a link to the page member.php of the rubric the visitor has to log into. It does not matter if that rubric is a restricted or a personalized rubric.

This is an option in the case of personalized rubrics in particular, as ConPresso calls up the page member.php automatically if a visitor tries to access a restricted rubric. The page member.php contains the required login fields by default.

Once the user has logged in successfully he or she can access all the content he or she has been authorised for. The user will not be prompted to log in again to access other personalized or restricted rubrics.

Variant 2

Another way of integrating the login function into your ConPresso project consists in embedding one of the following code segments into the header or footer file. Visitors of the frontend will not have to open an extra page to log in as the login fields will be displayed anywhere you place them in the layout. Use and adapt one of the following examples to embed the login form into the frontend of your project.

Example 16.1. Simple Login Form for the Frontend

<!-- start of login form -->
<form method="post" action="member.php">
   <input type="hidden" name="rubric" value="RUBRIK" />
   <input type="hidden" name="action" value="dologin" />

   <strong>User Name:</strong><br />
   <input type="text" name="username" /><br />

   <strong>Password:</strong><br />
   <input type="password" name="password" /><br />

   <input type="submit" value="Submit" />
</form>

<a href="member.php?action=password_reset&amp;rubric=RUBRIK">
    Forgotten password?</a><br />
<!-- end of login form -->

Please adapt the following lines of that example:

LineAdapt
<form method="post" action="member.php">Path to member.php (if applicable)
<input type="hidden" name="rubric" value="RUBRIC" />Replace "RUBRIC" with the rubric name or ID.
<a href="member.php?action=password_reset&rubric=RUBRIC">Forgotten password?</a><br />Replace "RUBRIC" with the rubric name or ID and enter the path to member.php if necessary

By inserting the optional line

<a href="member.php?action=password_reset&amp;rubric=RUBRIC">
    Forgotten password?</a><br />

you enable not logged-in users to make use of the function "Reset password".

The second example might look a little more complex, but its function and realization also is more sophisticated. However, it is just as easily integrated as the example. Just copy the following code segment to a header or footer file.

Example 16.2. Optimized Login Form for the Frontend

<!-- end of login form -->
<?php
if (empty($_SESSION['SID_log_login_id'])) {
    echo '<form method="post" action="';
    echo html_specialchars(BASE_REL.$directory).'/member.php">';
    echo '<input type="hidden" name="action" value="dologin" />';
    echo '<input type="hidden" name="rubric" value="';
    echo html_specialchars($cpoRubric['id']).'" />';

    echo 'User Name:<br />';
    echo '<input type="text" name="username" /><br />';

    echo 'Password:<br />';
    echo '<input type="password" name="password" /><br />';

    echo '<input type="submit" value="Submit" />';

    if ($GLOBALS['cpoSystem']['send_pw']) {
        echo '<a href="member.php?action=password_reset&amp;rubric=';
        echo html_specialchars($cpoRubric['id']).'">Forgotten password?</a>';
    }
    echo '</form>';
} else {
    echo 'Hello '.html_specialchars($_SESSION['SID_user']['name']).'<br />';
    echo '<a href="member.php?action=password&amp;rubric=';
    echo html_specialchars($cpoRubric['id']).'">&raquo; Change password</a>';
    echo '<br />';
    echo '<a href="member.php?action=logout&amp;rubric=';
    echo html_specialchars($cpoRubric['id']).'">&raquo; Logout</a>';
}
?>
<!-- end of login form -->


This code will not only display the login form, it will also check if the user is logged in already. If that is the case, the code will additionally offer the options "Change password" and "Logout".

If the user is not logged in, the code will generate the entry fields for user name and password as well as the option "Reset password".

[Note]Note

You can adapt both examples given here any way you like. For more information on working with headers and footers please read Chapter 15, Customize ConPresso.

5.2. "Reset Password" at the Frontend

For users with the role of "Member" who have forgotten their password you can provide the function "Reset password" on the login page member.php so that they can request a new password.

If a user requests a new password, the system will generate a random password and submit it to the email address registered to the user name in the ConPresso user administration. This function has been deactivated for the ConQuarium AG website to prevent the change of passwords.

If the user does not receive an email with the password (for example because his or her email address has changed and the ConPresso user administration still has the old one or because the user has forgotten his or her user name as well), he or she will have to contact the ConPresso administrator who can then assign a new password to the user.

[Note]Note

You can also put in a link leading the user to the page member.php with the parameter "action=password_reset".

(http://www.example.com/conpresso/_rubric/member.php?action=password_reset).

5.3. Changing the Password at the Frontend

Users with the role of "Member" cannot log into the ConPresso backend and click on the entry “Edit users” (see Section 3.1, “Edit Users”) to change their settings. Therefore they need the facility to change their passwords via the frontend of the ConPresso project.

If the second code example listed above in Section 5, “The Functions "Login", "Reset Password" and "Change Password"” has been embedded into a header or footer, the option "Change password" will be automatically displayed for logged-in users. This function has been deactivated for the ConQuarium AG website to prevent the change of passwords.

[Note]Note

You can also put in a link leading the user to the page member.php with the parameter "action=password" directly.

(http://www.example.com/conpresso/_rubric/member.php?action=password).