This plugin provides a convenient, familiar way for participants to gain access to their record using a username and password. If the user has a password manager in their browser, the sign-in credentials will be remembered.
The username field can be any uniquely identifying field, such as an email, made-up username or even an ID number.
The password field any be any text field and is used to verify the user’s identity. Passwords can be stored encrypted or in plaintext. Encrypted passwords requires the use of a “password” type field.
The password field is optional, making it possible to use the login form to gain access to the editable record with a single input such as an access code.
The login form is protected from brute-force attempts to guess the credentials, limiting the number of times a form may be attempted in a period of time.
Note: the “login” provided by this plugin is not a WordPress user login, it is for the purpose of securely accessing a Participants Database record only.
To configure the plugin for use, start by making sure your “Participant Record Page” is correctly configured by visiting the “Record Form” tab in the main Participants Database settings. This tells the login form which page to go to when the login is accepted.
Create a page that will be the login page. On that page, place the
[pdb_login] shortcode to show the login form.
It is possible to use a custom template for the login form if you need.
When using the “Extended Access” preference, the user is automatically forwarded to the record edit page from the login page for 24 hours after successfully logging in. This period can be changed using a code filter.
To end the persistent login before it expires, you can use a logout link. You may need to use this if you have users that must have access to more than one record. The logout URL is simply the login URL with “?pdb-logout” appended to it. For example, if your Participants Database login page is at /pdb-login, your logout link would look like this:
If you are not using pretty permalinks, you need to do it slightly differently. For example, if your login page is on a page with an ID of 2034, your logout link would look like this:
Login Form Settings
Selects the field that holds the username. This could be an email address, a made-up username, or even a member ID number. If the password is not required, this will be the only field shown.
This field should hold a value that uniquely identifies the record. If more than one record matches the value, the first record found will be used.
Username Not Found Feedback Message
Message to show if the username does not match any record.
If this is checked, both the username and the password must match an existing record for the login to be accepted. If unchecked, no password will be required, and a correct entry into the username field will take the user to the record edit screen. Be careful with this, it could allow data to be changed by unauthorized persons.
This is where you set the field that is used for your”password.” If “Encrypt Passwords” is set (this is the default) only “password” type fields can be selected here. If you deselect the encryption preference, you can use any text field here, but not password fields.
If you set this field to “required” (on the Manage Database Fields page) the user will be forced to type in their password when they edit their record. If the field is set to “not required” it will still be required in the login form.
Use Encrypted Password
You have the option to save the passwords as encrypted or unencrypted. If the passwords are encrypted, nobody will be able to know what the actual password is. This is to keep them secure in case of a breach. If you are using encrypted passwords, only a “password” type field may be used as the password field.
If this is deselected, you may us any “text” type field for your password field. This may be preferable in situations where keeping the password encrypted is not needed, or if you want to use a regular text field for your password field, such as a member ID or other identifying field value.
When deselected, the passwords are stored in plaintext and so will be visible. This would allow an admin to tell a user what their password is, for instance.
Important: when changing this setting, you must save the settings twice: once to change this setting, then again to save the “password field” selection.
Login Button Text
This is where you can set the text that is shown on the login form submit button.
Bad Password Feedback Message
Message shown if the password doesn’t match the value in the database.
If checked, a cookie is stored on the user’s browser when they successfully log in, so tha when they are directed to the record edit page, the URL does not show the private ID of the record. This can also be used to allow the user to bypass the login for a while if the setting below is set.
This sets the cookie to stay valid for 24 hours, allowing them to bypass the login for that period of time. This requires the the “Use Cookie” setting be selected as well. When a user with such a cookie visits the Participant Login page, they will be immediately redirected to their record edit screen.
The 24-hour period can be changed to another value by using a code filter.
Password Recovery Settings
Show Lost Password Link
Provides a way to send the direct link to the user’s record so their password can be changed or recovered. This requires the the “Resend Private Link” functionality in Participants Database be correctly configured.
This does not send the password or set a new password, it functions in the normal way for Participants Database: it provides the recipient with a private link to edit their record. They may use that link to change their password if they wish.
Lost Password Form Shortcode
This shortcode is used to generate the lost password form. This setting allows you to customize the shortcode, primarily so that a custom template may be used. the default value here is
Request your Private Link
One-Time-Use Private Link
Password recovery works by emailing the user a “private link” which can be used to access their record edit page, bypassing the login form. When checked, this setting will change the private ID every time it is used to access the record edit page. This keeps the private link secure because it can only be used once.
Don’t use this if your users need to be able to use a static URL to access their record edit page. This setting has the effect of changing the private ID code every time the record is saved.