November 16, 2011 at 16:52MODx Revo, Login authorization setup. Basic setting
This article is for the most part a translation of the lesson from the official rtfm , namely the “Login” component, but with translator inserts. I don’t go for the best translation, but the essence in the end should be clear. Nevertheless, I still have not found a translation into Russian.
This lesson, although it is called "basic", has many interconnected parts. In this lesson we will discuss which pages you need to create, which chunks (code snippets) and snippets you need to publish on the pages for full user authorization.
Numbers in parentheses are resource IDs. This is page_id, it may differ for you. Here they are selected just for convenience.
Before we lay out chunks with code fragments, we will create five pages.
This is how my resource tree looks at the moment. Keep in mind that your resource ID will be different. In this example, there is nothing but the pages for the Login component.
Next, we need to assign the correct rights to users and resources.
MODX Revo has a very flexible system of granularity of rights when it comes to user permissions, but in this topic we will only do what we need without going deep into the topic. And so, let's get started.
1. Security → Resource Groups
Click on “Create a resource group” and name it “Only for users”, for example. Click "Save" and that's it, on this page we don’t change anything else.
2. Security → Access Control
On the first tab “User groups” click on “New user group”. We will name the new group “Users” and click “Save”. The user group will have access to the resources "Only for users". Why do we need this, we will learn a little later as part of this lesson.
3. On the same page ( Security → Access Control ), right-click on the created user group and select “Edit user group”.
Next, go to the “Access to resource groups” tab and click on “Add resource group”. For proper operation, there must be at least the following parameters:
Resource group: For users only (the one we just created)
Minimum role: Member-9999
Access policy: Load, List and View
Context: web
And save.
4. Security → User Management
We create a “new user” and thereby check how the differentiation of access rights for users will work.
In this case, use a simple login and password, because for us, as I wrote above, it is important to make sure that the new user is in the Users group. To do this, go to the "Permissions" tab and click on "Add user to group."
User group: Users
Role: Member
Then click "save" at the window, and then again in the right corner of the control panel.
This should ensure that the new user can log in with the “User” rights to view the page with “Only for users” rights.
Now let's go back to the pages in order to add snippets and code snippets to the corresponding pages.
Put the following snippet call code on the user login page.
The chunk (code snippet) that displays the login form should also include a link to the "password reset" page. Let us examine what we have in the form call:
& loginTpl = `lgnLoginTpl` - the lgnLoginTpl chunk is responsible for the login form, if the user is not logged in
& logoutTpl =` lgnLogoutTpl` - if the user is logged in, the contents of the chunk lgnLogoutTpl
& errTpl = `lgnErr incorrect data entry for authorization, or a simple word "error", the chunk lgnErrTpl
& loginResourceId = `4` will be displayed - where to redirect the user after successful authorization. It is indicated in the form of a resource ID, in this case 4.
& logoutResourceId = `5` - if the user is logged in, he will be redirected to the page with the ID equal to 5 upon exit.
Also, I want to note that these chunks are standard, you can create your own chunks for every taste, layout, and implementation. This provides the ability to display the input / output form and so on in any desired form, and moreover, without arranging chaos with the code. Standard templates, by the way, can also be changed.
Here is the code that will be given to users who have not logged in yet, in other words, the “login form”. Chunk - lgnLoginTpl .
You can put a link to the “Forgot Password” (Password Reset) inside your template and refer to it by ID. In my case, the resource ID with password recovery is 2.
To begin with, this page is most often hidden from the menu. It is for the most part a form by which users can reset a password. Here I want to explain to you that the page with resetting the password (with ID 2 in my case) provides the opportunity to say that the password needs to be restored, and the reset is done by the page "Reset password, handler (3)".
We call the password reset form with the following code:
Let's
analyze the call: & resetResourceId = `3` - the handler page (in my case with ID 3), it is it that resets.
& tpl = `lgnForgotPassTpl` - a chunk with a code in which there is a password reset form.
To understand why the handler is and how it works, I suggest taking a look at the picture:
This page should be hidden from any menus. Nevertheless, even if there is a link to it, it will be simply meaningless.
Its essence is as follows. When a user asks for a password reset, a message will be sent to his mail with this link, as well as a hash. When the user clicks on the link from the mail, MODx resets the password and redirects the user to the login page.
