Authentication Library

revIgniter provides a lightweight, simple, and clean authentication library which is based on Ion Auth for CodeIgniter by Ben Edmunds, ben.edmunds@gmail.com.

Initializing the Library

Like most other libraries in revIgniter, the Authentication library is initialized in your controller using the rigLoaderLoadLibrary handler:

rigLoaderLoadLibrary "Authentication"

Note: In order to use authentication, you must first create the appropriate database tables for this purpose as outlined in the Authentication Tables section below.

 

Overview

Following below the features and key points of revIgniter's Authentication library:

 

Authentication Configuration

The following is a list of all the preferences that can be set in system/application/config/authentication.lc:

Preference Default Value Options Description
sAuthenticationConf["tables"]["users"]UsersNoneThe table name to use for the users table.
sAuthenticationConf["tables"]["groups"]GroupsNoneThe table name to use for the groups table.
sAuthenticationConf["tables"]["usersGroups"]UsersGroupsNoneThe table name to use for the users groups table.
sAuthenticationConf["tables"]["loginAttempts"]LoginAttemptsNoneThe table name to use for the login attempts table.
sAuthenticationConf["join"]["users"]userIdNoneUsers table column you want to join WITH.
sAuthenticationConf["join"]["groups"]groupIdNoneGroup table column you want to join WITH.
sAuthenticationConf["cipher"]bfSee LiveCode's cipherNames() function.Cipher used to encrypt passwords (see revIgniter's Encryption Library).
sAuthenticationConf["keyLength"]128See LiveCode's cipherNames() function.Key length used to encrypt passwords (see revIgniter's Encryption Library).
sAuthenticationConf["authEncryptionKey"]myKeyNoneAuthentication encryption key (see revIgniter's Encryption Library).
sAuthenticationConf["useAuthEncryptionKey"]TRUETRUE or FALSE (boolean)Set this to FALSE if you prefere to use revIgniter's universal encryption key as set in config.lc.
sAuthenticationConf["siteTitle"]Example.comNoneThe title of your site, used for email.
sAuthenticationConf["adminEmail"]admin@example.comNoneYour administrator email address.
sAuthenticationConf["minLengthPassword"]8NoneMinimum required password length.
sAuthenticationConf["maxLengthPassword"]20NoneMaximum allowed password length.
sAuthenticationConf["emailActivation"]TRUETRUE or FALSE (boolean)Sets whether to require email user activation or not.
sAuthenticationConf["manualActivation"]FALSETRUE or FALSE (boolean)Sets whether to require manual user activation or not.
sAuthenticationConf["identityColumn"]emailNoneColumn to use for uniquely identifing users logging in etc. You should add an index in the users table for whatever you set this option to.
sAuthenticationConf["defaultGroup"]membersNoneName of the default user group.
sAuthenticationConf["defaultAdminGroup"]adminNoneName of the admin group.
sAuthenticationConf["rememberUsers"]TRUETRUE or FALSE (boolean)Allow users to be remembered and enable auto-login.
sAuthenticationConf["autoLoginExpire"]129600NoneHow long to remember the user for in seconds. Set to zero for no expiration.
sAuthenticationConf["userExtendOnLogin"]FALSETRUE or FALSE (boolean)Extend the users session expiration everytime they auto-login.
sAuthenticationConf["trackLoginAttempts"]TRUETRUE or FALSE (boolean)Track the number of failed login attempts for each user or ip.
sAuthenticationConf["maxLoginAttempts"]3NoneThe maximum number of failed login attempts. This maximum is not enforced by the library. If set to 0, there is no maximum.
sAuthenticationConf["forgotPasswordExpiration"]0NoneThe number of seconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.
sAuthenticationConf["enableAuthenticationHooks"]FALSETRUE or FALSE (boolean)Enable / disable authentication "hooks".
sAuthenticationConf["sendEmails"]TRUETRUE or FALSE (boolean)Send emails using revIgniters Email.lc library. False means: The library returns identity, user id, email address and activation code.
sAuthenticationConf["emailConfig"]mailtype: html, protocol: sendmailfile or revIgniter's Email Library prefsUse "file" if you want emails to be sent using revIgniter's default configuration or a config file. Use an array to manually set your email configuration.
sAuthenticationConf["pathToEmailTemplates"]None Path to your authentication mail templates relative to system/application/views/. Leave this BLANK unless you would like to set something other than the default emailTemplates/ folder.
sAuthenticationConf["emailActivate"]authActivate.lcNoneName of your account activation email template.
sAuthenticationConf["emailForgotPassword"]forgotPassword.lcNoneName of your forgotten password email template.
sAuthenticationConf["messagePrefix"]<p>NoneStarting delimiter for authentication related messages.
sAuthenticationConf["messageSuffix"]</p>NoneEnding delimiter for authentication related messages.
sAuthenticationConf["errorPrefix"]<p>NoneStarting delimiter for authentication related error messages.
sAuthenticationConf["errorSuffix"]</p>NoneEnding delimiter for authentication related error messages.

Note: If security is essential think about enabling CSRF cookies in application/config/config.lc

 

Top of Page

Handler Reference

rigAuthLogin( pIdentity, pPassword, pRemember )

Logs the user in.

The first parameter is a string to identify the user. Usually this is an email address or a username.
The second parameter is a password string.
The optional third parameter is a boolean which determines if the user wants to be remembered.

This function returns TRUE if the user was successfully logged in, otherwise it returns FALSE.

Example:

put FALSE into tRemember
# CHECK IF THERE IS A POST VARIABLE remember
put rigVarPost("remember") into tPostRemember
if tPostRemember <> FALSE then
	# CHECK VALUE
	if tPostRemember[1] is 1 then
		put TRUE into tRemember
	end if
end if

get rigAuthLogin(rigVarPost("identity"), rigVarPost("password"), tRemember)

rigAuthLogout

Logs the user out.

Example:

command logout
	# LOG USER OUT
	rigAuthLogout

	# GET AUTHENTICATION MESSAGES
	put rigAuthMessages() into tMessages

	rigSetSessFlashdata "message", tMessages
	
	# REDIRECT TO THE LOGIN PAGE
	rigRedirect "/auth/login"
end logout

rigAuthRegister( pUsername, pPassword, pEmail, pExtraData, pGroupname )

Register (create) a new user.

The first parameter is a username.
The second parameter is the user's password.
The third parameter is the user's email address.
The optional fourth parameter is an array containing additional data like first name, last name etc.
The optional fifth parameter is a numbered array used to define which groups the user belongs to.

This function returns a user ID if the user was successfully created, otherwise it returns FALSE.

# GET ACCOUNT DATA
if $_POST is an array then
	put toLower(rigVarPOST("first")) && toLower(rigVarPOST("last")) into tUserName
	put rigVarPOST("password") into tPassword
	put rigVarPOST("email") into tEmail
	
	put rigVarPOST("first") into tExtraData["firstName"]
	put rigVarPOST("last") into tExtraData["lastName"]
	put rigVarPOST("company") into tExtraData["company"]
	put rigVarPOST("phone") into tExtraData["phone"]
end if

put 2 into tGroups["1"]
put 3 into tGroups["2"]

put rigAuthRegister(tUserName, tPassword, tEmail, tExtraData, tGroups) into tRegistration

Note: The default URI used for activating a new user is "auth/activate". This means you should provide a controller called "auth" including a handler called "activate" to process user activation. To specify your own URI segments you need to set the fourth parameter using the array key "activationLink" to "yourController/yourHandler". Of course, replace "yourController/yourHandler" with your URI segments.

rigAuthUpdate( pID, pData )

Update user data.

The first parameter is the user's ID.
The second parameter is an array containing the update data.

This function returns TRUE if the user was successfully updated, otherwise it returns FALSE.

Example:

# GET USER ID
put rigFetchSegment(3) into tID

# CHECK POST ARRAY DATA
if $_POST is an array then
	# VALIDATE THE REQUEST
	if tID <> rigVarPOST("hiddenUserID") then
		rigLogMessage "error", "This form post did not pass the security check.", TRUE
	end if
	
	put rigVarPost("phone") into tData["phone"]
	
	get rigAuthUpdate(tID, tData)
end if

rigAuthDeleteUser( pID )

Delete a user.

The parameter is the user's ID.

This function returns TRUE if the user was successfully deleted, otherwise it returns FALSE.

Example:

# GET USER ID
put rigFetchSegment(3) into tID

# CHECK THE USER LEVEL
if (rigAuthLoggedIn() is TRUE) and (rigAuthIsAdmin() is TRUE) then
	put rigAuthDeleteUser(tID) into tDeleted
end if

rigAuthForgottenPassword( pIdentity, pExtraData )

Resets the user's password by emailing the user a reset code.

The first parameter is a string which represents the user's identity as defined in the authentication.lc config file.

The optional second parameter is an array containing additional data. Currently the function processes solely one parameter array key which is called "passwordResetLink". This is the URI included with the forgotten password email used to reset a password.

This function returns TRUE if the user's password was reset successfully. It returns an array containing values for "identity" and "forgottenPasswordCode" in case sAuthenticationConf["sendEmails"] is set to FALSE.

# CALL THE rigAuthForgottenPassword FUNCTION TO SEND A RESET CODE TO THE USER
put rigAuthForgottenPassword(rigVarPOST("email")) into tResetPasswordSent

if tResetPasswordSent is TRUE then
	put rigAuthMessages() into tMessages
	
	rigSetSessFlashdata "message", tMessages
	rigRedirect "/auth/login"
else
	put rigAuthErrors() into tErrors
	
	rigSetSessFlashdata "message", tErrors
	rigRedirect "auth/forgotPassword"
end if

Note: The default URI used to process forgotten password requests is "auth/resetPassword". This means you should provide a controller called "auth" including a handler called "resetPassword". To specify your own URI segments you need to set the second parameter using the array key "passwordResetLink" to "yourController/yourHandler". Of course, replace "yourController/yourHandler" with your URI segments.

rigAuthLoggedIn()

Check to see if a user is logged in.

This function returns TRUE if the user is logged in, otherwise it returns FALSE.

Example:

# CHECK IF USER IS LOGGED IN
if rigAuthLoggedIn() is FALSE then
	rigRedirect "/auth/login"
end if

rigAuthIsAdmin( pID )

Check to see if the currently logged in user is an administrator.

The optional parameter is the user's ID. If a user id is not passed the id of the currently logged in user will be used.

This function returns TRUE if the user is an admin, otherwise it returns FALSE.

Example:

# CHECK THE USER LEVEL
if rigAuthIsAdmin() is FALSE then
	# REDIRECT TO HOME PAGE BECAUSE USER IS NOT ALLOWED TO VIEW ADMIN CONTENT
	rigRedirect "/"
end if

rigAuthInGroup( pGroup, pID )

Check if user is a member of a specific group.

The first parameter is an integer (the group ID) or a string (the group name) or an array of strings and integers.
The second optional parameter is the user's ID. If a user id is not passed the id of the currently logged in user will be used.

This function returns TRUE if the user is a member of any given group, otherwise it returns FALSE.

Example:

# SINGLE GROUP (BY NAME)
put "other" into tGroup
if rigAuthInGroup(tGroup) then
	rigSetSessFlashdata "message", "You must be a member of group other to view this page."
	rigRedirect "/"
end if

# SINGLE GROUP (BY ID)
put 1 into tGroup
if rigAuthInGroup(tGroup) then
	rigSetSessFlashdata "message", "You must be a member of group 1 to view this page."
	rigRedirect "/"
end if

# MULTIBLE GROUPS (BY NAME)
put "members" into tGroups[1]
put "other" into tGroups[2]
if rigAuthInGroup(tGroups) then
	rigSetSessFlashdata "message", "You must be a member of group members or of group other to view this page."
	rigRedirect "/"
end if

# MULTIBLE GROUPS (BY ID)
put 2 into tGroups[1]
put 3 into tGroups[2]
if rigAuthInGroup(tGroups) then
	rigSetSessFlashdata "message", "You must be a member of group 2 or of group 3 to view this page."
	rigRedirect "/"
end if

# MULTIBLE GROUPS (BY NAME AND ID)
put 2 into tGroups[1]
put "other" into tGroups[2]
if rigAuthInGroup(tGroups) then
	rigSetSessFlashdata "message", "You must be a member of group 2 or of group other to view this page."
	rigRedirect "/"
end if

rigAuthUsernameCheck( pUsername )

Check if there is an entry in the DB regarding the username provided.

The parameter is the user's username.

This function returns TRUE if the user is registered, otherwise it returns FALSE.

