Joomla mod_login vs com_user - authentication

I'm having a very weird issue with user logins.
I'm building a site where all the content/menus are only available after you login.
I made a 'login' through the Modules and assign it the "userlogin" position.
Now when I go to the home page or any page, the login box comes up, but there's also a second login form. It seems to be coming from com_user.
This com_user login form doesn't work. I can't login using any credentials. If it was working I can simply remove my login module.
Is there a way I can either:
get com_user to work with normal user logins
or
disable this and so I can only see the Module login.
I can hide it from CSS, but I want to know where it's coming from.

Check the menu link which you have created should be public.
If these are not public then whenever user clicks it, he/she will be asked for login. Thats why the second login option is coming up.

Related

Django - How to redirect to particular page after login using Django Panel Login functionality

I am using Class Based View, and in this particular form (based on FormView) I want restrict access to Logged Users only. It somehow works, but I want after user give login / password go back, redirect to particular site - for example named "my_form" or other (could be home page), but in this case, after login Django Admin shows. I need its functionality only for login and I want go back to desired location, 'my_form' page.
How can I achieve this? Don't want decorators here, as I want to use this special Mixin.
class EmployeeLocationFormView(LoginRequiredMixin, FormView):
login_url = 'admin:login'
redirect_field_name = 'my_form'

Add a Sign in portlet on the login page

I am building a basic login page using the existing sign-in portlet.
I just want to have a functionality that when a user access the website, right now localhost:8080, the sign-in portlet should pop up!
Is this doable? If so, Can someone please hint me how this can be done?
This is how the default page looks like right now:
To log in, I have to explicitely click on the "sign-in" blue button and then it pops out a modal sign in portlet.
But what I am trying to do here is:
Whenever a user clicks on the default url, it should immediately ask the user to login rather than showing a blank page with a sign-in button (something like the output image)
Or even a modal sign-in box (Whatever is easy to customize.)
and
Whenever a user hits any other url for eg. localhost:8080/web/project1/home and if the user is not signed in, it should force him to sign in first.
Two possibilities out of the box:
place nothing but the sign in portlet on the homepage, appearing at that location (typically /web/guest/home)
protect your default page to be not visible to the guest user (this will automatically forward to the sign-in portlet) - see the "Permissions" button on the "Manage Pages" interface
There are more, but these seem to be the first and most obvious ones. Let me know if one of them works for you or what the reason for your request is
From what I understand, you want the Login Portlet to popup as a modal window/lightbox on the current page (i.e. without leaving the page). AFAIK, to achieve this, you'll have to develop all your portlets to use AJAX to create links that point protected resources. So when you get an unauthenticated request, you can stay on the same page and show login dialog.
This is high-level approach. You'll need to 1) embed the Login portlet in your theme and 2) put the below javascript functionality in Theme:
callback function - to handle response for unauthenticated request,
to render modal/lightbox
You might face surprises while implementing this.

how to prevent back button to login page after user logs in

i have a log in page where user enters username and password and then the user is redirected to his account page, but when i press the back button it takes me back to the log in page. How do i prevent that from happening.
You should add checking if user is logged in on login page. If yes, you should make redirection to default page.
In your controller (where you check if user is valid or not), make a session variable and initialise it to "connected" for example.
And in your login form check if your session variable is connected if so redirect to wanted page.

Auth dialog asks for extended permissions, but my app doesn't need them. How do I prevent the auth dialog from showing the second page?

I set up an app to allow users to log into my site using Facebook. When users click the FB login button, the expected auth dialog appears. My auth dialog shows a second page which says: "This app may post on your behalf, including status updates, photos and more."
But my app doesn't need any extended permissions, and will not be posting anything to Facebook. I don't want this second page to appear, but I can't figure out how to make it go away.
On my app's settings page, I didn't specify any extended permissions. Is there someplace else I have to specify that I don't want extended permissions?
Thanks for the help.
You might have specified a scope in the "Login with Facebook" button that requests these permissions from the user. Especially if you just copy-and-pasted an example from the documentation, this might have happened.
Check in your HTML whether you have something similar to this:
<div class="fb-login-button" scope="publish_stream">
Login with Facebook
</div>
If so, make sure to get rid of the scope attribute.

jQuery mobile and PhoneGap using sessions to ensure user cant go "back" to or visit a page unless logged in

I am in the middle of making an app using a PHP web service to log users in/authenticate their credentials.
I am using localStorage (part of phonegaps local storage API) to ensure the user doesnt have to keep logging in when they open the app. This is done by storing the username and password on local storage and checking it when the app opens. If they feel the need to log out I have a simple logout button binded to a tap event which clears their local storage.
$( '#logout' ).live( 'tap',function(event){
window.localStorage.clear();
$.mobile.changePage("#loginPage", {transition: "none"});
});
BUT... when logged out, they are still able to click the back button on the phone and get into the secure area, which doesnt make sense because the "welcome, (username)" part is all messed up etc...
Im wondering if there is a way to ensure that what ever page they open does some sort of check to make sure theyre logged in??
Bind into the pagebeforeshow event of the pages to check if the user is logged on - check if credentials are present in local storage.
If user is not logged on you can either call preventDefault to stop the pageChange or better redirect the user to a loggedOffPage by modifying the toPage passed into the handler.
Refer the Page change events section on JQM Events page.