Tweet
I need to set a condition to prevent user from logging in based on the authtoken table. I'm not sure which files are responsible for the login process. Assistance please.
-
-
File: "\Controllers\App"
If I wanted to get data from auth token table, how would I set the method in the extends class (\Espo\Core\Controllers\Base)? -
You can extend App controller in custom folder.Comment
-
i want to prevent user from logging in from different devices. I created a method in \Espo\Core\Utils\Auth.php; created auth entity and where clause with fields (deleted,userid,lastaccess). Then in \Espo\Controller\App.php, I added the lastaccess, ipaddress, and admin to the array to check if user is not admin, if lastaccess has current time and date, and is it's from the same ip address. client/src/views/login.js deals with the user login. In the js file, I want get the data from actionuser method and check if the user is already logged in somewhere, so i can prevent user from logging in twice. assistance would be very appreciated.Comment
-
I tried to return false from the login js file if lastaccess has the current date, approximate time, and different ip address, but I'm still able to login. My goal to check if the same user is logged in from a different ip, if so, then prevent user from logging in from a different ip address. Assistance would be appreciated.Comment
-
Hello yuri , if I wanted to prevent the same user from logging in from multiple device at the same time, how would I go about doing that?Comment
-
Hi,
It's hard for me to say how to implement it. In the place where AuthToken is being checked you need to remove active AuthToken to kick ones signed from other devices.Comment
-
But I want don't kick users out from other devices to allow user to login with the device in sight. If user logged into their pc and never logged out (determined by the value of deleted field). And they try to login with their phone (different ip address), I want to prevent user from logging in the CRM with their phone.Comment
-
Then check if active auth token exists, If does then don't allow to login.Comment
-
directory: espo/core/utils/auth.php
method: login
My code is suppose to check the logins against non-admin users. Also to check if authtoken exist, and it's not the same device to prevent user from logging in from a different device when they already logged in from another device, but it's not working. Not sure where I'm going wrong with this. Any assistance would be appreciated. Thanks.PHP Code:if($authToken){
if(!$user->isAdmin()){
if($authToken->get('ipAddress') != $_SERVER['REMOTE_ADDR']){
$host_name = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$GLOBALS['log']->debug("Already logged in from {$host_name}.");
return false;
}
}
}
Comment
-
I think I'm close solving the issue. My question is, when I logout, am I suppose to receive an error of 401 or 500 because I'm getting those errors when I logout? There is nothing in the data logs. In console, however displays in chrome "Failed to load resource: the server responded with a status of 500 (Internal Server Error)" or in microsoft edge, "The server encountered an unexpected condition that prevented it from fulfilling the request".Comment
-
Hello yuri, I was able to resolve the issue. You have an onWrong function in the login js file. I want to send different errors based on certain conditions. You use superglobal global to debug error. Is there a way I can set popover message based on conditions on the backend. If so, is there an example, or you can point me in the right direction? Thank you for any assistance.Last edited by worldmiros; 08-08-2016, 09:19 PM.Comment
-
Issue resolved on customizing the onWrong function to sending custom errors.Comment
Comment