Example:

# GET POST DATA
if $_POST is an array then
	put rigVarPOST("username") into tUsername
	put rigVarPOST("password") into tPassword
	put rigVarPOST("email") into tEmail

	put rigVarPOST("first") into tExtraData["firstName"]
	put rigVarPOST("last") into tExtraData["lastName"]
	put rigVarPOST("company") into tExtraData["company"]
	put rigVarPOST("phone") into tExtraData["phone"]
end if

put 2 into tGroups["1"]
put 3 into tGroups["2"]

if rigAuthUsernameCheck(tUsername) is FALSE then
	put rigAuthRegister(tUserName, tPassword, tEmail, tExtraData, tGroups) into tRegistration
end if

rigAuthEmailCheck( pEmail )

Check if there is an entry in the DB regarding the email address provided.

The parameter is the user's email address.

This function returns TRUE if the user is registered, otherwise it returns FALSE.

Example:

# GET POST DATA
if $_POST is an array then
	put rigVarPOST("username") into tUsername
	put rigVarPOST("password") into tPassword
	put rigVarPOST("email") into tEmail

	put rigVarPOST("first") into tExtraData["firstName"]
	put rigVarPOST("last") into tExtraData["lastName"]
	put rigVarPOST("company") into tExtraData["company"]
	put rigVarPOST("phone") into tExtraData["phone"]
end if

put 2 into tGroups["1"]
put 3 into tGroups["2"]

if rigAuthUsernameCheck(tEmail) is FALSE then
	put rigAuthRegister(tUserName, tPassword, tEmail, tExtraData, tGroups) into tRegistration
end if

rigAuthIdentityCheck( pIdentity )

Identity check for remembered users (auto-login).

The parameter is a string which represents the user's identity as defined in the authentication.lc config file.

This function returns TRUE if the user is registered, otherwise it returns FALSE.

Example:

# GET USER DATA
put rigAuthUser(tID) into tQueryResult
if (tQueryResult <> FALSE) and (tQueryResult is an array) then
	put rigDbRow() into tUser
end if

put rigVarPOST("identity") into tData["identity"]
put rigVarPOST("first") into tData["firstName"]
put rigVarPOST("last") into tData["lastName"]

if (tData["identity"] is tUser["username"]) or (tData["identity"] is tUser["email"]) or (rigAuthIdentityCheck(tData["identity"]) is FALSE) then
	get rigAuthUpdate(tUser["id"], tData)
end if

rigAuthIsMaxLoginAttemptsExceeded( pIdentity )

If login attempt tracking is enabled, checks to see if the number of failed login attempts for this identity or ip address has been exceeded. Login attempt limits are not enforced in the library.

The parameter is a string which represents the user's identity as defined in the authentication.lc config file.

This function returns TRUE if maximum login attempts is exceeded, FALSE if not or if login attempts not tracked.

Example:

put "rabit@revigniter.com" into tIdentity

if rigAuthIsMaxLoginAttemptsExceeded(tIdentity) is TRUE then
	rigSetSessFlashdata "message", "You have too many login attempts."
	rigRedirect "/"
end if

rigAuthGetAttemptsNum( pIdentity )

Get number of login attempts from a given ipAddress or identity.

The parameter is a string which represents the user's identity as defined in the authentication.lc config file.

This function returns the number of failed login attempts for this identity or ip address.

Example:

put "rabit@revigniter.com" into tIdentity

put rigAuthGetAttemptsNum(tIdentity) into tNumAttempts

rigAuthIncreaseLoginAttempts( pIdentity )

If login attempt tracking is enabled, records another failed login attempt for this identity or ip address. This function is automatically called by the rigAuthLogin() function in case the login failed.

The parameter is a string which represents the user's identity as defined in the authentication.lc config file.

This function returns TRUE if increasing the number was successful, otherwise it returns FALSE.

rigAuthClearLoginAttempts( pIdentity, pExpirePeriod )

Clears all failed login attempt records for this identity or this ip address. This function is automatically called by the rigAuthLogin() function if the login succeeded.

The first parameter is a string which represents the user's identity as defined in the authentication.lc config file.
The second optional parameter is the number of seconds after which all the entries of login attempts should be cleared. If set to empty, a value of 86400 ( 1 day) is used.

rigAuthUser( pID )

Get a particular user.

The optional parameter is the user's id (integer). If a user id is not passed the id of the currently logged in user will be used.

This function returns FALSE in case there is no user data with the given id, otherwise it returns the result of the database query as an array.

Example:

# GET USER DATA
put rigAuthUser() into tQueryResult
if (tQueryResult <> FALSE) and (tQueryResult is an array) then
	put rigDbRow() into tUser
end if

# NOW tUser CONTAINS THE USER RECORD
# tUser["id"], tUser["ipAddress"], tUser["username"], tUser["password"], tUser["email"],
# tUser["activationCode"], tUser["forgottenPasswordCode"], tUser["forgottenPasswordTime"],
# tUser["rememberCode"], tUser["createdOn"], tUser["lastLogin"], tUser["active"],
# tUser["firstName"], tUser["lastName"], tUser["company"], tUser["phone"]

rigAuthUsers( pGroupIDs )

Get the users.

The optional parameter is an array of group IDs or a single ID.

This function returns FALSE in case there is no user data with the given group id, otherwise it returns the users who are members of the groups specified by the parameter or all users if the parameter is empty.

Example:

# GET ALL ADMINS
put rigAuthUsers(1) into tAdmins

# tAdmins IS NOW A MULTIDIMENSIONAL NUMBERED ARRAY
# CONTAINING ALL USERS WHO ARE A MEMBER OF THE ADMIN GROUP

put 0 into tCounter
repeat for each key tRecord in tAdmins
	add 1 to tCounter

	put tAdmins[tCounter] into tUser

	put empty into tRowData

	put "Username:" && tUser[3] & ", " after tRowData
	put "First Name:" && tUser[13] & ", " after tRowData
	put "Last Name:" && tUser[14] & ", " after tRowData
	delete char -2  to -1 of tRowData

	put tRowData & "<br />" & return after tResultData
end repeat

rigAuthGroup( pID )

Get a specific group.

The parameter is a group id.

This function returns FALSE in case there is no group data with the given id, otherwise it returns a group, the result of the database query as a numbered array.

Example:

# GET MEMBERS GROUP
put rigAuthGroup(2) into tGroup

# tGroup IS NOW A MULTIDIMENSIONAL NUMBERED ARRAY
# CONTAINING 1 GROUP RECORD

put tGroup[1] into tGroupRow

put "Group ID:" && tGroupRow[1] & ", " after tRowData
put "Group Name:" && tGroupRow[2] & ", " after tRowData
put "Group Description:" && tGroupRow[3] & ", " after tRowData
delete char -2  to -1 of tRowData

rigAuthGroups()

Get the groups.

This function returns FALSE in case there are no groups, otherwise it returns all groups, the result of the database query as a numbered array.

Example:

# GET GROUPS
put rigAuthGroups() into tGroups

# tGroups IS NOW A MULTIDIMENSIONAL NUMBERED ARRAY
# CONTAINING ALL GROUP RECORDS

put 0 into tCounter
repeat for each key tRecord in tGroups
	add 1 to tCounter

	put tGroups[tCounter] into tGroupRow

	put empty into tRowData

	put "Group ID:" && tGroupRow[1] & ", " after tRowData
	put "Group Name:" && tGroupRow[2] & ", " after tRowData
	put "Group Description:" && tGroupRow[3] & ", " after tRowData
	delete char -2  to -1 of tRowData

	put tRowData & "<br />" & return after tResultData
end repeat

rigAuthUserGroups( pID )

Get groups of a specific user.

The optional parameter is a user's id.

This function returns FALSE in case the user with the given id is not a member of any group, otherwise it returns all groups the user is a member of, the result of the database query as a numbered array.

Example:

# GET ALL GROUPS THE ADMIN IS A MEMBER OF
put rigAuthUserGroups(1) into tUserGroups

# tUserGroups IS NOW A MULTIDIMENSIONAL NUMBERED ARRAY
# CONTAINING GROUP RECORDS

put 0 into tCounter
repeat for each key tRecord in tUserGroups
	add 1 to tCounter

	put tUserGroups[tCounter] into tGroupRow

	put empty into tRowData

	put tGroupRow[2] into tRowData

	put tRowData & "," after tResultData
end repeat
if char -1 of tResultData is "," then
	delete char -1 of tResultData
end if

rigAuthAddToGroup pGroupID, pUserID

Add user to a group.

The first parameter is an integer, the ID of the group a user should be added to.
The second parameter is the user's ID.

Example:

# GET USER ID
put rigFetchSegment(3) into tUserID

# CHECK POST ARRAY DATA
if $_POST is an array then
	# VALIDATE THE REQUEST
	if tUserID <> rigVarPOST("hiddenUserID") then
		rigLogMessage "error", "This form post did not pass the security check.", TRUE
	else
	
		rigAuthAddToGroup 3, tUserID
	end if
end if

rigAuthRemoveFromGroup( pGroupIDs, pUserID )

Remove user from group.

The first parameter is an array of group IDs or a single group ID.
The second parameter is the user's id.

This function returns TRUE if the user was successfully removed from the group(s), otherwise it returns FALSE.

Example:

# PASS AN ARRAY OF GROUP ID's AND A USER ID
put 2 into tGroups[1]
put 5 into tGroups[2]
put 7 into tGroups[3]
get rigAuthRemoveFromGroup(tGroupIDs, tUserID)

# PASS A SINGLE ID AND USER ID
get rigAuthRemoveFromGroup(tGroupID, tUserID)

# PASS AN EMPTY GROUP ID TO REMOVE THE USER FROM ALL GROUPS
get rigAuthRemoveFromGroup(, tUserID)

rigAuthMessages( pPrefix, pSuffix )

Get authentication messages.

The first optional parameter is a starting delimiter for authentication related messages. If none is specified the delimiter as defined in application/config/authentication.lc is used.
The second optional parameter is a ending delimiter for authentication related messages. If none is specified the delimiter as defined in application/config/authentication.lc is used.

This function returns all authentication messages as a string.

Example:

# IF REGISTRATION WAS SUCCESSFUL REDIRECT TO AUTHENTICATION PAGE
if tRegistration <> FALSE then		
	put rigAuthMessages() into tMessages
	rigSetSessFlashdata "message", tMessages
	rigRedirect "/auth"
end if

rigAuthSetMessageDelimiters pStartDelimiter, pEndDelimiter

Set the message delimiters.

The first parameter is the staring delimiter.
The second parameter is the ending delimiter.

Example:

# IF REGISTRATION WAS SUCCESSFUL REDIRECT TO AUTHENTICATION PAGE
if tRegistration <> FALSE then
	rigAuthSetMessageDelimiters "<p><strong>", "</strong></p>"
		
	put rigAuthMessages() into tMessages
	rigSetSessFlashdata "message", tMessages
	rigRedirect "/auth"
end if

rigAuthErrors( pPrefix, pSuffix )

Get authentication errors.

The optional first parameter is the staring delimiter. If none is specified the delimiter as defined in application/config/authentication.lc is used.
The optional second parameter is the ending delimiter. If none is specified the delimiter as defined in application/config/authentication.lc is used.

This function returns authentication errors as a string.

get rigAuthLogin(rigVarPost("identity"), rigVarPost("password"), tRemember)

# IF LOGIN IS UNSUCCESSFUL REDIRECT BACK TO THE LOGIN PAGE
if it is FALSE then
	put rigAuthErrors() into tErrors
	rigSetSessFlashdata "message", tErrors
	rigRedirect "auth/login"
end if

rigAuthSetErrorDelimiters pStartDelimiter, pEndDelimiter

Set the message delimiters.

The first parameter is the staring delimiter.
The second parameter is the ending delimiter.

Example:

rigAuthSetErrorDelimiters "<p><strong>", "</strong></p>"
	
get rigAuthLogin(rigVarPost("identity"), rigVarPost("password"), tRemember)

# IF LOGIN IS UNSUCCESSFUL REDIRECT BACK TO THE LOGIN PAGE
if it is FALSE then
	put rigAuthErrors() into tErrors
	rigSetSessFlashdata "message", tErrors
	rigRedirect "auth/login"
end if

rigAuthFetchConfigItem( pItem, pIndex )

Get a value from the configuration settings array.

The first parameter is the array key.
The optional second parameter is the second array key.

Example:

# GET MIN / MAX PASSWORD LENGTH
put rigAuthFetchConfigItem("minLengthPassword") into tMinPasswordLength
put rigAuthFetchConfigItem("maxLengthPassword") into tMaxPasswordLength

# CHANGE PASSWORD
put rigAuthFetchConfigItem("identityColumn") into tIdentityCol
put tUser[tIdentityCol] into tIdentity
put rigAuthResetPassword(tIdentity, rigVarPOST("newPassword")) into tChange

# GET THE NAME OF THE USERS TABLE
put rigAuthFetchConfigItem("tables", "users") into tUsersTableName

rigAuthActivate( pID, pCode )

Activate a user account.

