-
Notifications
You must be signed in to change notification settings - Fork 74
14. Log In methods
If you have not configured your own user authentication, users must enter a user name and password in order to sign in. You can choose in the AdminCenter -> Settings -> Users whether users shall enter their e-mail address or user name.
The application provides the following possibilities to get a user signed in:
A user must register and activate his account. If he is registered, the hashed password will be "salted" and verified.
A very comfortable way to sign in, which can be additionally provided to the users, is to use Facebook. If a user is already registered and signed in at Facebook, he can sign in to your application with a single click on a button. The user does not need to remember a separate password for your website.
This is how you enable signing in with Facebook:
- Create a new app on Facebook. This can be done directly on Facebook.
- When registering the app, you will get an App ID and an Application Secret. Enter these data at AdminCenter -> Settings -> Social Networks.
- Enable in the same form option Enable Facebook Log-In.
Important: The log-in with Facebook requires the PHP extension CURL on your server. Most of the webhosters have already enabled this extension.
Note: If your website uses SSL, make sure that port 443 is open.
In addition to the default log-in and Facebook sign in, signing in with Google+ is possible as well.
The activation basically works the same way as with Facebook (see paragraph above), just you need to create your app at Google. There you click on "API Access", and then "Create an OAuth 2.0 client ID".
Important: At field "Redirect URIs" you need to specify the URL to your websoccer installation, plus appending ?page=home&action=googleplus-login.
Example: http://www.my domain.com/mywebsoccer/?page=home&action=googleplus-login
Important: Also Google+ sign in requires the PHP extension CURL.
Note: If your website uses SSL, make sure that port 443 is open.
If you are operating a "Joomla" based website on the same server, you can configure that your users can use the same user name and password as they already use for the CMS:
- Enter at AdminCenter -> Settings -> Users -> Log-In Method: JoomlaUserLoginMethod
- Enter in the same form: Log-In with Joomla: Table prefix. You will get this prefix if you sign in at Joomla as administrator and go to Global Settings -> Server.
- Save the settings.
If you use the CMS "Wordpress" and if it is installed in the same database, you can enable that users log-in with the same username and password as for the Wordpress system.
Execute the same steps as for the Joomla log-on (see paragraph above), but enter as log-in method instead: WordpressUserLoginMethod an.
You can also program your own log-in method in order to perfectly integrate the OpenWebSoccer-Sim into your existing application landscape.
Create a new class which implements the interface IUserLoginMethod. This interface declares to functions:
- authenticateWithEmail($email, $password): Log-in with e-mail and password.
- authenticateWithUsername($nick, $password): Log-in with username and password.
Both functions return the ID of the user on success, or FALSE if user could not be authenticated.
- Create your own class which ends with "UserLoginMethod" and is located at folder /classes/loginmethods.
- Implement the interface IUserLoginMethod. An example is shown below.
- Enter the class name at AdminCenter -> Settings -> User -> Log-In Method.
- Save settings.
Example: The following log-in method queries a foreign database for the user credentials, instead of the internal application user table. If the credentials are correct, it will either create a new internal user record in the application or requests the internal ID of an existing user.
class DemoUserLoginMethod implements IUserLoginMethod {
private $_websoccer;
private $_db;
public function __construct(WebSoccer $website, DbConnection $db) {
$this->_websoccer = $website;
$this->_db = $db;
}
public function authenticateWithEmail($email, $password) {
// Connecting to the data base.
// Note: If you want to use the same database,
// you can simply use $this->_db; instead.
$mysqli = new mysqli("localhost",
"dbuser",
"dbpasswort",
"dbname");
// Get user from the external database
$escapedEMail = $mysqli->real_escape_string($email);
$dbresult = $mysqli->query("SELECT password FROM mydummy_table
WHERE email = '" . $escapedEMail . "'");
if (!$dbresult) {
throw new Exception("Database Query Error: " . $mysqli->error);
}
$myUser = $dbresult->fetch_array();
$dbresult->free();
$mysqli->close();
// User does not exist.
if (!$myUser) {
return FALSE;
}
// Check password (here only simple MD5 hashing)
if ($myUser["password"] != md5($password)) {
return FALSE;
}
// User has entered correct credentials.
// Now check if user exists in application database.
$existingUserId = UsersDataService::getUserIdByEmail($this->_websoccer,
$this->_db, strtolower($email));
if ($existingUserId > 0) {
return $existingUserId;
}
// User does not exist. Create a local user record.
// The user name can be entered later by the user.
return UsersDataService::createLocalUser($this->_websoccer, $this->_db,
null, $email);
}
public function authenticateWithUsername($nick, $password) {
// In this example, we only support log-in with e-mail,
// so we can also just throw an exception.
throw new Exception("Log-in with user name not supported.");
}
}