Banner image
Content / help / login .. concise-view << previous next >>

Login, signup and autologin

You can login by submitting the login form or you can be auto logged in using cookies. Both login routes should follow the same processes and should both set up the session so that you are fully logged on with all your access rights and membership rights. The username & password is either entered by you or picked up via a cookie stored on your device. In this later case, for auto-login no password or username is saved as a cookie, but a coded token is saved and this is matched to your records on the database. If you lose the device and log in on another device, this token will no longer match your records.
  1. Visit the login page here and enter your username and password combination.

    This link is also used to process the submitted username & password combination. Refer to the view controller /biscuits-12b/controllers/member.php function login()

  2. The view file form-login.php submits back to itself with the posted values you entered.

The Process of Signup and creating a username

This is the Signup page It is a form asking you to chose a username and password. To show that you are a human, you must set all the triangles to the same colour. On submitting this form, you are directed to /member/new-signup It will create your username on the site and send you an email.


An email has been sent to Click the link on the email that you received to confirm your email address and start using your new login.

When you reply to the email, your username will be confirmed. A token code will be included in the link to click on in your email, this token code identifies you until you have responded by clicking this link in your email. (If you can't click it, simply copy it into the browser address bar.


Auto Login

Software Components

  1. view form-login.php
  2. JS js/biscuits-login.js function autoLogin()
  3. Controller /member/signup
  4. js biFormValidate Check for a captcha to do
  5. Controller /member/check-new-signup
    To check the signup form submission
  6. New biscuitsDB function doMethod()

Testing the Email Authentication

To complete these tests you will need access to the server MySQL database. To create a new account, follow these steps:
  1. Fill the sign up form and submit , remember to pass the captcha test before you can submit the form.
    Also take note of the password that you chose.
  2. Signup Complete Page You will be shown a page saying that an email has been sent to you. Open the email:
  3. With the email open, go to the SQL control panel and find the new user there.
    You signed up to English Tap Username : fred All you need now is to click on this link to confirm your email address http://thedomain/member/confirm/d65fc9a47a9e0bd88f33f668aa8e1907

    SELECT id ,username ,confirmed, email ,server_token FROM userTable WHERE username = "myNewUsername"
    If you can not select this user in the SQL datbase, LOGIN SOFTWARE FAILURE - No user created on the Database

    If you can see this user row listed, check that the row has :

    1. There should be a token string in the column that exactly matches the last part of the link sent in the email
    2. An encrypted password (You might be able to determine what this should be by using a password with an already known encrypted value.
    3. The value of confirmed should be 0
  4. Attempt to login without replying to the confirmation email
    Before clicking on the email to confirm this new user. Try to login without confirming
    1. We should be refused login with a message saying that we still have not confirmed our membership /member/failed-login
  5. Click the email link to confirm your membership You should then become a confirmed member, although right at that moment you will still not be logged in as that new user. You will be a guest and will see:

    Confirmation of your membership
    Your membership has been confirmed.
    Your username is guest

    1. SELECT the user again and check that the value of confirmed changing to 1
      1. If confirmed = 0 , Confirmation has failed in /member/confirm The confirmation is done by the method memberDB->setConfirmed($token)
      2. if the user has been confirmed and the server_token removed, try to login with this username and password.

Retrieving a forgotten password

The function sends an email if there is no token in the URL or processes the received email with a token in the URL.

  1. Member Forgot Password
  2. /member/send-token sends the token and matchng email
  3. Check your email. Eg: Somebody requested the password for user account @username Follow this link to change your password Click onthis link
Website by Ibiscuits