The first parameter is the user's id.
The second optional parameter is the activation code.

This function returns TRUE in case user activation was successful, otherwise it returns FALSE.

Example:

# GET USER ID AND ACTIVATION CODE
put rigFetchSegment(3) into tID
put rigFetchSegment(4) into tCode
put FALSE into tActivation

# ACTIVATE USER
if tCode <> FALSE then
	put rigAuthActivate(tID, tCode) into tActivation
	
else if rigAuthIsAdmin() is TRUE then
	put rigAuthActivate(tID) into tActivation
end if		

rigAuthDeactivate( pID )

Deactivate a user.

The parameter is the user's id.

This function returns TRUE in case user deactivation was successful, otherwise it returns FALSE.

Example:

if (rigAuthLoggedIn() is TRUE) and (rigAuthIsAdmin() is TRUE) then
	put rigAuthDeactivate(tID) into tDeactivated
end if

rigAuthForgottenPasswordCheck( pCode )

Check the code used to reset a password.

The parameter is the "forgotten password" code.

This function returns user data as an array in case the provided code was checked successfully, otherwise it returns FALSE.

Example:

put rigFetchSegment(3) into tForgottenPasswordCode

if tForgottenPasswordCode is FALSE then
	rigShow404
end if

put rigAuthForgottenPasswordCheck(tForgottenPasswordCode) into tUser

rigAuthClearForgottenPasswordCode( pCode )

Delete the forgotten password code.

The parameter is the code used to reset a password.

This function returns TRUE in case the code used to reset a password was deleted successfully, otherwise it returns FALSE.

Example:

if tUser["id"] <> rigVarPOST("hiddenUserID") then
	get rigAuthClearForgottenPasswordCode(tForgottenPasswordCode)
	rigLogMessage "error", "This reset password form post did not pass the security check.", TRUE
end if

rigAuthResetPassword( pIdentity, pNewPassword )

Replace password with a new one.

The first parameter is the user's email address or whatever is used to identify a user.
The second parameter is the new password.

This function returns TRUE in case the old password was replaced successfully, otherwise it returns FALSE.

Example:

# RESET THE PASSWORD
put rigAuthFetchConfigItem("identityColumn") into tIdentityCol
put tUser[tIdentityCol] into tIdentity

put rigAuthResetPassword(tIdentity, rigVarPOST("newPassword")) into tChange

rigAuthChangePassword( pIdentity, pOldPassword, pNewPassword )

Validate and change a password.

The first parameter is the user's email address or whatever is used to identify a user.
The second parameter is the old password.
The third parameter is the new password.

This function returns TRUE in case the password was changed successfully, otherwise it returns FALSE.

Example:

put rigAuthFetchConfigItem("identityColumn") into tIdentityCol
put rigSessUserdata(tIdentityCol) into tIdentity

put rigAuthChangePassword(tIdentity, rigVarPOST("oldPassword"), rigVarPOST("newPassword")) into tChange
Top of Page

 

Authentication Hooks

Authentication hooks work similar like those extending the framework core. So, if you want to run your own scripts at a particular stage of the library's execution process, the hooks feature is your friend.

Enabling Authentication Hooks

The authentication hooks feature can be enabled/disabled by setting the following item in the application/config/authentication.lc file:

put TRUE into sAuthenticationConf["enableAuthenticationHooks"]

Defining an Authentication Hook

Authentication hooks are defined in the application/config/authenticationHooks.lc file. Each hook is specified as an array with this prototype:

# IN THIS CASE THE HOOK POINT IS RIGHT BEFORE UPDATING USER DATA
put "myHandler" into sAuthenticationHooks["authPreUpdateUser"]["handler"]
put "myScript.lc" into sAuthenticationHooks["authPreUpdateUser"]["filename"]
put "hooks/authenticationHooks" into sAuthenticationHooks["authPreUpdateUser"]["filepath"]
put "beer" into sAuthenticationHooks["authPreUpdateUser"]["params"][1]
put "wine" into sAuthenticationHooks["authPreUpdateUser"]["params"][2]
put "snacks" into sAuthenticationHooks["authPreUpdateUser"]["params"][3]

Notes:
The array index correlates to the name of the particular hook point you want to use. In the above example the hook point is authPreUpdateUser. A list of hook points is found below. The following items should be defined in your associative hook array:

Note: The handlers in your hook files have access to all variables declared in the Authentication.lc library.

Multiple Calls to the Same Hook

If you want to use the same hook point with more then one script, simply make your array declaration multidimensional, like this:

put "myHandler" into sAuthenticationHooks["authPreUpdateUser"][1]["handler"]
put "myScript.lc" into sAuthenticationHooks["authPreUpdateUser"][1]["filename"]
put "hooks/authenticationHooks" into sAuthenticationHooks["authPreUpdateUser"][1]["filepath"]
put "beer" into sAuthenticationHooks["authPreUpdateUser"][1]["params"][1]
put "wine" into sAuthenticationHooks["authPreUpdateUser"][1]["params"][2]
put "snacks" into sAuthenticationHooks["authPreUpdateUser"][1]["params"][3]

put "myOtherHandler" into sAuthenticationHooks["authPreUpdateUser"][2]["handler"]
put "myOtherScript.lc" into sAuthenticationHooks["authPreUpdateUser"][2]["filename"]
put "hooks/authenticationHooks" into sAuthenticationHooks["authPreUpdateUser"][2]["filepath"]
put "red" into sAuthenticationHooks["authPreUpdateUser"][2]["params"][1]
put "yellow" into sAuthenticationHooks["authPreUpdateUser"][2]["params"][2]
put "blue" into sAuthenticationHooks["authPreUpdateUser"][2]["params"][3]

This permits you to have the same hook point with multiple scripts. The order you define your array will be the execution order.

Authentication hook Points

The following is a list of available hook points.

Hook Example Using authPostLoginSuccessful and authLogout as Hook Point

The following is hardly a real world example but at least it illustrates the concept. Let's say you want to log whenever an admin logs in and out. This can easily be accomplished with the help of authentication hooks.

Create a hooks file called authLog.lc. In it, place the code below and save it to your system/application/hooks/authenticationHooks/ folder.

<?rev
put gBASEPATH into gBASEPATH

if gBASEPATH is "gBASEPATH" then
	put "No direct script access allowed."
	exit to top
end if



/*----------------------------------------------------------------------
--| COMMAND rigLogAdminLogin
--|
--| Author: rabit
--| Version:  1.0
--| Created: 22-02-2013
--| Last Mod: 22-02-2013
--| Requires: rigLogMessage
--|
--| Summary: Log admin login.
--| 
--| Format:  rigLogAdminLogin	
--|
--| Parameters: --
--|
--| Return: empty
----------------------------------------------------------------------*/

command rigLogAdminLogin
	# sAuthUser IS A VARIABLE DECLARED IN THE AUTHENTICATION LIBRARY
	if sAuthUser["username"] is "admin" then
		rigLogMessage "info", "Admin logged in."
	end if
end rigLogAdminLogin





/*----------------------------------------------------------------------
--| COMMAND rigLogAdminLogout
--|
--| Author: rabit
--| Version:  1.0
--| Created: 22-02-2013
--| Last Mod: 22-02-2013
--| Requires: rigSessUserdata(), rigLogMessage
--|
--| Summary: Log admin logout.
--| 
--| Format:  rigLogAdminLogout	
--|
--| Parameters: --
--|
--| Return: empty
----------------------------------------------------------------------*/

command rigLogAdminLogout
		if rigSessUserdata("username") is "admin" then
			rigLogMessage "info", "Admin logged out."
		end if
end rigLogAdminLogout




--| END OF authLog.lc
--| Location:  ./system/application/hooks/authenticationHooks/authLog.lc
----------------------------------------------------------------------

The next step is to add the following lines to your authenticationHooks.lc file in system/application/config:

put "rigLogAdminLogin" into sAuthenticationHooks["authPostLoginSuccessful"]["handler"]
put "authLog.lc" into sAuthenticationHooks["authPostLoginSuccessful"]["filename"]
put "hooks/authenticationHooks" into sAuthenticationHooks["authPostLoginSuccessful"]["filepath"]


put "rigLogAdminLogout" into sAuthenticationHooks["authLogout"]["handler"]
put "authLog.lc" into sAuthenticationHooks["authLogout"]["filename"]
put "hooks/authenticationHooks" into sAuthenticationHooks["authLogout"]["filepath"]

Now enable authentication hooks in application/config/authentication.lc and your are done.

Top of Page

 

Authentication Tables

In order to use revIgniter's authentication library you need 4 database tables.

Note: The default admin user has the following credentials. Identity: admin@admin.com Password: revigniter. This password works as long as you use the default authentication encryption settings.

The MySQL version:

# Table structure for groups
# ------------------------------------------------------------

CREATE TABLE `groups` (
  `id` mediumint(8) unsigned NOT NULL auto_increment,
  `name` varchar(20) NOT NULL,
  `description` varchar(100) NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;



# Records of groups
# ------------------------------------------------------------

LOCK TABLES `groups` WRITE;

INSERT INTO `groups` (`id`, `name`, `description`)
VALUES
	(1,'admin','Administrator'),
	(2,'members','General User'),
	(3,'other','Other User');

UNLOCK TABLES;



# Table structure for login_attempts
# ------------------------------------------------------------

CREATE TABLE `login_attempts` (
  `id` mediumint(8) unsigned NOT NULL auto_increment,
  `ipAddress` varchar(16) NOT NULL,
  `login` varchar(100) NOT NULL,
  `time` int(11) unsigned default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;



# Table structure for users
# ------------------------------------------------------------

CREATE TABLE `users` (
  `id` mediumint(8) unsigned NOT NULL auto_increment,
  `ipAddress` varchar(16) character set utf8 collate utf8_unicode_ci NOT NULL,
  `username` varchar(100) character set utf8 collate utf8_unicode_ci NOT NULL,
  `password` tinytext character set utf8 collate utf8_unicode_ci NOT NULL,
  `email` varchar(100) character set utf8 collate utf8_unicode_ci NOT NULL,
  `activationCode` varchar(40) character set utf8 collate utf8_unicode_ci default NULL,
  `forgottenPasswordCode` varchar(40) character set utf8 collate utf8_unicode_ci default NULL,
  `forgottenPasswordTime` int(11) unsigned NOT NULL default '0',
  `rememberCode` varchar(40) character set utf8 collate utf8_unicode_ci default NULL,
  `createdOn` int(11) unsigned NOT NULL,
  `lastLogin` int(11) unsigned default NULL,
  `active` tinyint(1) unsigned default NULL,
  `firstName` varchar(50) character set utf8 collate utf8_unicode_ci default NULL,
  `lastName` varchar(50) character set utf8 collate utf8_unicode_ci default NULL,
  `company` varchar(100) character set utf8 collate utf8_unicode_ci default NULL,
  `phone` varchar(20) character set utf8 collate utf8_unicode_ci default NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;



# Records of users
# ------------------------------------------------------------

LOCK TABLES `users` WRITE;

INSERT INTO `users` (`id`, `ipAddress`, `username`, `password`, `email`, 
`activationCode`, `forgottenPasswordCode`, `forgottenPasswordTime`, 
`rememberCode`, `createdOn`, `lastLogin`, `active`, `firstName`, 
`lastName`, `company`, `phone`)
VALUES (1,'127.0.0.1','admin','U2FsdGVkX1/HRLAXNh9nUG3k6qJU5OeE9rACvDBL5WLsD7vPB9S44w==',
'admin@admin.com','',NULL,0,NULL,1361712014,1361732014,1,'Admin','Istrator','ADMIN','0');

UNLOCK TABLES;


# Table structure for users_groups
# ------------------------------------------------------------

DROP TABLE IF EXISTS `users_groups`;

CREATE TABLE `users_groups` (
  `id` mediumint(8) unsigned NOT NULL auto_increment,
  `userId` mediumint(8) unsigned NOT NULL,
  `groupId` mediumint(8) unsigned NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;



# Records of users_groups
# ------------------------------------------------------------

LOCK TABLES `users_groups` WRITE;

INSERT INTO `users_groups` (`id`, `userId`, `groupId`)
VALUES
	(1,1,1),
	(2,1,2);

UNLOCK TABLES;

The PostgreSQL version:

# Table structure for users
# ------------------------------------------------------------

CREATE TABLE "users" (
    "id" SERIAL NOT NULL,
    "ipAddress" varchar(16) NOT NULL,
    "username" varchar(100) NOT NULL,
    "password" text NOT NULL,
    "email" varchar(100) NOT NULL,
    "activationCode" varchar(40),
    "forgottenPasswordCode" varchar(40),
    "forgottenPasswordTime" int,
    "rememberCode" varchar(40),
    "createdOn" int NOT NULL,
    "lastLogin" int,
    "active" int4,
    "firstName" varchar(50),
    "lastName" varchar(50),
    "company" varchar(100),
    "phone" varchar(20),
  PRIMARY KEY("id"),
  CONSTRAINT "check_id" CHECK(id >= 0),
  CONSTRAINT "check_active" CHECK(active >= 0)
);



