Show/Hide Toolbars

Navigation: Using PHPRunner > Security

PHPrunner32x32     PHPRunner manual


Registration and passwords

Scroll Prev Next More

 

By default, the generated app doesn't have the user registration page. It uses either the hardcoded login/password or an already existing table with the login/password in the database. You can change that with the Registration and passwords option.

 

Press the Registration and passwords button on the Security screen to open a popup with the registration and passwords settings.

security_registration_and_passwords

 

Registration page settings

To create a new user registration page, select the corresponding checkbox, and click Choose fields to select the fields that appear on the registration page.

security_reg_choose_fields

 

Select the Send email to user checkbox to send an email to the users upon their registration. You can edit the user email template with the Email templates dialog.

 

yellowbulbNote: do not forget to choose the User email field at the bottom of the popup.

 

With the Send email to user checkbox selected, you can also select the Send activation link checkbox to include the activation link into the registration email. The purpose of the activation link is to ensure that the user signs up with a real, active email address that they own. This helps in reducing the number of users with inactive or fake emails. The access is denied until the user opens the activation link in the browser.

 

yellowbulbNote: the activation link option requires having an activation flag field in the table. Select one of the existing fields or create a new one to store the activation flag. This field needs to be numeric (Number, INT or TINYINT).

 

You have the option to send an email to the admin when a new user registers on the site. Select the Send email to admin checkbox and fill the Admin email field to do so. You can edit the admin email template with the Email templates dialog.

 

Select the Display CAPTCHA checkbox to display CAPTCHA on the Registration page. For more information, see CAPTCHA on authentication pages.

 
You can customize the templates for the emails that are sent to the user/admin upon the new user registration with the Email templates dialog.

security_email_templates

 

Select the template at the top of the window to view it. Deselect the Send default message checkbox to edit the template. You can use the variables that are listed above the template message.

 

Passwords settings

You can turn on the Change password and Remind password pages with the respective checkboxes.

 

You have the option to Restrict weak passwords. Click Settings to set the minimum password length, the number of unique characters, digits and symbols, or to accept passwords with both upper and lower case letters only.

security_passwords_restrict_weak

 

Select the Encrypt passwords checkbox to protect the passwords in the database. Choose between the BCRYPT algorithm (the industry standard), or the MD5 algorithm.

 

yellowbulbNote: BCRYPT requires PHP 5.5 or better.

 
You can also hash your passwords manually using the Events.

 

For instance, you want to provide the admin with direct access to the login table. Add the following code to the BeforeAdd/BeforeEdit events of the login table:

 

For BCRYPT:

 

$values["password"] = getPasswordHash( $values["password"] );

 

For MD5:

 

$values["password"] = md5( $values["password"] );

 

The Remind password page has the option to send the existing password to the user or to send the Reset password link. With the Send the Reset password link you need to choose or create new Reset password token and Reset password date fields.

 

yellowbulbNote: the Send existing password to the user option is unavailable when you have the Encrypt passwords option enabled.

 

Select the Display CAPTCHA checkbox to display CAPTCHA on the Remind password page. For more information, see CAPTCHA on authentication pages.

 

Additional settings

Select the Case-insensitive login checkbox to make the site, for instance, consider 'USER' and 'user' the same logins.

 

With Email settings, you can enter the email from which to send emails to the users, and define the settings of the custom mail server, if you do not use the built-in mail server. See Miscellaneous settings to learn more.

security_email_settings