Membership plugin - allow user to set password on sign up

3 posts by 3 authors in: Forums > CMS Builder
Last Post: February 8, 2016   (RSS)

By ross - January 26, 2016

Hi there.

Thanks for posting.

To let new users set their own password you'll need to make several changes to the signup page code. Overall, I rate this as an intermediate to advanced topic and you'll need to be comfortable working directly with PHP and HTML.

The basic idea is as follows:

1. Add new field to signup form called Password.

2. Add new field to signup form called Password Confirm.

3. Add code to the error checking section of the page to make sure both password fields are filled out and the same.

4. Add code to encrypt password.

Does that make sense so far?

Let me know any questions.

-----------------------------------------------------------
Cheers,
Ross Fairbairn - Consulting
consulting@interactivetools.com

Hire me! Save time by getting our experts to help with your project.
Template changes, advanced features, full integration, whatever you
need. Whether you need one hour or fifty, get it done fast with
Priority Consulting: http://www.interactivetools.com/consulting/

Hi superhappybunnycat.,

I just came across this post, and if you haven't solved the puzzle yet, here's a recipe from my CMSB Cookbook, http://www.thecmsbcookbook.com with an approach that I've used with the membership plugin and the emailOnApproved plugin to effectively do the same thing.

You may have to adjust the process slightly to suit your needs, but the basic approach should work for you.

IMPLEMENTING THE EMAILONAPPROVED PLUGIN WITH THE WEBSITE MEMBERSHIP PLUGIN (ENCRYPTED PASSWORDS) - Apr 6th, 2015

When a prospective member filled out the membership application, I wanted their application to be approved manually. I
wanted an e-mail to be sent stating that their application had been received and that as soon as it was processed they
would get a second “welcome” e-mail with their username and a temporary password.

As password encryption became the norm, it became more difficult and then impossible to retrieve a password from the
database and send it to a member.

To get around this obstacle, here’s an approach to send members a generic password and force them to change their
password the first time they log in.

NOTE: Because of security measures implemented on your server, you might have to change your admin email to a valid
email address on your hosting account, or use an SMTP server email account (set in the Admin > General tab) for emails
to automatically be sent by CMS Builder. 

1) If you don’t have it already, you’ll need to download the emailOnApproved plugin from:

http://www.thecmsbcookbook.com/downloads/emailOnApproved.zip  

2) in emailOnApproved.php search for $message=<<< __TEXT__

remove the {$_REQUEST['password']} and replace it with a generic password that you’ll also enter into your user-signup
form in step 6 

3) You’ll also need to download and install the latest version of the Website Membership plugin.

4) Create 2 new check boxes in the ‘account’ section of your CMS, an ‘Approved’ check box and a ‘First Time
Login’ check box.

5) In websiteMembership.php search for return $CURRENT_USER;

add this code just before that line:

if (@$_REQUEST['action'] == 'login')   {if (@$CURRENT_USER && (@$CURRENT_USER['first_time_login'] ==
'0'||@$CURRENT_USER['first_time_login'] == "")){ redirectBrowserToURL("cp.php");exit;} // if first time login redirect
to change password page
else; }

6) In the USER_SIGNUP Email template (you’ll find the templates at the bottom of the ADMIN menu group), delete the
username, password and login reference and insert the text that’s appropriate for your site. 

For a membership site, it could be:

“Thanks for signing up.

We’ll review your application and email your login credentials to you as soon as your application is approved.”  

7) In your user-signup form, search for:  $colsToValues['password']         = $passwordHash;

Delete that code and replace it with:  $colsToValues['password']         = ‘YourGenericPassword’; (replacing
YourGenericPassword with the one you used in step 2. Keep the single quotes before and after YourGenericPassword.)

8) In your user-signup form, change this:
 

$errorsAndAlerts  = "Thanks, We've created an account for you and emailed you your password.\n";
$errorsAndAlerts .= "If you don't receive an email from us within a few minutes check your spam filter for messages from
{$fromEmail}\n";


to something like this: 

 $errorsAndAlerts  = "Thanks, we've created an account for you. As soon as you're approved we'll email you your
password.\n";
$errorsAndAlerts .= "If you don't receive an email from us within a reasonable time your spam filter for messages from
{$fromEmail}\n";



Create a web page named cp.php with the following code and upload to your server in the website root directory:

At the top of your page:

<?php $GLOBALS['SEP_DISABLED'] = 1?>
<?php header
('Content-type: text/html; charset=utf-8'); ?>
<?php
   
// load viewer library
  
$libraryPath 'cmsAdmin/lib/viewer_functions.php';
  
$dirsToCheck = array('path_to_your_server/','','../','../../','../../../');
  foreach (
$dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }}
  if (!
function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); }
?>
<?php $GLOBALS
['WEBSITE_MEMBERSHIP_PROFILE_PAGE'] = true// prevent redirect loops for users missing fields listed in
$GLOBALS['WEBSITE_LOGIN_REQUIRED_FIELDS'?>
<?php 
# Developer Notes: To add "Agree to Terms of Service" checkbox (or similar checkbox field), just add it to the
accounts menu in the CMS and un-comment agree_tos lines
  
  
//
  
$useUsernames   true// Set this to false to disallow usernames, email will be used as username instead

  // error checking
  
$errorsAndAlerts "";
  if (@
$_REQUEST['missing_fields']) { $errorsAndAlerts "Please fill out all of the following fields to continue.\n"; }
 
// if (!$CURRENT_USER) { websiteLogin_redirectToLogin(); }


  ### Update User Profile
  
if (@$_POST['save']) {
    
// update user
    
if (!$errorsAndAlerts) {
     
$colsToValues = array();
      
// ... add more form fields here by copying the above line!
      