# Table structure for groups
# ------------------------------------------------------------

CREATE TABLE "groups" (
    "id" SERIAL NOT NULL,
    "name" varchar(20) NOT NULL,
    "description" varchar(100) NOT NULL,
  PRIMARY KEY("id"),
  CONSTRAINT "check_id" CHECK(id >= 0)
);



# Table structure for users_groups
# ------------------------------------------------------------

CREATE TABLE "users_groups" (
    "id" SERIAL NOT NULL,
    "userId" integer NOT NULL REFERENCES "users" ON UPDATE CASCADE ON DELETE CASCADE,
    "groupId" integer NOT NULL REFERENCES "groups" ON UPDATE CASCADE ON DELETE RESTRICT,
  PRIMARY KEY("id"),
  CONSTRAINT "users_groups_check_id" CHECK(id >= 0),
  CONSTRAINT "users_groups_check_userId" CHECK("userId" >= 0),
  CONSTRAINT "users_groups_check_groupId" CHECK("groupId" >= 0)
);



# Records of groups
# ------------------------------------------------------------

INSERT INTO "groups" (id, name, description)
SELECT 1,'admin','Administrator'
UNION SELECT
2,'members','General User'
UNION SELECT
3,'other','Other User';



# Records of users
# ------------------------------------------------------------

INSERT INTO "users" ("ipAddress", username, password, email, 
"activationCode", "forgottenPasswordCode", "forgottenPasswordTime", 
"rememberCode", "createdOn", "lastLogin", active, "firstName", 
"lastName", company, phone) VALUES 
('127.0.0.1','admin','U2FsdGVkX1/HRLAXNh9nUG3k6qJU5OeE9rACvDBL5WLsD7vPB9S44w==',
'admin@admin.com','',NULL,'0',NULL,'1361712014','1361732014','1',
'Admin','Istrator','ADMIN','0');



# Records of users_groups
# ------------------------------------------------------------

INSERT INTO "users_groups" ("userId", "groupId")
SELECT 1, 1
UNION SELECT
1, 2;



# Table structure for login_attempts
# ------------------------------------------------------------

CREATE TABLE "login_attempts" (
    "id" SERIAL NOT NULL,
    "ipAddress" varchar(16) NOT NULL,
    "login" varchar(100) NOT NULL,
    "time" int,
  PRIMARY KEY("id"),
  CONSTRAINT "check_id" CHECK(id >= 0)
);

The SQLite version:

# Table structure for users
# ------------------------------------------------------------

CREATE TABLE "users" (
	 "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
	 "ipAddress" TEXT(16,0) NOT NULL,
	 "username" TEXT(100,0) NOT NULL,
	 "password" TEXT NOT NULL,
	 "email" TEXT(100,0) NOT NULL,
	 "activationCode" TEXT(40,0) DEFAULT NULL,
	 "forgottenPasswordCode" TEXT(40,0) DEFAULT NULL,
	 "forgottenPasswordTime" INTEGER(11,0) NOT NULL DEFAULT 0,
	 "rememberCode" TEXT(40,0) DEFAULT NULL,
	 "createdOn" INTEGER(11,0) NOT NULL,
	 "lastLogin" INTEGER(11,0) DEFAULT NULL,
	 "active" INTEGER(1,0) DEFAULT NULL,
	 "firstName" TEXT(50,0) DEFAULT NULL,
	 "lastName" TEXT(50,0) DEFAULT NULL,
	 "company" TEXT(100,0) DEFAULT NULL,
	 "phone" TEXT(20,0) DEFAULT NULL
);



# Table structure for groups
# ------------------------------------------------------------

CREATE TABLE "groups" (
	 "id" INTEGER NOT NULL DEFAULT 0 PRIMARY KEY AUTOINCREMENT,
	 "name" TEXT(20,0) NOT NULL,
	 "description" TEXT(100,0) NOT NULL
);



# Table structure for users_groups
# ------------------------------------------------------------

CREATE TABLE "users_groups" (
	 "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
	 "userId" INTEGER(8,0) NOT NULL,
	 "groupId" INTEGER(8,0) NOT NULL,
	CONSTRAINT "Foreign_UsersID" FOREIGN KEY ("userId") REFERENCES "users" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
	CONSTRAINT "Foreign_GroupsID" FOREIGN KEY ("groupId") REFERENCES "groups" ("id") ON DELETE RESTRICT ON UPDATE CASCADE
);



# Records of groups
# ------------------------------------------------------------

BEGIN;
INSERT INTO "groups" VALUES (1, 'admin', 'Administrator');
INSERT INTO "groups" VALUES (2, 'members', 'General User');
INSERT INTO "groups" VALUES (3, 'other', 'Other User');
COMMIT;



# Records of users
# ------------------------------------------------------------

BEGIN;
INSERT INTO "users" VALUES 
(1, '127.0.0.1', 'admin', 'U2FsdGVkX1/HRLAXNh9nUG3k6qJU5OeE9rACvDBL5WLsD7vPB9S44w==', 
'admin@admin.com', '', null, 0, null, 1361712014, 1361712014, 1, 
'Admin', 'Istrator', 'ADMIN', 0);
COMMIT;



# Records of users_groups
# ------------------------------------------------------------

BEGIN;
INSERT INTO "users_groups" VALUES (1, 1, 1);
INSERT INTO "users_groups" VALUES (2, 1, 2);
COMMIT;



# Table structure for login_attempts
# ------------------------------------------------------------

CREATE TABLE "login_attempts" (
	 "id" INTEGER NOT NULL DEFAULT 0 PRIMARY KEY AUTOINCREMENT,
	 "ipAddress" TEXT(16,0) NOT NULL,
	 "login" TEXT(100,0) NOT NULL,
	 "time" INTEGER(11,0) DEFAULT NULL
);

Note: As of server version 7.0.6-rc-1 connecting to a SQLite database on Linux returns an error because revOpenDatabase() using SQLite is still not working in the Linux server engine. On Mac OS X connecting to SQLite should work as expected.

Note: If, for security reasons, you need to validate session IDs please follow the instructions in the User Guide regarding Saving Session Data to a Database and create an additional table to store sessions.

Top of Page

Authentication Email Templates

There are two email templates in system/application/views/emailTemplates used to send the user the "forgotten password" code, or to send an activation code to new users:

Customize these templates to best suit your needs. All you have to keep in mind is that the library provides the following variables to be used in your templates:

Note: Of course you can add your own variables to your custom templates as long as they are included in gData.

Top of Page

 

Usage Example

Before explaining what is needed to set up the authentication sample, let's describe the scenario:

  1. There is an admin page which is used to manage user data (example.com/auth/).
  2. Opening this page without being logged in as a member of the admin group redirects you to a login page (example.com/auth/login/).
  3. A form is displayed on this page requiring you to fill in your credentials.
  4. Now if you submit something invalid, the form is redisplayed containing an error message describing the problem.
  5. If the verification of the data you supply is successful you will be redirected either to a member's page or to the admin page mentioned earlier, depending on which group you belong to.
  6. Then, let's say you forgot your password.
  7. Open the "Forgot Password" page, enter your email address and hit the send button (example.com/auth/forgotPassword/).
  8. Now, while you are redirected to the login page there is an email waiting for you containing a link to a "Reset Password" page (example.com/auth/resetPassword/).
  9. On this page enter a new password, confirm it and hit the submit button.
  10. You are redirected to the login page where you can enter your new password.
  11. To change your password open the "Change Password" page (example.com/auth/changePassword/), enter your email address and your password. Hit the submit button.
  12. The procedure which follows is similar to the forgotten password one.
  13. Now, let's say you logged in as a member of the admin group.
  14. You will be presented with the administration page (example.com/auth/).
  15. There you can create new users, activate / deactivate, edit and delete users.

 

The sample environment consists of the following files:

  1. A controller to receive and process the submitted data.
  2. A form validation file.
  3. Various view files containing forms or a users table.
  4. A CSS file.

Let's create those files.

The Controller

We start with the basic authentication controller script containing just the handler to load helpers respectively libraries and the default (index) handler. Create a controller called auth.lc. In it, place the code below and save it to your system/application/controllers/ folder.

<?rev

put "auth,index,login,logout,createUser,activate,deactivate,forgotPassword" & \
",resetPassword,changePassword,editUser,deleteUser" into gControllerHandlers


command auth
 # LOAD HELPERS
 put "form,url,asset" into tHelpers
 rigLoadHelper tHelpers

 # LOAD LIBRARIES
 rigLoaderLoadLibrary "Formvalidation"
 rigLoaderLoadLibrary "Table"
 rigLoaderLoadLibrary "Authentication"
end auth



command index
 # SET PAGE TITLE
 put "Auth Test Admin Page" into gData["pageTitle"]

 # CHECK IF USER IS LOGGED IN
 if rigAuthLoggedIn() is FALSE then
  # REDIRECT TO LOGIN PAGE AND KEEP FLASHDATA IN CASE THERE IS ANY
  if rigSessFlashdata("message") <> FALSE then
   rigKeepSessFlashdata "message"
  end if

  rigRedirect "auth/login"

 else if rigAuthIsAdmin() is FALSE then
  # REDIRECT TO HOME PAGE BECAUSE USER IS NOT ALLOWED TO VIEW ADMIN CONTENT
  rigRedirect "/"

 else
  # ADMIN CONTENT
  #
  # SHOW VALIDATION ERRORS OR FLASH DATA IN CASE THERE IS ANY
  put rigValidationErrors("<div class=" & quote & "error" & quote & ">", "</div>") into tErrors
  if tErrors <> empty then
   put tErrors into gData["message"]
  else
   put rigSessFlashdata("message") into gData["message"]
   if gData["message"] is FALSE then
    put empty into gData["message"]
   end if
  end if

  # BUILD USERS LIST
  put rigAuthUsers() into tResult -- gData["users"]

  if tResult <> FALSE then

   # BUILD MODIFIED RESULT ARRAY
   put 0 into tIncr
   repeat for each key tKey in tResult
    add 1 to tIncr

    put tResult[tIncr] into tRow
    # GET FIRST, LAST NAME AND EMAIL
    put tRow[13] into tResultData[tIncr][1]
    put tRow[14] into tResultData[tIncr][2]
    put tRow[5] into tResultData[tIncr][3]

    # GET USERS GROUPS
    put rigAuthUserGroups(tRow[1]) into tGroupsResult

    if tGroupsResult <> FALSE then
     repeat for each key tKey in tGroupsResult
      put tGroupsResult[tKey] into tGroupsRow
      # GET NAME OF GROUP
      put tGroupsRow[2] & ", " after tResultData[tIncr][4]
     end repeat
     delete char -2 to -1 of tResultData[tIncr][4]
    end if

    # GET STATUS
    if tRow[12] is 1 then
     put rigAnchor("auth/deactivate/" & tRow[1], "Active") into tResultData[tIncr][5]
    else
     put rigAnchor("auth/activate/" & tRow[1], "Inactive") into tResultData[tIncr][5]
    end if

    # LINK TO EDIT USER
    put rigAnchor("auth/editUser/" & tRow[1], "Edit") into tResultData[tIncr][6]

    # LINK TO DELETE USER
    put rigAnchor("auth/deleteUser/" & tRow[1], "Delete") into tResultData[tIncr][7]
   end repeat

   # NOW GENERATE A USERS TABLE
   put "First Name", "Last Name", "Email", "Groups", "Status", "Edit, Delete" into tFieldnames
   rigSetTableHeading tFieldnames
   put rigGenerateTable(tResultData) into gData["usersTable"]
  end if

  # LINK TO LOGOUT
  put rigAnchor("auth/logout/", "Logout") into gData["logoutLink"]

  # LINK TO CREATE NEW USER
  put rigAnchor("auth/createUser/", "Create New User.") into gData["newUserLink"]

  # LOAD THE VIEW FILE
  get rigLoadView("auth/authMainView")
 end if
end index
Top of Page

Add the following code which is needed to create new user data.

command createUser
 put "Auth Test Create User" into gData["pageTitle"]

 # CHECK IF USER IS NOT LOGGED IN OR IF USER IS NOT ADMIN
 if (rigAuthLoggedIn() is not TRUE) or (rigAuthIsAdmin() is not TRUE) then
  # REDIRECT TO ADMIN (LOGIN) PAGE
  rigRedirect "auth/"
 end if