On the handler page, the snippet is called like this:
This is a page confirming that the user has successfully logged in. The contents of this page are available only to authorized users.
In order for the page to be accessible only to authorized users, we need to assign rights for it. To do this, in the resource tree, click on "Page only for users." Then, go to the tab "Permissions", there we see the text "Only for users" and to the right of it, in the column "Access" we see an unchecked check box. We mark the check box and click "save."
This is the page that users get to after successfully logging out of their account. The page should contain only the main one, for example a goodbye message, or a link to the login form. For instance:
This is not mandatory, but for testing and in general, convenience in development, you can get a special link to exit. To do this, create a “new link” (web-link) and fill out its page with ID 1. For example, call the page with the link like this:
This can be used to exit in this form:
After we have collected all the pages, linked them, set up access rights, we must check everything. If everything works according to our plan, then at the entrance we will be redirected to the "Only for users" page. We can exit the account through the login page, because if we are authorized, a link to the exit will appear on the login page. After a successful exit, you should be redirected to the "exit page".
Usually, such problems occur when the page IDs are incorrectly specified, incorrectly written chunk names, or missing square brackets. Check the codes carefully.
In addition, it is worth remembering that all the snippets written above should be called uncached. Of course, some may work in cached form, but most will not. You can call it in uncached form using an exclamation mark, for example, you need to write like this:
Not like that:
One of the reasons that you can’t leave your account in any way is that the exit link points to a page where there is no login form. It is worth remembering that the exit button should point to the page with the login form.
It may also be that when resetting the password, an e-mail message does not come. In this case, it is worth setting up sending mail on your server.
Ask questions, if I know the answer, I will certainly help. The next lesson will be translated in your free time. Your comments will be taken into account :) I
apologize for the design of the code for the first time, but how to format it is not written anywhere ...
This lesson, although it is called "basic", has many interconnected parts. In this lesson we will discuss which pages you need to create, which chunks (code snippets) and snippets you need to publish on the pages for full user authorization.
Numbers in parentheses are resource IDs. This is page_id, it may differ for you. Here they are selected just for convenience.
We create the necessary pages
Before we lay out chunks with code fragments, we will create five pages.
- Login page (1): page containing the login form
- Password Reset (2): a page where users can request a password reset
- Password reset, handler (3): a hidden page that will actually reset the password. Users will not see it.
- User-only page (4): a page whose contents are visible only to authorized users of the site
- Exit page (5): the page to which the user is redirected after a successful exit
This is how my resource tree looks at the moment. Keep in mind that your resource ID will be different. In this example, there is nothing but the pages for the Login component.
Next, we need to assign the correct rights to users and resources.
Create the necessary user groups and resource groups
MODX Revo has a very flexible system of granularity of rights when it comes to user permissions, but in this topic we will only do what we need without going deep into the topic. And so, let's get started.
1. Security → Resource Groups
Click on “Create a resource group” and name it “Only for users”, for example. Click "Save" and that's it, on this page we don’t change anything else.
2. Security → Access Control
On the first tab “User groups” click on “New user group”. We will name the new group “Users” and click “Save”. The user group will have access to the resources "Only for users". Why do we need this, we will learn a little later as part of this lesson.
3. On the same page ( Security → Access Control ), right-click on the created user group and select “Edit user group”.
Next, go to the “Access to resource groups” tab and click on “Add resource group”. For proper operation, there must be at least the following parameters:
Resource group: For users only (the one we just created)
Minimum role: Member-9999
Access policy: Load, List and View
Context: web
And save.
4. Security → User Management
We create a “new user” and thereby check how the differentiation of access rights for users will work.
In this case, use a simple login and password, because for us, as I wrote above, it is important to make sure that the new user is in the Users group. To do this, go to the "Permissions" tab and click on "Add user to group."
User group: Users
Role: Member
Then click "save" at the window, and then again in the right corner of the control panel.
This should ensure that the new user can log in with the “User” rights to view the page with “Only for users” rights.
Now let's go back to the pages in order to add snippets and code snippets to the corresponding pages.
Add snippets to pages
Login Page (1)
Put the following snippet call code on the user login page.
