You can login by
submitting the login form
or you can be auto logged in using cookies.
Both login routes should follow the same processes and
should both set up the session so that you are fully logged on
with all your access rights and membership rights.
The username & password is either entered by you or picked up
via a cookie stored on your device. In this later case, for auto-login
no password or username is saved as a cookie, but a coded token is saved
and this is matched to your records on the database.
If you lose the device and log in on another device, this token
will no longer match your records.
This link is also used to process the submitted
username & password combination.
Refer to the view controller
/biscuits-12b/controllers/member.php function login()
The view file form-login.php
submits back to itself with the posted values you entered.
The Process of Signup and creating a username
This is the Signup page
It is a form asking you to chose a username and password.
To show that you are a human, you must set all the triangles to the same colour.
On submitting this form, you are directed to
It will create your username on the site and send you an email.
An email has been sent to Click the link on the email
that you received to confirm your
email address and start using your new login.
When you reply to the email, your username will be confirmed.
A token code will be included in the link to click on in your email,
this token code identifies you until you have responded by clicking this link
in your email. (If you can't click it, simply copy it into the browser address bar.
js biFormValidate Check for a captcha to do
To check the signup form submission
New biscuitsDB function doMethod()
Testing the Email Authentication
To complete these tests you will need access to the
server MySQL database.
To create a new account, follow these steps:
sign up form and submit
, remember to pass the captcha test before you can submit the form.
Also take note of the password that you chose.
Signup Complete Page
You will be shown a page saying that an email has been sent to you.
Open the email:
With the email open, go to the SQL control panel and find the new user there.
You signed up to English Tap Username : fred
All you need now is to click on this link
to confirm your email address
SELECT id ,username ,confirmed, email ,server_token
FROM userTable WHERE username = "myNewUsername"
If you can not select this user in the SQL datbase,
LOGIN SOFTWARE FAILURE - No user created on the Database
If you can see this user row listed, check that
the row has :
There should be a token string in the column that exactly matches
the last part of the link sent in the email
An encrypted password (You might be able to determine what this should
be by using a password with an already known encrypted value.
The value of confirmed should be 0
Attempt to login without replying to the confirmation email
Before clicking on the email to confirm this new user.
Try to login without confirming
We should be refused login with a message
saying that we still have not confirmed our membership
Click the email link to confirm your membership
You should then become a confirmed member, although right
at that moment you will still not be logged in as that new user.
You will be a guest and will see:
Confirmation of your membership
Your membership has been confirmed.
Your username is guest
SELECT the user again and check that
the value of confirmed changing to 1
If confirmed = 0 ,
Confirmation has failed in /member/confirm
The confirmation is done by the method
if the user has been confirmed and the server_token removed,
try to login with this username and password.
Retrieving a forgotten password
The function sends an email if there is no token in the URL or
processes the received email with a token in the URL.