 # FORM OPEN
 put "authForm" into tFormAttr["id"]
 put rigFormOpen("auth/createUser", tFormAttr) into gData["formOpen"]

 # FIELD SET
 put rigFormFieldset("User Data") into gData["fsOpen"]
 put rigFormFieldsetClose() into gData["fsClose"]

 # FORM LABELS
 put "formLabel" into tLabelAttr["class"]
 put rigFormLabel("First Name:", "first", tLabelAttr) into gData["firstLabel"]
 put rigFormLabel("Last Name:", "last", tLabelAttr) into gData["lastLabel"]
 put rigFormLabel("Company:", "company", tLabelAttr) into gData["companyLabel"]
 put rigFormLabel("Email:", "email", tLabelAttr) into gData["emailLabel"]
 put rigFormLabel("Phone:", "phone", tLabelAttr) into gData["phoneLabel"]
 put rigFormLabel("Password:", "password", tLabelAttr) into gData["passwordLabel"]
 put rigFormLabel("Confirm Password:", "passwordConfirm", tLabelAttr) into gData["passwordConfirmLabel"]

 # SUBMIT
 put "createSubmit" into tSubmitArr["name"]
 put "Create User" into tSubmitArr["value"]
 put "createBtn" into tSubmitArr["id"]
 put rigSubmitButton(tSubmitArr) into gData["createSubmit"]

 # FORM VALIDATION
 if rigFormValidRun("auth/createUser") is TRUE then
  # GET ACCOUNT DATA
  if $_POST is an array then
   put toLower(rigVarPOST("first")) && toLower(rigVarPOST("last")) into tUserName
   put rigVarPOST("password") into tPassword
   put rigVarPOST("email") into tEmail

   put rigVarPOST("first") into tExtraData["firstName"]
   put rigVarPOST("last") into tExtraData["lastName"]
   put rigVarPOST("company") into tExtraData["company"]
   put rigVarPOST("phone") into tExtraData["phone"]
  end if

  put rigAuthRegister(tUserName, tPassword, tEmail, tExtraData) into tRegistration

  # CHECK REGISTRATION DATA
  if tRegistration is an array then
   rigLogMessage "debug", "identity:" && tRegistration["identity"]
   rigLogMessage "debug", "id:" && tRegistration["id"]
   rigLogMessage "debug", "email:" && tRegistration["email"]
   rigLogMessage "debug", "activationCode:" && tRegistration["activationCode"]
  else
   rigLogMessage "debug", "tRegistration:" && tRegistration
  end if
  rigLogMessage "debug", "messages:" && rigAuthMessages()
  #

  # IF REGISTRATION WAS SUCCESSFUL REDIRECT TO AUTHENTICATION PAGE
  if tRegistration <> FALSE then		
   put rigAuthMessages() into tMessages
   rigSetSessFlashdata "message", tMessages
   rigRedirect "/auth"
  else
   # LOAD VIEW
   put rigAuthErrors() into tErrors
   rigSetSessFlashdata "message", tErrors
   rigRedirect "auth/createUser"
  end if

 else -- if rigFormValidRun("auth/createUser") is TRUE then

  put rigValidationErrors("<div class=" & quote & "error" & quote & ">", "</div>") into tErrors
  if tErrors <> empty then
   put tErrors into gData["message"]
  else
   put rigSessFlashdata("message") into gData["message"]
   if gData["message"] is FALSE then
    put empty into gData["message"]
   end if
  end if

  # INPUT FIELDS
  put "first" into tInFirstArr["name"]
  # RE-POPULATE THE FIELD
  put rigSetValue("first") into tInFirstArr["value"]
  put "50" into tInFirstArr["maxlength"]
  put rigFormInput(tInFirstArr) into gData["first"]

  put "last" into tInLastArr["name"]
  # RE-POPULATE THE FIELD
  put rigSetValue("last") into tInLastArr["value"]
  put "50" into tInLastArr["maxlength"]
  put rigFormInput(tInLastArr) into gData["last"]

  put "company" into tInCompArr["name"]
  # RE-POPULATE THE FIELD
  put rigSetValue("company") into tInCompArr["value"]
  put "100" into tInCompArr["maxlength"]
  put rigFormInput(tInCompArr) into gData["company"]

  put "email" into tInMailArr["name"]
  # RE-POPULATE THE FIELD
  put rigSetValue("email") into tInMailArr["value"]
  put "50" into tInMailArr["maxlength"]
  put rigFormInput(tInMailArr) into gData["email"]

  put "phone" into tInPhoneArr["name"]
  # RE-POPULATE THE FIELD
  put rigSetValue("phone") into tInPhoneArr["value"]
  put "50" into tInPhoneArr["maxlength"]
  put rigFormInput(tInPhoneArr) into gData["phone"]

  put "password" into tInPassArr["name"]
  # RE-POPULATE THE FIELD
  put rigSetValue("password") into tInPassArr["value"]
  put "50" into tInPassArr["maxlength"]
  put rigFormInput(tInPassArr) into gData["password"]

  put "passwordConfirm" into tInPassConfArr["name"]
  # RE-POPULATE THE FIELD
  put rigSetValue("passwordConfirm") into tInPassConfArr["value"]
  put "50" into tInPassConfArr["maxlength"]
  put rigFormInput(tInPassConfArr) into gData["passwordConfirm"]
 end if

 # LOAD VIEW
 get rigLoadView("auth/createUserMainView")
end createUser
Top of Page

Add the login handler.

command login
 put "Auth Test Login" into gData["pageTitle"]

 # FORM OPEN
 put "authForm" into tFormAttr["id"]
 put rigFormOpen("auth/login", tFormAttr) into gData["formOpen"]

 # FIELD SET
 put rigFormFieldset("Login Form") into gData["fsOpen"]
 put rigFormFieldsetClose() into gData["fsClose"]

 # FORM LABELS
 put "formLabel" into tLabelAttr["class"]
 put rigFormLabel("Email/Username:", "identity", tLabelAttr) into gData["identityLabel"]
 put rigFormLabel("Password:", "password", tLabelAttr) into gData["passwordLabel"]
 put rigFormLabel("Remember me:", "remember", tLabelAttr) into gData["rememberLabel"]

 # SUBMIT
 put "loginSubmit" into tSubmitArr["name"]
 put "Login" into tSubmitArr["value"]
 put "loginBtn" into tSubmitArr["id"]
 put rigSubmitButton(tSubmitArr) into gData["loginSubmit"]

 # FORM VALIDATION
 if rigFormValidRun("auth/login") is TRUE then

  # CHECK IF USER IS LOGGING IN		
  # REMEMBER ME CHECK BOX
  put FALSE into tRemember
  # CHECK IF THERE IS A POST VARIABLE remember
  put rigVarPost("remember") into tPostRemember
  if tPostRemember <> FALSE then
   # CHECK VALUE
   if tPostRemember[1] is 1 then
    put TRUE into tRemember
   end if
  end if

  get rigAuthLogin(rigVarPost("identity"), rigVarPost("password"), tRemember)

  # IF LOGIN IS SUCCESSFUL REDIRECT BACK TO HOME PAGE, auth IN THIS CASE
  if it is TRUE then
   put rigAuthMessages() into tMessages
   rigSetSessFlashdata "message", tMessages
   rigRedirect "/auth"

  else
   # IF LOGIN IS UNSUCCESSFUL REDIRECT BACK TO THE LOGIN PAGE
   put rigAuthErrors() into tErrors
   rigSetSessFlashdata "message", tErrors
   rigRedirect "auth/login"
  end if


 else
  # THE USER IS NOT LOGGING IN, SHOW THE LOGIN PAGE
  # SHOW VALIDATION ERRORS OR FLASH DATA IF THERE IS ANY
  put rigValidationErrors("<div class=" & quote & "error" & quote & ">", "</div>") into tErrors
  if tErrors <> empty then
   put tErrors into gData["message"]
  else
   put rigSessFlashdata("message") into gData["message"]
   if gData["message"] is FALSE then
    put empty into gData["message"]
   end if
  end if

  # INPUT FIELDS
  put "identity" into tInIdentArr["name"]
  # RE-POPULATE THE FIELD
  put rigSetValue("identity") into tInIdentArr["value"]
  put "100" into tInIdentArr["maxlength"]
  put rigFormInput(tInIdentArr) into gData["identity"]

  put "password" into tInPwArr["name"]
  put "40" into tInPwArr["maxlength"]
  put rigFormInput(tInPwArr) into gData["loginPassword"]

  # CHECKBOX
  put rigSetCheckbox("remember[]", "1", TRUE) into gData["chbRemember"]

  get rigLoadView("auth/loginMainView")

 end if -- if rigFormValidRun("auth/login") is TRUE then
end login
Top of Page

Of course there is a logout handler.

command logout
 # LOG USER OUT
 rigAuthLogout

 # REDIRECT TO THE LOGIN PAGE
 put rigAuthMessages() into tMessages

 rigSetSessFlashdata "message", tMessages
 rigRedirect "/auth/login"
end logout
Top of Page

Add the following user activation handler.

command activate
 # GET USER ID AND ACTIVATION CODE
 put rigFetchSegment(3) into tID
 put rigFetchSegment(4) into tCode
 put FALSE into tActivation

 # ACTIVATE USER
 if tCode <> FALSE then
  put rigAuthActivate(tID, tCode) into tActivation

 else if rigAuthIsAdmin() is TRUE then
  put rigAuthActivate(tID) into tActivation
 end if

 # CHECK IF ACTIVATION WAS SUCCESSFUL AND ACT ACCORDINGLY
 if tActivation is TRUE then
  # REDIRECT TO THE AUTH PAGE
  put rigAuthMessages() into tMessages

  rigSetSessFlashdata "message", tMessages
  rigRedirect "/auth"

 else
  put rigAuthErrors() into tErrors

  rigSetSessFlashdata "message", tErrors
  rigRedirect "auth/forgotPassword"
 end if	
end activate
Top of Page

Add the user deactivation handler.

command deactivate
 put "Auth Test Deactivate" into gData["pageTitle"]

 put rigFetchSegment(3) into tID

 # FORM OPEN
 put "authForm" into tFormAttr["id"]
 put rigFormOpen("auth/deactivate/" & tID, tFormAttr) into gData["formOpen"]

 # FIELD SET
 put rigFormFieldset("Deactivate User Form") into gData["fsOpen"]
 put rigFormFieldsetClose() into gData["fsClose"]

 # FORM LABELS
 put "formLabel" into tLabelAttr["class"]
 put rigFormLabel("Yes:", "confirm", tLabelAttr) into gData["confirmRadioYesLabel"]
 put rigFormLabel("No:", "confirm", tLabelAttr) into gData["confirmRadioNoLabel"]

 # SUBMIT
 put "deactivateSubmit" into tSubmitArr["name"]
 put "Submit" into tSubmitArr["value"]
 put "submitBtn" into tSubmitArr["id"]
 put rigSubmitButton(tSubmitArr) into gData["deactivateSubmit"]

 # FORM VALIDATION
 if rigFormValidRun("auth/deactivate") is TRUE then
  put FALSE into tDeactivated

  # CHECK IF DEACTIVATION WAS CONFIRMED
  if rigVarPOST("confirm") is "yes" then

   # VALIDATE THE REQUEST
   if tID <> rigVarPOST("id") then
    rigLogMessage "error", "This user deactivation form post did not pass the security check.", TRUE
   end if

   # CHECK THE USER LEVEL
   if (rigAuthLoggedIn() is TRUE) and (rigAuthIsAdmin() is TRUE) then
    put rigAuthDeactivate(tID) into tDeactivated
   end if

  end if

  # GET AUTH MESSAGES AND REDIRECT TO THE AUTH PAGE
  if tDeactivated is TRUE then
   put rigAuthMessages() into tMessages
  else
   put rigAuthErrors() into tMessages
  end if

  rigSetSessFlashdata "message", tMessages
  rigRedirect "/auth"

 else
  put rigValidationErrors("<div class=" & quote & "error" & quote & ">", "</div>") into tErrors
  if tErrors <> empty then
   put tErrors into gData["message"]
  else
   put rigSessFlashdata("message") into gData["message"]
   if gData["message"] is FALSE then
    put empty into gData["message"]
   end if
  end if

  # HIDDEN USER ID FIELD
  put rigAuthUser(tID) into tQueryResult
  if (tQueryResult <> FALSE) and (tQueryResult is an array) then
   put rigDbRow() into tUserRow
   put tUserRow["id"] into tUserID
   put tUserRow["username"] into gData["userName"]
  else
   put empty into tUserID
  end if
  put rigFormHidden("id", tUserID) into gData["hiddenUserID"]

  # RADIO BUTTONS
  put rigSetRadio("confirm", "yes") into gData["confirmYes"]
  put rigSetRadio("confirm", "no", TRUE) into gData["confirmNo"]

  # LOAD VIEWS
  get rigLoadView("auth/deactivateUserMainView")
 end if
end deactivate
Top of Page

Add the "forgotPassword" handler.