$colsToValues['first_time_login'] =     '1';
      
$colsToValues['updatedByUserNum'] = $CURRENT_USER['num'];
      
$colsToValues['updatedDate=']     = 'NOW()';
      
mysql_update(accountsTable(), $CURRENT_USER['num'], null$colsToValues);

      
// on success
      
websiteLogin_setLoginTo$colsToValues['username'], $CURRENT_USER['password'] );  // update login session username
in case use has changed it.
      
$errorsAndAlerts "Thanks, we've updated your password.\n";
    }
  }


  
### Change Password
  
if (@$_POST['changePassword']) {
  
//update fields
    
$colsToValues = array();
      
$colsToValues['first_time_login'] =     '1';
      
$colsToValues['updatedByUserNum'] = $CURRENT_USER['num'];
      
$colsToValues['updatedDate=']     = 'NOW()';
      
mysql_update(accountsTable(), $CURRENT_USER['num'], null$colsToValues);
  
// change passwords
    
$encryptPasswords = @$SETTINGS['advanced']['encryptPasswords'];

    
// error checking
    
$_REQUEST['oldPassword'] = preg_replace("/^\s+|\s+$/s"'', @$_REQUEST['oldPassword']); // v1.10 remove leading and
trailing whitespace
    $oldPasswordHash  
$encryptPasswords getPasswordDigest(@$_REQUEST['oldPassword']) : @$_REQUEST['oldPassword'];
    if     (!@
$_REQUEST['oldPassword'])                             { $errorsAndAlerts .= "Please enter your current
password\n"
; }
    elseif (
$oldPasswordHash != $CURRENT_USER['password'])          { $errorsAndAlerts .= "Current password isn't
correct!\n"
; }
    
$newPasswordErrors getNewPasswordErrors(@$_REQUEST['newPassword1'], @$_REQUEST['newPassword2'],
$CURRENT_USER['username']); // v2.52
    
$errorsAndAlerts  .= nl2br(htmlencode($newPasswordErrors));

    
// change password
    
if (!$errorsAndAlerts) {
      
$passwordHash $encryptPasswords getPasswordDigest($_REQUEST['newPassword2']) : $_REQUEST['newPassword2'];
      
mysql_updateaccountsTable(), $CURRENT_USER['num'], null, array('password' => $passwordHash)); // update password
      
websiteLogin_setLoginTo$CURRENT_USER['username'], $_REQUEST['newPassword2'] );                // update current
login session
      
unset($_REQUEST['oldPassword'], $_REQUEST['newPassword1'], $_REQUEST['newPassword2']);          // clear form
password fields
      $errorsAndAlerts 
"Thanks, we've updated your password!\n";
      
redirectBrowserToURL("members-only.php");
    }
  } 
### END: Change Password
?>


And in the body (NOTE: You can style your page to match your site design):

<?php if (@$errorsAndAlerts): ?>
      <div align="left" class="your_class" style="color:#F00">
        <?php echo $errorsAndAlerts?>
      </div>
      <?php endif ?>
      <div style="width:90%" align="left">
        <div class="your_class" align="center">PLEASE CHANGE YOUR PASSWORD</div>
        
        
        <span class="your_class"><b>Welcome <?php echo $CURRENT_USER['first_name'?>
        
        Since this is the first time you've logged in, we ask that you
        change your password to protect your privacy.
        
        NOTE: Once you've changed your password, you'll no longer be logged in,
        and you'll have to </b> </span><a class="your_class" href="member_login.php">LOGIN AGAIN</a> <span
class="your_class"><b>with your new credentials.</b>
        
        
        <!-- CHANGE PASSWORD FORM -->
        <div > <b>Change your Login Password - (Don't forget to write down the new one!)</b>
          <form method="post" action="?">
            <input type="hidden" name="changePassword" value="1" />
            <p>
            <table border="0" cellspacing="0" cellpadding="1">
              <tr>
                <td>Enter Your Current Password</td>
                <td><input type="password" name="oldPassword" value="<?php echo htmlencode(@$_REQUEST['oldPassword']);
?>" size="40" /></td>
              </tr>
              <tr>
                <td> Enter Your New Password</td>
                <td><input type="password" name="newPassword1" value="<?php echo htmlencode(@$_REQUEST['newPassword1']);
?>" size="40" /></td>
              </tr>
              <tr>
                <td> Enter Your New Password (again)</td>
                <td><input type="password" name="newPassword2" value="<?php echo htmlencode(@$_REQUEST['newPassword2']);
?>" size="40" /></td>
              </tr>
              <tr>
                <td >&nbsp;</td>
                <td align="center">
                  <input class="button" type="submit" name="submit" value="Change Password &gt;&gt;" /></td>
              </tr>
            </table>
          </form>
        </div>
        
        <!-- /CHANGE PASSWORD -->
        <?php if (@$errorsAndAlerts): ?>
        <div class="your_class" style="color:#F00">
          <?php echo $errorsAndAlerts?>
          
        </div>
        <?php endif ?>


9) TEST TO MAKE SURE EVERYTHING WORKS AS PLANNED!!!

Best,

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php