Hi all,
Hail marry here looking for a solution. I am looking to implement a frictionless login system in modx 2.x. I currently have a website with a free ‘members only’ area with 4000 members. I want to remove the password requirement so that anyone can login by simply entering their already registered email address to sign in. I do not need or want authentication links; I’d like new users to fill out a registration form (name, email, phone) an their email is logged in the database. Anytime they come back, to sign in they just enter the email address. If it’s in the system, they get in. I’m not concerned with security or fake/bogus emails.
I need to be able to implement this seamlessly for existing users, as well as all new sign ups.
Does anyone see a way of doing this in modx 2.x? After reading I don’t believe there is a native way to do this. Is there a 3rd party app? Or is there any easy way to customize a solution?
Maybe you could just use the same fixed password for all your users.
If you are using the Login-Extra you can probably set the password in a preHook for the Login and Register-Snippets.
In the Register-Snippet set &activation=`0` so no activation emails are needed.
Are you currently using Modx? If so how are your emails currently stored?
I’d approach this like-
Create a new Modx Package using Migx for simplicity
Migrate all data (emails, names etc) into the table
Create login page with a snippet that checks the DB for a registered email, returns false - handle error as you wish. If true, set a session var using (https://gist.github.com/chrisdempsey/0000edea6f0ee9219e9cd241787aaf9b) then send redirect $url = $modx->makeUrl(membersPageId); $modx->sendRedirect($url);
create a “members only” section with a snippet that checks for the session var set during successful login, if no var redirect to login page.
For registration page, have a snippet that once form data passes validation adds the data to the DB, sets the Session var and then sends the redirect like the login page.
Out of curiosity, if you don’t care if any of the user information is real, why even bother with member only pages? What do you gain by the trouble?
Surely much of the data is bogus if you’re not validating it, and if you are using the list to send emails you then risk hurting your sender reputation and possibly getting in trouble with spam laws.
If you’re just wanting to keep a record of sign-ins, you could require just a username… ?
But this is obviously not an answer to your question so please ignore if it doesn’t seem useful or pertinent.