command forgotPassword
 put "Auth Test Forgot Password" into gData["pageTitle"]

 put rigSessFlashdata("message") into gData["message"]

 # FORM OPEN
 put "authForm" into tFormAttr["id"]
 put rigFormOpen("auth/forgotPassword/", tFormAttr) into gData["formOpen"]

 # FIELD SET
 put rigFormFieldset("Forgot Password Form") into gData["fsOpen"]
 put rigFormFieldsetClose() into gData["fsClose"]

 # FORM LABELS
 put "formLabel" into tLabelAttr["class"]
 put rigFormLabel("Email:", "email", tLabelAttr) into gData["emailLabel"]

 # SUBMIT
 put "forgotSubmit" into tSubmitArr["name"]
 put "Submit" into tSubmitArr["value"]
 put "forgotBtn" into tSubmitArr["id"]
 put rigSubmitButton(tSubmitArr) into gData["forgotSubmit"]

 # FORM VALIDATION
 if rigFormValidRun("auth/forgotPassword") is TRUE then
  # CALL THE rigAuthForgottenPassword FUNCTION TO SEND A RESET CODE TO THE USER
  put rigAuthForgottenPassword(rigVarPOST("email")) into tResetPasswordSent

  if tResetPasswordSent is TRUE then
   put rigAuthMessages() into tMessages

   rigSetSessFlashdata "message", tMessages
   rigRedirect "/auth/login"
  else
   put rigAuthErrors() into tErrors

   rigSetSessFlashdata "message", tErrors
   rigRedirect "auth/forgotPassword"
  end if		

 else
  put rigValidationErrors("<div class=" & quote & "error" & quote & ">", "</div>") into tErrors
  if tErrors <> empty then
   put tErrors into gData["message"]
  else
   put rigSessFlashdata("message") into gData["message"]
   if gData["message"] is FALSE then
    put empty into gData["message"]
   end if
  end if

  # INPUT FIELDS
  put "email" into tInMailArr["name"]
  # RE-POPULATE THE FIELD
  put rigSetValue("email") into tInMailArr["value"]
  put "50" into tInMailArr["maxlength"]
  put rigFormInput(tInMailArr) into gData["email"]
 end if

 # LOAD VIEW
 get rigLoadView("auth/forgotPasswordMainView")
end forgotPassword
Top of Page

Add code which is used to reset passwords in case a user forgot the password or sent a change password request.

command resetPassword
 put "Auth Test Reset Password" into gData["pageTitle"]

 put rigFetchSegment(3) into tForgottenPasswordCode

 if tForgottenPasswordCode is FALSE then
  rigShow404
 end if

 put rigAuthForgottenPasswordCheck(tForgottenPasswordCode) into tUser

 if tUser <> FALSE then
  put rigAuthFetchConfigItem("minLengthPassword") into tMinPasswordLength
  put rigAuthFetchConfigItem("maxLengthPassword") into tMaxPasswordLength

  # FORM OPEN
  put "authForm" into tFormAttr["id"]
  put rigFormOpen("auth/resetPassword/" & tForgottenPasswordCode, tFormAttr) into gData["formOpen"]

  # FIELD SET
  put rigFormFieldset("Reset Password Form") into gData["fsOpen"]
  put rigFormFieldsetClose() into gData["fsClose"]

  # FORM LABELS
  put "formLabel" into tLabelAttr["class"]
  put rigFormLabel("New Password (at least" && tMinPasswordLength && "characters long):", \
"newPassword", tLabelAttr) into gData["newPasswordLabel"]
  put rigFormLabel("Confirm New Password:", "newPasswordConfirm", tLabelAttr) into gData["newPasswordConfirmLabel"]

  # SUBMIT
  put "resetSubmit" into tSubmitArr["name"]
  put "Change" into tSubmitArr["value"]
  put "resetBtn" into tSubmitArr["id"]
  put rigSubmitButton(tSubmitArr) into gData["resetSubmit"]

  # IF THE CODE IS VALID DISPLAY THE PASSWORD RESET FORM
  # FORM VALIDATION
  if rigFormValidRun("auth/resetPassword") is TRUE then

   # VALIDATE THE REQUEST
   if tUser["id"] <> rigVarPOST("hiddenUserID") then
    get rigAuthClearForgottenPasswordCode(tForgottenPasswordCode)
    rigLogMessage "error", "This reset password form post did not pass the security check.", TRUE

   else
    # CHANGE THE PASSWORD
    put rigAuthFetchConfigItem("identityColumn") into tIdentityCol
    put tUser[tIdentityCol] into tIdentity

    put rigAuthResetPassword(tIdentity, rigVarPOST("newPassword")) into tChange

    if tChange is TRUE then
     # THE PASSWORD WAS SUCCESSFULLY CHANGED
     put rigAuthMessages() into tMessages

     rigSetSessFlashdata "message", tMessages
     logout

    else
     put rigAuthErrors() into tErrors

     rigSetSessFlashdata "message", tErrors
     rigRedirect "auth/resetPassword/" & tForgottenPasswordCode
    end if

   end if

  else
   # DISPLAY THE FORM
   # SET THE FLASH DATA ERROR MESSAGE IF THERE IS ONE
   put rigValidationErrors("<div class=" & quote & "error" & quote & ">", "</div>") into tErrors
   if tErrors <> empty then
    put tErrors into gData["message"]
   else
    put rigSessFlashdata("message") into gData["message"]
    if gData["message"] is FALSE then
     put empty into gData["message"]
    end if
   end if

   # INPUT FIELDS
   put "newPassword" into tInPassArr["name"]
   put tMaxPasswordLength into tInPassArr["maxlength"]
   put "password" into tInPassArr["type"]
   put rigFormInput(tInPassArr) into gData["newPassword"]

   put "newPasswordConfirm" into tInPassConfArr["name"]
   put tMaxPasswordLength into tInPassConfArr["maxlength"]
   put "password" into tInPassConfArr["type"]
   put rigFormInput(tInPassConfArr) into gData["newPasswordConfirm"]

   put "hiddenUserID" into tInUserIdArr["name"]
   put tUser["id"] into tInUserIdArr["value"]
   put "hidden" into tInUserIdArr["type"]
   put rigFormInput(tInUserIdArr) into gData["hiddenUserID"]

   # LOAD VIEW
   get rigLoadView("auth/resetPasswordMainView")

  end if -- if rigFormValidRun("auth/forgotPassword") is TRUE then

 else  -- if tUser <> FALSE then
  put rigAuthErrors() into tErrors

  rigSetSessFlashdata "message", tErrors
  rigRedirect "auth/forgotPassword"
 end if -- if tUser <> FALSE then

end resetPassword
Top of Page

Add a handler which is used to change passwords.

command changePassword
 put "Auth Test Change Password" into gData["pageTitle"]

 # CHECK IF USER IS LOGGED IN
 if rigAuthLoggedIn() is FALSE then
  rigRedirect "/auth/login"
 end if

 # GET USER DATA
 put rigAuthUser() into tQueryResult

 if (tQueryResult <> FALSE) and (tQueryResult is an array) then
  put rigDbRow() into tUser
 end if

 # GET MIN / MAX PASSWORD LENGTH
 put rigAuthFetchConfigItem("minLengthPassword") into tMinPasswordLength
 put rigAuthFetchConfigItem("maxLengthPassword") into tMaxPasswordLength

 # FORM OPEN
 put "authForm" into tFormAttr["id"]
 put rigFormOpen("auth/changePassword/", tFormAttr) into gData["formOpen"]

 # FIELD SET
 put rigFormFieldset("Change Password Form") into gData["fsOpen"]
 put rigFormFieldsetClose() into gData["fsClose"]

 # FORM LABELS
 put "formLabel" into tLabelAttr["class"]
 put rigFormLabel("Old Password:", "oldPassword", tLabelAttr) into gData["oldPasswordLabel"]
 put rigFormLabel("New Password (at least" && tMinPasswordLength && "characters long):", \
"newPassword", tLabelAttr) into gData["newPasswordLabel"]
 put rigFormLabel("Confirm New Password:", "newPasswordConfirm", tLabelAttr) into gData["newPasswordConfirmLabel"]

 # SUBMIT
 put "changeSubmit" into tSubmitArr["name"]
 put "Change" into tSubmitArr["value"]
 put "changeBtn" into tSubmitArr["id"]
 put rigSubmitButton(tSubmitArr) into gData["changeSubmit"]

 # FORM VALIDATION
 if rigFormValidRun("auth/changePassword") is TRUE then
  put rigAuthFetchConfigItem("identityColumn") into tIdentityCol
  put rigSessUserdata(tIdentityCol) into tIdentity

  put rigAuthChangePassword(tIdentity, rigVarPOST("oldPassword"), rigVarPOST("newPassword")) into tChange

  if tChange is TRUE then
   # THE PASSWORD WAS SUCCESSFULLY CHANGED
   put rigAuthMessages() into tMessages

   rigSetSessFlashdata "message", tMessages
   logout

  else
   put rigAuthErrors() into tErrors

   rigSetSessFlashdata "message", tErrors
   rigRedirect "auth/changePassword/" & tForgottenPasswordCode
  end if

 else
  # DISPLAY THE FORM
  # SET THE FLASH DATA ERROR MESSAGE IF THERE IS ONE
  put rigValidationErrors("<div class=" & quote & "error" & quote & ">", "</div>") into tErrors
  if tErrors <> empty then
   put tErrors into gData["message"]
  else
   put rigSessFlashdata("message") into gData["message"]
   if gData["message"] is FALSE then
    put empty into gData["message"]
   end if
  end if

  # INPUT FIELDS
  put "oldPassword" into tInOldPassArr["name"]
  put tMaxPasswordLength into tInOldPassArr["maxlength"]
  put "password" into tInOldPassArr["type"]
  put rigFormInput(tInOldPassArr) into gData["oldPassword"]

  put "newPassword" into tInPassArr["name"]
  put tMaxPasswordLength into tInPassArr["maxlength"]
  put "password" into tInPassArr["type"]
  put rigFormInput(tInPassArr) into gData["newPassword"]

  put "newPasswordConfirm" into tInPassConfArr["name"]
  put tMaxPasswordLength into tInPassConfArr["maxlength"]
  put "password" into tInPassConfArr["type"]
  put rigFormInput(tInPassConfArr) into gData["newPasswordConfirm"]

  put "hiddenUserID" into tInUserIdArr["name"]
  put tUser["id"] into tInUserIdArr["value"]
  put "hidden" into tInUserIdArr["type"]
  put rigFormInput(tInUserIdArr) into gData["hiddenUserID"]

  # LOAD VIEW
  get rigLoadView("auth/changePasswordMainView")

 end if -- if rigFormValidRun("auth/resetPassword") is TRUE then
end changePassword
Top of Page

Add a handler which is used to edit user data.

command editUser
 put "Auth Test Edit User" into gData["pageTitle"]

 # CHECK IF USER IS NOT LOGGED IN OR IF USER IS NOT ADMIN
 if (rigAuthLoggedIn() is not TRUE) or (rigAuthIsAdmin() is not TRUE) then
  # REDIRECT TO AUTH PAGE
  rigRedirect "auth/"
 end if

 # GET MIN / MAX PASSWORD LENGTH
 put rigAuthFetchConfigItem("minLengthPassword") into tMinPasswordLength
 put rigAuthFetchConfigItem("maxLengthPassword") into tMaxPasswordLength

 # GET USER ID
 put rigFetchSegment(3) into tID

 # GET STORED USER DATA
 put rigAuthUser(tID) into tQueryResult
 if (tQueryResult <> FALSE) and (tQueryResult is an array) then
  put rigDbRow() into tUser
 end if

 # FORM OPEN
 put "authForm" into tFormAttr["id"]
 put rigFormOpen("auth/editUser/" & tID, tFormAttr) into gData["formOpen"]

 # FIELD SET
 put rigFormFieldset("Edit User") into gData["fsOpen"]
 put rigFormFieldsetClose() into gData["fsClose"]

 # FORM LABELS
 put "formLabel" into tLabelAttr["class"]
 put rigFormLabel("First Name:", "first", tLabelAttr) into gData["firstLabel"]
 put rigFormLabel("Last Name:", "last", tLabelAttr) into gData["lastLabel"]
 put rigFormLabel("Company:", "company", tLabelAttr) into gData["companyLabel"]
 put rigFormLabel("Phone:", "phone", tLabelAttr) into gData["phoneLabel"]
 put rigFormLabel("Password:", "password", tLabelAttr) into gData["passwordLabel"]
 put rigFormLabel("Confirm Password:", "passwordConfirm", tLabelAttr) into gData["passwordConfirmLabel"]

