Okay, right. Wappler does not brag about being “no-code”
My point is still just as valid.
Thank you so much for your patience, DAVE!
1 Like
You are very welcome @NewMedia
BUT when it does all come together and works… Feels great! Yes some documentation could be improved but the Team are bang on it in the background. AND, at least they are actually here, unlike many developers behind the software, who hide behind support, no such issue here. The Team need to be praised for that fact.
This is a work in progress. Currently working on securitylogin/register/protect pages tutorial, but it becomes quite lenghty as it includes everything from database creation to user logout. Obviously separate tutorials for defining security provider, making a login page etc. are not easy to follow reading this topic.
5 Likes
I’m privileged to see your hard-work taking shape behind the scenes, and admire your attention to details, and the time it takes, especially with so much else going on left, right and centre. How you find the time to be in several places at once amazes me! Some say the Wappler Team exist in a 48 hour day universe…
1 Like
Honestly, it is THE FORUM and @Teodor and @George and @patrick and @Dave and @ben and @sid and @mebeingken and @JonL and @nshkrsh and @psweb etc that have kept me at this.
As for my own 48 hours: I’m in Germany but have reported in all over Europe & both coasts of the USA in so many different time zones. Plus, particularly when I’m working, I can not sleep!
So after tossing & turning over a LOGIC problem or query my brain won’t let me sleep.
So either I work until morning or get up at 2:30 am or 4:30 am and jump into it.
I’m used to seeing the code. That is where I learned to modify things to my own purposes.
But, as I say, it is THIS FORUM that makes the DIFFERENCE. How people step up to answer even the dumbest questions I pose.
Vielen Dank Alles!
3 Likes
yup, wappler community > wappler the app.
HERE is where I find NO CURRENT Instructions and it is critical,
Because I have to switch around between Docs and Tutorials using Wappler in various editions is why it is “so complicated”
Here is a critical step as to what is going to happen out of the gate in a Login with Security Provider
SECURITY RESTRICT HAS CHANGED PROPERTIES
LOGIN URL AND FORBIDDEN URL (which seems to be covered in the old docs where you are adding redirects on “Success” and “Unathorized”
This is the kind of conflict that has me going in circles.
SECURITY RESTRICT HAS CHANGED PROPERTIES
So, this is a make-it-or-break-it setting in the 4.5.1 procedures with changed or merged components.
What does LOGIN URL MEAN? Docs don’t clue me in.
Is it the Login Page url itself?
Or is it the Equivalent of “Browser Go To on Success”
Please strip this whole thing down step-by-step using the latest updated procedures in 4.5.1
This is why Docs and Forum posts that go back over a few years are confusing–
I find a Forum post that says that the method of using a Security Setting linked to the Login API uses one way for Node and another way for PHP – which is mine.
At the top of the page it seems a Generic project answer except for the smaller print that says this page is for PHP projects ONLY.
The first link is the one you want. Nothing has changed for a long time aside from the addition of some changes made for Node JS Projects, the rest remains exactly the same. As @Teodor has mentioned he is in the process of updating the documentation to include a full, fresh, step by step process. And looking through the first link provides all necessary instructions for the page protection specifically.
This documentation is also correct and applicable to the current version of Wappler and to PHP. Nothing has changed for PHP.
The process is exactly the same for 4.5.1 as for previous versions and is outlined in the above documentation link.
1 Like
The only thing that you need to ignore is adding the database connection:
Full documentation:
1 Like
How about following the above examples, covered in the documentation, get that working, then go back to your specific requirements, but initially get the basics working? I believe these additions of yours are causing the issues you are having @NewMedia
1 Like
The below image is a simple example. We use the repeat to set sessions upon success (but ignore this until you have a working example based on the documentation), we also validate the user (again you can ignore this for the moment).
Starting from scratch.
I named a new security file “basicsecurity” & set it up for the same as before – Database lookup of table and 2 fields in the records which will match the login user Username and Password values.
I have followed those steps again.
Now, I assume that the first page – the login page should NOT have the security json code If I select in the top App selector to provide a “Security Enforcer” here that should be incorrect. This is not the page I want protected – it is always to be public and open to viewing.
So here is what is in the top of my form page which is to load after the Login credentials are submitted.
<?php
require('dmxConnectLib/dmxConnect.php');
$app = new \lib\App();
$app->exec(<<<'JSON'
{
"steps": [
"Connections/LocalTrainingsDB",
"SecurityProviders/basicsecurity",
{
"module": "auth",
"action": "restrict",
"options": {"loginUrl":"trainingslogin.php","forbiddenUrl":"unauthorized.php","provider":"basicsecurity"}
}
]
}
JSON
, TRUE);
?>
What I keep getting is the unauthorized page when the correct username & password are submitted, instead of “working_form.php”
Here are the steps I went through again as I created a new “basicsecurity” API
This query that finds the one unique record in the login users table that matches the POST from Login page Username and Password I have added. Maybe it should not be using the Conditions but I have never seen the literal query that the Security Provider modules use and they didn’t perform a working Login success.
At any rate I am missing a weak link somewhere. I only get “unauthorized.php” after the Login with correct credentials.
This “simple example” of yours, Dave, does not come about from following the -Documents I’ve been referring to.
Just follow my 3 steps here where I already explained you how to set up this:
I see wrong setup yet on your first screenshot you posted above. You made exactly the opposite to what I explained in step 1 and 2.
1 Like
No Enforcer on the login page. You have an On Success Dynamic Event (on the form submit) fire the Action, then a Browser Go To to the page/pages which include Enforcer Protection within them.
Be sure to delete all your temporary files and cache, and even shut the browser down and open it again, or use Incognito Mode to avoid any caching while you check everything is working.
You should be using the returned Security Provider ID for the User to confirm.
Thank you, thank you @Dave & @Teodor
The only problem I’m having now is getting the logged in form variables I see “available” in my form page to bind so that they can be seen.
According to the dynamic data picker they are there, passed along, available in this session, but still not visible as read-only field values.
But I will take that on Tomorrow!
Thank you for all your work on my behalf! 
1 Like