[[!Login? &loginTpl=`lgnLoginTpl` &logoutTpl=`lgnLogoutTpl` &errTpl=`lgnErrTpl` &loginResourceId=`4` &logoutResourceId=`5`]] The chunk (code snippet) that displays the login form should also include a link to the "password reset" page. Let us examine what we have in the form call:
& loginTpl = `lgnLoginTpl` - the lgnLoginTpl chunk is responsible for the login form, if the user is not logged in
& logoutTpl =` lgnLogoutTpl` - if the user is logged in, the contents of the chunk lgnLogoutTpl
& errTpl = `lgnErr incorrect data entry for authorization, or a simple word "error", the chunk lgnErrTpl
& loginResourceId = `4` will be displayed - where to redirect the user after successful authorization. It is indicated in the form of a resource ID, in this case 4.
& logoutResourceId = `5` - if the user is logged in, he will be redirected to the page with the ID equal to 5 upon exit.
Also, I want to note that these chunks are standard, you can create your own chunks for every taste, layout, and implementation. This provides the ability to display the input / output form and so on in any desired form, and moreover, without arranging chaos with the code. Standard templates, by the way, can also be changed.
Here is the code that will be given to users who have not logged in yet, in other words, the “login form”. Chunk - lgnLoginTpl .
[[+errors]]Забыли пароль?You can put a link to the “Forgot Password” (Password Reset) inside your template and refer to it by ID. In my case, the resource ID with password recovery is 2.
Password Reset (2)
To begin with, this page is most often hidden from the menu. It is for the most part a form by which users can reset a password. Here I want to explain to you that the page with resetting the password (with ID 2 in my case) provides the opportunity to say that the password needs to be restored, and the reset is done by the page "Reset password, handler (3)".
We call the password reset form with the following code:
[[!ForgotPassword? &resetResourceId=`3` &tpl=`lgnForgotPassTpl`]]Let's
analyze the call: & resetResourceId = `3` - the handler page (in my case with ID 3), it is it that resets.
& tpl = `lgnForgotPassTpl` - a chunk with a code in which there is a password reset form.
To understand why the handler is and how it works, I suggest taking a look at the picture:
Password Reset, Handler (3)
This page should be hidden from any menus. Nevertheless, even if there is a link to it, it will be simply meaningless.
Its essence is as follows. When a user asks for a password reset, a message will be sent to his mail with this link, as well as a hash. When the user clicks on the link from the mail, MODx resets the password and redirects the user to the login page.
On the handler page, the snippet is called like this:
[[!ResetPassword? &loginResourceId=`1`]]User Only Page (4)
This is a page confirming that the user has successfully logged in. The contents of this page are available only to authorized users.
In order for the page to be accessible only to authorized users, we need to assign rights for it. To do this, in the resource tree, click on "Page only for users." Then, go to the tab "Permissions", there we see the text "Only for users" and to the right of it, in the column "Access" we see an unchecked check box. We mark the check box and click "save."
Exit Page (5)
This is the page that users get to after successfully logging out of their account. The page should contain only the main one, for example a goodbye message, or a link to the login form. For instance:
Спасибо за посещение! Возвращайтесь скорее!
Additionally
Exit Page (5)
This is not mandatory, but for testing and in general, convenience in development, you can get a special link to exit. To do this, create a “new link” (web-link) and fill out its page with ID 1. For example, call the page with the link like this:
[[~1? &service=`logout`]]This can be used to exit in this form:
ВыйтиPossible mistakes
After we have collected all the pages, linked them, set up access rights, we must check everything. If everything works according to our plan, then at the entrance we will be redirected to the "Only for users" page. We can exit the account through the login page, because if we are authorized, a link to the exit will appear on the login page. After a successful exit, you should be redirected to the "exit page".
I can not log in!
Usually, such problems occur when the page IDs are incorrectly specified, incorrectly written chunk names, or missing square brackets. Check the codes carefully.
In addition, it is worth remembering that all the snippets written above should be called uncached. Of course, some may work in cached form, but most will not. You can call it in uncached form using an exclamation mark, for example, you need to write like this:
[[!Login]]Not like that:
[[Login]]I can’t log out!
One of the reasons that you can’t leave your account in any way is that the exit link points to a page where there is no login form. It is worth remembering that the exit button should point to the page with the login form.
It may also be that when resetting the password, an e-mail message does not come. In this case, it is worth setting up sending mail on your server.
Ask questions, if I know the answer, I will certainly help. The next lesson will be translated in your free time. Your comments will be taken into account :) I
apologize for the design of the code for the first time, but how to format it is not written anywhere ...