 # SUBMIT
 put "editSubmit" into tSubmitArr["name"]
 put "Save User" into tSubmitArr["value"]
 put "editBtn" into tSubmitArr["id"]
 put rigSubmitButton(tSubmitArr) into gData["editSubmit"]

 # CHECK POST ARRAY DATA
 if $_POST is an array then
  # VALIDATE THE REQUEST
  if tID <> rigVarPOST("hiddenUserID") then
   rigLogMessage "error", "This form post did not pass the security check.", TRUE
  end if

  put rigVarPost("first") into tData["firstName"]
  put rigVarPost("last") into tData["lastName"]
  put rigVarPost("company") into tData["company"]
  put rigVarPost("phone") into tData["phone"]

  # UPDATE PASSWORD IF IT WAS POSTED
  if rigVarPost("password") <> empty then
   rigSetRules "password", "Password", \
"requiredR|minLengthR[" & tMinPasswordLength & "]|maxLengthR[" & tMaxPasswordLength & "]|matchesR[passwordConfirm]|xssClean"
   rigSetRules "passwordConfirm", "Confirm Password", "requiredR"

   put rigVarPost("password") into tData["password"]
  end if

  # FORM VALIDATION
  if rigFormValidRun("auth/editUser") is TRUE then
   get rigAuthUpdate(tUser["id"], tData)

   rigSetSessFlashdata "message", "User saved."
   # REDIRECT TO AUTH PAGE
   rigRedirect "auth/"
  end if

 end if -- if $_POST is an array then
 put rigValidationErrors("<div class=" & quote & "error" & quote & ">", "</div>") into tErrors
 if tErrors <> empty then
  put tErrors into gData["message"]
 else
  put rigSessFlashdata("message") into gData["message"]
  if gData["message"] is FALSE then
   put empty into gData["message"]
  end if
 end if

 # INPUT FIELDS
 put "first" into tInFirstArr["name"]
 # RE-POPULATE THE FIELD
 put rigSetValue("first", tUser["firstName"]) into tInFirstArr["value"]
 put "50" into tInFirstArr["maxlength"]
 put rigFormInput(tInFirstArr) into gData["first"]

 put "last" into tInLastArr["name"]
 # RE-POPULATE THE FIELD
 put rigSetValue("last", tUser["lastName"]) into tInLastArr["value"]
 put "50" into tInLastArr["maxlength"]
 put rigFormInput(tInLastArr) into gData["last"]

 put "company" into tInCompArr["name"]
 # RE-POPULATE THE FIELD
 put rigSetValue("company", tUser["company"]) into tInCompArr["value"]
 put "100" into tInCompArr["maxlength"]
 put rigFormInput(tInCompArr) into gData["company"]

 put "phone" into tInPhoneArr["name"]
 # RE-POPULATE THE FIELD
 put rigSetValue("phone", tUser["phone"]) into tInPhoneArr["value"]
 put "50" into tInPhoneArr["maxlength"]
 put rigFormInput(tInPhoneArr) into gData["phone"]

 put "password" into tInPassArr["name"]
 # RE-POPULATE THE FIELD
 put rigSetValue("password") into tInPassArr["value"]
 put "50" into tInPassArr["maxlength"]
 put rigFormInput(tInPassArr) into gData["password"]

 put "passwordConfirm" into tInPassConfArr["name"]
 # RE-POPULATE THE FIELD
 put rigSetValue("passwordConfirm") into tInPassConfArr["value"]
 put "50" into tInPassConfArr["maxlength"]
 put rigFormInput(tInPassConfArr) into gData["passwordConfirm"]

 put "hiddenUserID" into tInUserIdArr["name"]
 put tID into tInUserIdArr["value"]
 put "hidden" into tInUserIdArr["type"]
 put rigFormInput(tInUserIdArr) into gData["hiddenUserID"]

 # LOAD VIEW
 get rigLoadView("auth/editUserMainView")

end editUser
Top of Page

Now add the last handler which is needed to delete user data.

command deleteUser
 put "Auth Test Delete User" into gData["pageTitle"]

 put rigFetchSegment(3) into tID

 # FORM OPEN
 put "authForm" into tFormAttr["id"]
 put rigFormOpen("auth/deleteUser/" & tID, tFormAttr) into gData["formOpen"]

 # FIELD SET
 put rigFormFieldset("Delete User Form") into gData["fsOpen"]
 put rigFormFieldsetClose() into gData["fsClose"]

 # FORM LABELS
 put "formLabel" into tLabelAttr["class"]
 put rigFormLabel("Yes:", "confirm", tLabelAttr) into gData["confirmRadioYesLabel"]
 put rigFormLabel("No:", "confirm", tLabelAttr) into gData["confirmRadioNoLabel"]

 # SUBMIT
 put "deleteSubmit" into tSubmitArr["name"]
 put "Submit" into tSubmitArr["value"]
 put "submitBtn" into tSubmitArr["id"]
 put rigSubmitButton(tSubmitArr) into gData["deleteSubmit"]

 # FORM VALIDATION
 if rigFormValidRun("auth/deleteUser") is TRUE then
  put FALSE into tDeleted

  # CHECK IF DEACTIVATION WAS CONFIRMED
  if rigVarPOST("confirm") is "yes" then

   # VALIDATE THE REQUEST
   if tID <> rigVarPOST("id") then
    rigLogMessage "error", "This form post did not pass the security check.", TRUE
   end if

   # CHECK THE USER LEVEL
   if (rigAuthLoggedIn() is TRUE) and (rigAuthIsAdmin() is TRUE) then
    put rigAuthDeleteUser(tID) into tDeleted
   end if

  end if

  # GET AUTH MESSAGES AND REDIRECT TO THE AUTH PAGE
  if tDeleted is TRUE then
   put rigAuthMessages() into tMessages
  else
   put rigAuthErrors() into tMessages
  end if

  rigSetSessFlashdata "message", tMessages
  rigRedirect "/auth"

 else
  put rigValidationErrors("<div class=" & quote & "error" & quote & ">", "</div>") into tErrors
  if tErrors <> empty then
   put tErrors into gData["message"]
  else
   put rigSessFlashdata("message") into gData["message"]
   if gData["message"] is FALSE then
    put empty into gData["message"]
   end if
  end if

  # HIDDEN USER ID FIELD
  put rigAuthUser(tID) into tQueryResult

  if (tQueryResult <> FALSE) and (tQueryResult is an array) then
   put rigDbRow() into tUserRow
   put tUserRow["id"] into tUserID
   put tUserRow["username"] into gData["userName"]
  else
   put empty into tUserID
  end if
  put rigFormHidden("id", tUserID) into gData["hiddenUserID"]

  # RADIO BUTTONS
  put rigSetRadio("confirm", "yes") into gData["confirmYes"]
  put rigSetRadio("confirm", "no", TRUE) into gData["confirmNo"]

  # LOAD VIEW
  get rigLoadView("auth/deleteUserMainView")
 end if
end deleteUser






--| END OF auth.lc
--| Location: ./system/application/controllers/auth.lc
----------------------------------------------------------------------
Top of Page

The Form Validation File

The rules to validate authentication. Create a file called validation.lc. In it, place the code below and save it to your system/application/config/ folder.

<?rev
put gBASEPATH into gBASEPATH

if gBASEPATH is "gBASEPATH" then
 put "No direct script access allowed."
 exit to top
end if


local sValidationConf


# AUTHENTICATION VALIDATION
# LOGIN
put "identity" into sValidationConf["auth/login"][1]["field"]
put "Email" into sValidationConf["auth/login"][1]["label"]
put "trim|requiredR|validEmailR|maxLengthR[100]|xssClean" into sValidationConf["auth/login"][1]["rules"]

put "password" into sValidationConf["auth/login"][2]["field"]
put "Password" into sValidationConf["auth/login"][2]["label"]
put "requiredR|alphaDashR|maxLengthR[40]|xssClean" into sValidationConf["auth/login"][2]["rules"]

put "remember[]" into sValidationConf["auth/login"][3]["field"]
put "Remember me" into sValidationConf["auth/login"][3]["label"]
put "numericR" into sValidationConf["auth/login"][3]["rules"]


# CREATE USER
put "first" into sValidationConf["auth/createUser"][1]["field"]
put "First Name" into sValidationConf["auth/createUser"][1]["label"]
put "trim|requiredR|minLengthR[3]|maxLengthR[50]|alphaDashR|xssClean" into sValidationConf["auth/createUser"][1]["rules"]

put "last" into sValidationConf["auth/createUser"][2]["field"]
put "Last Name" into sValidationConf["auth/createUser"][2]["label"]
put "trim|requiredR|minLengthR[3]|maxLengthR[50]|alphaDashR|xssClean" into sValidationConf["auth/createUser"][2]["rules"]

put "company" into sValidationConf["auth/createUser"][3]["field"]
put "Company" into sValidationConf["auth/createUser"][3]["label"]
put "trim|minLengthR[3]|maxLengthR[100]|alphaDashR|xssClean" into sValidationConf["auth/createUser"][3]["rules"]

put "email" into sValidationConf["auth/createUser"][4]["field"]
put "Email" into sValidationConf["auth/createUser"][4]["label"]
put "trim|requiredR|validEmailR|minLengthR[3]|maxLengthR[100]|xssClean" into sValidationConf["auth/createUser"][4]["rules"]

put "phone" into sValidationConf["auth/createUser"][5]["field"]
put "Phone" into sValidationConf["auth/createUser"][5]["label"]
put "trim|alphaDashR|maxLengthR[20]" into sValidationConf["auth/createUser"][5]["rules"]

put "password" into sValidationConf["auth/createUser"][6]["field"]
put "Password" into sValidationConf["auth/createUser"][6]["label"]
put "requiredR|minLengthR[8]|maxLengthR[40]|matchesR[passwordConfirm]|xssClean" into sValidationConf["auth/createUser"][6]["rules"]

put "passwordConfirm" into sValidationConf["auth/createUser"][7]["field"]
put "Confirm Password" into sValidationConf["auth/createUser"][7]["label"]
put "requiredR" into sValidationConf["auth/createUser"][7]["rules"]


# DEACTIVATE USER
put "confirm" into sValidationConf["auth/deactivate"][1]["field"]
put "Confirmation" into sValidationConf["auth/deactivate"][1]["label"]
put "requiredR|alphaR" into sValidationConf["auth/deactivate"][1]["rules"]

put "id" into sValidationConf["auth/deactivate"][2]["field"]
put "User ID" into sValidationConf["auth/deactivate"][2]["label"]
put "requiredR|numericR" into sValidationConf["auth/deactivate"][2]["rules"]


# FORGOT PASSWORD
put "email" into sValidationConf["auth/forgotPassword"][1]["field"]
put "Email" into sValidationConf["auth/forgotPassword"][1]["label"]
put "trim|requiredR|validEmailR|minLengthR[3]|maxLengthR[100]|xssClean" into sValidationConf["auth/forgotPassword"][1]["rules"]


# RESET PASSWORD
put "newPassword" into sValidationConf["auth/resetPassword"][1]["field"]
put "New Password" into sValidationConf["auth/resetPassword"][1]["label"]
put "requiredR|minLengthR[8]|maxLengthR[20]|matchesR[newPasswordConfirm]|xssClean" into sValidationConf["auth/resetPassword"][1]["rules"]

put "newPasswordConfirm" into sValidationConf["auth/resetPassword"][2]["field"]
put "Confirm New Password" into sValidationConf["auth/resetPassword"][2]["label"]
put "requiredR" into sValidationConf["auth/resetPassword"][2]["rules"]


# CHANGE PASSWORD
put "oldPassword" into sValidationConf["auth/changePassword"][1]["field"]
put "Old Password" into sValidationConf["auth/changePassword"][1]["label"]
put "requiredR" into sValidationConf["auth/changePassword"][1]["rules"]

put "newPassword" into sValidationConf["auth/changePassword"][2]["field"]
put "New Password" into sValidationConf["auth/changePassword"][2]["label"]
put "requiredR|minLengthR[8]|maxLengthR[20]|matchesR[newPasswordConfirm]|xssClean" into sValidationConf["auth/changePassword"][2]["rules"]

put "newPasswordConfirm" into sValidationConf["auth/changePassword"][3]["field"]
put "Confirm New Password" into sValidationConf["auth/changePassword"][3]["label"]
put "requiredR" into sValidationConf["auth/changePassword"][3]["rules"]


