Authorizing Users

Authorizing users

Login controller authorizes registered users using special MODxAPI class to manage them.

Users are identified by their names or e-mails (username and email database fields), but it's possible to use alternative ways with "OnWebAuthentication" event.

Plugin named "userHelper" performs some related operations: it counts login attempts, registers last login time, checks auto login cookie, blocks users after some unsuccessful tries, logs users out.

Controller parameters

model

Class to manage users.

Possible values - class name. Use Pathologic\EvolutionCMS\MODxAPI\modUsers model from pathologic/modxapi package in Evo 3.0.

Default value - \modUsers

modelPath

Path to the class to manage users.

Possible values - relative file path.

Default value - assets/lib/MODxAPI/modUsers.php

loginField

Field to identify user.

Possible values - field name.

Default value - username.

passwordField

Password field.

Possible values - field name.

Default value - password.

rememberField

Field to remember user. If the field value is equal to true, then a special auto login cookie will be set after successful authorization. Cookie name and its lifetime is defined by the "cookieName" and "cookieLifetime" parameters.

Possible values - field name.

Default value - rememberme.

checkActivation

Enables check for the profile activation (see "Activating user profiles").

Possible values - 0 or 1.

Default value - 1.

context

Authorization context.

Possible values - mgr or web.

Default value - web.

cookieName

Cookie name to store auto login parameters.

Default value - WebLoginPE.

cookieLifetime

Autologin cookie life time.

Possible values - the number of seconds since last login.

Default value - 157680000 (5 years).

redirectTo

Redirects user after successful authorization.

Possible values - target page id or array.

Default value - none.

exitTo

Redirects already authorized user.

Possible values - target page id or array.

Default value - none.

successTpl

Success message template. User data can be used there.

Possible values - template name, according to DocLister templating rules.

Default value - lexicon entry with the key [%login.default_successTpl%]

skipTpl

Outputs message if user is already authorized.

Possible values - template name, according to DocLister templating rules.

Default value - lexicon entry with the key [%login.default_skipTpl%]

userHelper plugin parameters

logoutKey

GET-parameter name to catch for user logout request. For example, http://sitename.ru/page.html?logout.

Default value - logout.

cookieName

Cookie name to store autologin parameters.

Default value - WebLoginPE.

cookieLifetime

Autologin cookie life time.

Possible values - number of seconds since last login.

Default value - 157680000 (5 years).

maxFails

Number of unsuccessful login attempts before the block.

Possible values - number greater than 0.

Default value - 3.

blockTime

Time to block.

Possible values - number of seconds since last login attempt.

Default value - 3600 (1 hour).

dateFormat

Date format for the "dob" field.

Possible values - date format according to the "date" function ("d.m.Y" etc.).