BEE Script: login [username=string]
[password=string]
[realm=string]
[signup=num]
BEE Tag: <beelogin [username=string]
[password=string]
[realm=string]
[signup=num]>
The "login" command authenticates the session so that subsequent "access" command and "sys%auth" variables will operate on the new session.
All parameters got proper default value from the login form (via the sys%form variables.) So "login" mostly appears to be parameter-less command unless your login form got field names different from "username", "password" and "realm". ("realm" is optional as login will extract the part of the username after the "@" sign if any as the "realm" specification.)
If both "username" and "password" are both evaluated to blank (including their default values from the form entry), no login function will be performed, status:login will be set to 0, and message:login will be set to blank. This design is to avoid a login error when the user first open the page.
Here is a typical way to handle a "member-only" page:
Example (forms submit back to the same page):
if ('{sys%form:Submit}' == 'Login') login;
elseif ('{sys%form:Submit}' == 'Logout') logout;
display '{message%login}';
access {
display '<form method="post" action="{sys%url:page}">';
display '<input type=submit name=Submit value=Logout>';
display '</form>';
// Member-only info here
} else {
display '<form method="post" action="{sys%url:page}">';
display 'Username: <input type=text name=username><br>
';
display 'Password: <input type=password name=password><br>
';
display '<input type=submit name=Submit value=Login>
display '</form>';
}
Parameters
username specifies the username used to access the Auth table. It is default to the value of the form entry field named "username" (i.e. {sys%form:username}). If "username" evaluates to blank but "password" is non-blank, "login" will give an error. If both "username" and "password" evaluate to blank, "login" will do nothing and return no error.
If "username" evaluates to a value that contains an "@" sign, the part after the "@" will be used as "realm". Realm specified this way (after the "@" sign) takes precedence over the "realm" parameter.
password specifies the plain text version of the password that is used in the authentication process to match up with the one (encrypted or not) in the Auth table. It is default to the value of the form entry field named "password" (i.e. {sys%form:password}). If "password" evaluates to blank but "username" is non-blank, "login" will give an error. i.e. blank password is not allowed. If both "username" and "password" evaluate to blank, "login" will do nothing and return no error.
realm specifies the realm if the "username" value contains no "@" sign.
After the "login" command is executed, the following BEE Variables are made available:
status%login |
Error code or 0 if successful 1: user already logged in 2: no username is entered 3: no password is entered 4: username is incomplete 10 or above: Error code from the BEE system |
message%login |
Error message or blank if successful |
|