# EDIT USER
put "first" into sValidationConf["auth/editUser"][1]["field"]
put "First Name" into sValidationConf["auth/editUser"][1]["label"]
put "trim|requiredR|minLengthR[3]|maxLengthR[50]|alphaDashR|xssClean" into sValidationConf["auth/editUser"][1]["rules"]

put "last" into sValidationConf["auth/editUser"][2]["field"]
put "Last Name" into sValidationConf["auth/editUser"][2]["label"]
put "trim|requiredR|minLengthR[3]|maxLengthR[50]|alphaDashR|xssClean" into sValidationConf["auth/editUser"][2]["rules"]

put "company" into sValidationConf["auth/editUser"][3]["field"]
put "Company" into sValidationConf["auth/editUser"][3]["label"]
put "trim|minLengthR[3]|maxLengthR[100]|alphaDashR|xssClean" into sValidationConf["auth/editUser"][3]["rules"]

put "phone" into sValidationConf["auth/editUser"][4]["field"]
put "Phone" into sValidationConf["auth/editUser"][4]["label"]
put "trim|alphaDashR|maxLengthR[20]" into sValidationConf["auth/editUser"][4]["rules"]

put "password" into sValidationConf["auth/editUser"][5]["field"]
put "Password" into sValidationConf["auth/editUser"][5]["label"]
put "minLengthR[8]|maxLengthR[40]|matchesR[passwordConfirm]|xssClean" into sValidationConf["auth/editUser"][5]["rules"]

put "passwordConfirm" into sValidationConf["auth/editUser"][6]["field"]
put "Confirm Password" into sValidationConf["auth/editUser"][6]["label"]
put "minLengthR[8]" into sValidationConf["auth/editUser"][6]["rules"]


# DELETE USER
put "confirm" into sValidationConf["auth/deleteUser"][1]["field"]
put "Confirmation" into sValidationConf["auth/deleteUser"][1]["label"]
put "requiredR|alphaR" into sValidationConf["auth/deleteUser"][1]["rules"]

put "id" into sValidationConf["auth/deleteUser"][2]["field"]
put "User ID" into sValidationConf["auth/deleteUser"][2]["label"]
put "requiredR|numericR" into sValidationConf["auth/deleteUser"][2]["rules"]





function fetchValidationConf
 return sValidationConf
end fetchValidationConf



--| END OF validation.lc
--| Location: ./system/application/config/validation.lc
----------------------------------------------------------------------
Top of Page

The View Files

Create the following view files and save them to a folder called "auth" in your system/application/views/ folder.

We use multiple views nested in a parent view file. The header view, name it "headerView.lc", is included in all parent views (one fits all):

<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8">

	<title>[[gData["pageTitle"] ]]</title>
	<? return rigCssAsset("authentication.css") ?>

</head>

The view which represents the admin page called "authView.lc":

<body>

	<div id="container" class="adminPage">
		<header>
			<h1>Users</h1>
		</header>

		<div id="main" role="main">


		<div id="infoMessage">[[gData["message"] ]]</div>

			[[gData["usersTable"] ]]

			<p>[[gData["newUserLink"] ]]</p>

			<p>[[gData["logoutLink"] ]]</p>

		</div>
	</div> <!--! end of #container -->

</body>
</html>	

The parent view of the admin page called "authMainView.lc":

<?
put rigLoadView("auth/headerView", TRUE) into tHeader
put rigLoadView("auth/authView", TRUE) into tContent
return tHeader && tContent
?>

The view used to change a password. It is called "changePasswordView.lc":

<body>

	<div id="container" class="changePassword">
    <header>
		<h1>Change Password</h1>
    </header>

    <div id="main" role="main">

		<div id="infoMessage">[[gData["message"] ]]</div>


		[[gData["formOpen"] ]]
		[[gData["fsOpen"] ]]

		<div>[[gData["oldPasswordLabel"] ]] [[gData["oldPassword"] ]]</div>

		<div>[[gData["newPasswordLabel"] ]] [[gData["newPassword"] ]]</div>

		<div>[[gData["newPasswordConfirmLabel"] ]] [[gData["newPasswordConfirm"] ]]</div>

		[[gData["hiddenUserID"] ]]


		<div>[[gData["changeSubmit"] ]]</div>

		[[gData["fsClose"] ]]
		</form>

		</div>
	</div> <!--! end of #container -->

</body>
</html>

"changePasswordMainView.lc", the parent view of the view above:

<?
put rigLoadView("auth/headerView", TRUE) into tHeader
put rigLoadView("auth/changePasswordView", TRUE) into tContent
return tHeader && tContent
?>

The "createUserView.lc" view:

<body>

	<div id="container" class="createUser">
    <header>
		<h1>Create User</h1>
		<p>Please enter the users information below.</p>
    </header>

    <div id="main" role="main">

			<div id="infoMessage">[[gData["message"] ]]</div>

			[[gData["formOpen"] ]]
			[[gData["fsOpen"] ]]


			<div>[[gData["firstLabel"] ]] [[gData["first"] ]]</div>

			<div>[[gData["lastLabel"] ]] [[gData["last"] ]]</div>

			<div>[[gData["companyLabel"] ]] [[gData["company"] ]]</div>

			<div>[[gData["emailLabel"] ]] [[gData["email"] ]]</div>

			<div>[[gData["phoneLabel"] ]] [[gData["phone"] ]]</div>

			<div>[[gData["passwordLabel"] ]] [[gData["password"] ]]</div>

			<div>[[gData["passwordConfirmLabel"] ]] [[gData["passwordConfirm"] ]]</div>

			<div>[[gData["createSubmit"] ]]</div>

		[[gData["fsClose"] ]]
			</form>

    	</div>
	</div> <!--! end of #container -->

</body>
</html>

The parent view "createUserMainView.lc":

<?
put rigLoadView("auth/headerView", TRUE) into tHeader
put rigLoadView("auth/createUserView", TRUE) into tContent
return tHeader && tContent
?>

The "deactivateUserView.lc" view:

<body>

	<div id="container" class="deactivate">
		<header>
			<h1>Deactivate User</h1>
			<p>Are you sure you want to deactivate the user '[[gData["userName"] ]]'</p>
		</header>


		<div id="main" role="main">

		[[gData["formOpen"] ]]
		[[gData["fsOpen"] ]]

			[[gData["hiddenUserID"] ]]
		<div>[[gData["confirmRadioYesLabel"] ]] <input type="radio" name="confirm" value="yes" [[gData["confirmYes"] ]] /></div>
		<div>[[gData["confirmRadioNoLabel"] ]] <input type="radio" name="confirm" value="no" [[gData["confirmNo"] ]] /></div>

 		<div>[[gData["deactivateSubmit"] ]]</div>

		[[gData["fsClose"] ]]
		</form>
		</div>
	</div> <!--! end of #container -->

</body>
</html>

The parent view "deactivateUserMainView.lc":

<?
put rigLoadView("auth/headerView", TRUE) into tHeader
put rigLoadView("auth/deactivateUserView", TRUE) into tContent
return tHeader && tContent
?>

The "deleteUserView.lc" view:

<body>

	<div id="container" class="delete">
		<header>
			<h1>Delete User</h1>
			<p>Are you sure you want to delete the user '[[gData["userName"] ]]'</p>
		</header>


	<div id="main" role="main">

	[[gData["formOpen"] ]]
	[[gData["fsOpen"] ]]

	[[gData["hiddenUserID"] ]]
	<div>[[gData["confirmRadioYesLabel"] ]] <input type="radio" name="confirm" value="yes" [[gData["confirmYes"] ]] /></div>
	<div>[[gData["confirmRadioNoLabel"] ]] <input type="radio" name="confirm" value="no" [[gData["confirmNo"] ]] /></div>

	<div>[[gData["deleteSubmit"] ]]</div>

	[[gData["fsClose"] ]]
	</form>
	</div>
	</div> <!--! end of #container -->

</body>
</html>

The parent view "deleteUserMainView.lc":

<?
put rigLoadView("auth/headerView", TRUE) into tHeader
put rigLoadView("auth/deleteUserView", TRUE) into tContent
return tHeader && tContent
?>

The "editUserView.lc" view:

<body>

<div id="container" class="editUser">
   <header>
		<h1>Edit User</h1>
		<p>Please enter the users information below.</p>
   </header>

   <div id="main" role="main">

		<div id="infoMessage">[[gData["message"] ]]</div>

		[[gData["formOpen"] ]]
		[[gData["fsOpen"] ]]


		<div>[[gData["firstLabel"] ]] [[gData["first"] ]]</div>

		<div>[[gData["lastLabel"] ]] [[gData["last"] ]]</div>

		<div>[[gData["companyLabel"] ]] [[gData["company"] ]]</div>

		<div>[[gData["phoneLabel"] ]] [[gData["phone"] ]]</div>

		<div>[[gData["passwordLabel"] ]] [[gData["password"] ]]</div>

		<div>[[gData["passwordConfirmLabel"] ]] [[gData["passwordConfirm"] ]]</div>

		[[gData["hiddenUserID"] ]]

		<div>[[gData["editSubmit"] ]]</div>

		[[gData["fsClose"] ]]
		</form>

    </div>
	</div> <!--! end of #container -->

</body>
</html>

The parent view "editUserMainView.lc":

<?
put rigLoadView("auth/headerView", TRUE) into tHeader
put rigLoadView("auth/editUserView", TRUE) into tContent
return tHeader && tContent
?>

The "forgotPasswordView.lc" view:

<body>

	<div id="container" class="forgotPassword">
    <header>
		<h1>Forgot Password</h1>
		<p>Please enter your email address so we can send you an email to reset your password.</p>
    </header>

    <div id="main" role="main">

		<div id="infoMessage">[[gData["message"] ]]</div>


		[[gData["formOpen"] ]]
		[[gData["fsOpen"] ]]

		<div>[[gData["emailLabel"] ]] [[gData["email"] ]]</div>

		<div>[[gData["forgotSubmit"] ]]</div>

		[[gData["fsClose"] ]]
		</form>

	</div>
	</div> <!--! end of #container -->

</body>
</html>

The parent view "forgotPasswordMainView.lc":

<?
put rigLoadView("auth/headerView", TRUE) into tHeader
put rigLoadView("auth/forgotPasswordView", TRUE) into tContent
return tHeader && tContent
?>

The "loginView.lc" view:

<body>

	<div id="container" class="login">
		<header>
			<h1>Login</h1>
			<p>Please login with your email/username and password below.</p>
		</header>

		<div id="main" role="main">
			<div id="infoMessage">[[gData["message"] ]]</div>

		[[gData["formOpen"] ]]
		[[gData["fsOpen"] ]]

		<div>[[gData["identityLabel"] ]] [[gData["identity"] ]]</div>

		<div>[[gData["passwordLabel"] ]] [[gData["loginPassword"] ]]</div>

		<div>[[gData["rememberLabel"] ]] <input type="checkbox" name="remember[]" value="1" [[gData["chbRemember"] ]] /></div>

		<div>[[gData["loginSubmit"] ]]</div>


		[[gData["fsClose"] ]]
		</form>
	</div>
	</div> <!--! end of #container -->

</body>
</html>

The parent view "loginMainView.lc":

<?
put rigLoadView("auth/headerView", TRUE) into tHeader
put rigLoadView("auth/loginView", TRUE) into tContent
return tHeader && tContent
?>

The "resetPasswordView.lc" view:

<body>

	<div id="container" class="resetPassword">
    	<header>
			<h1>Change Password</h1>
    	</header>

    <div id="main" role="main">

	<div id="infoMessage">[[gData["message"] ]]</div>


	[[gData["formOpen"] ]]
	[[gData["fsOpen"] ]]


	<div>[[gData["newPasswordLabel"] ]] [[gData["newPassword"] ]]</div>

	<div>[[gData["newPasswordConfirmLabel"] ]] [[gData["newPasswordConfirm"] ]]</div>

	[[gData["hiddenUserID"] ]]


	<div>[[gData["resetSubmit"] ]]</div>

	[[gData["fsClose"] ]]
	</form>

	</div>
	</div> <!--! end of #container -->

</body>
</html>

The parent view "resetPasswordMainView.lc":

<?
put rigLoadView("auth/headerView", TRUE) into tHeader
put rigLoadView("auth/resetPasswordView", TRUE) into tContent
return tHeader && tContent
?>
Top of Page

The CSS File

Create a CSS file called authentication.css, in it place the following code and save it to your assets/css/ folder:

body {
	margin: 40px;
	padding: 0;
	font-family: "Lucida Grande", Lucida, Verdana, Geneva, Sans-serif;
	font-size: 12px;
	color: #888;
	background-color: #fff;
}
#container {
	margin-left: auto;
	margin-right: auto;
}
#container.login,
#container.editUser,
#container.createUser,
#container.changePassword,
#container.forgotPassword,
#container.resetPassword {
	width: 400px;
}
#container.adminPage {
	width: 610px;
}
#container.deactivate, #container.delete {
	width: 350px;
}
.formLabel {
	display: inline-block;
	width:	160px;
	margin-bottom: 10px;
}
table {
	width: 600px;
}
th {
	text-align: left;
}
button a {
	text-decoration: none;
}

Try it!

After having installed all those sample files