Product Support

Participant Login

Provides username/password access to edit a Participants Database record.

Product Setup

To configure the plugin for use, start by making sure your “Participant Record Page” is correctly configured by visiting the “Record Form” tab in the main Participants Database settings. This tells the login form which page to go to when the login is accepted.

Create a page that will be the login page. On that page, place the [pdb_login] shortcode to show the login form.

It is possible to use a custom template for the login form if you need.

Persistent Login

When using the “Extended Access” preference, the user is automatically forwarded to the record edit page from the login page for 24 hours after successfully logging in. This period can be changed using a code filter.

Logout

To end the persistent login before it expires, you can use a logout link. You may need to use this if you have users that must have access to more than one record. The logout URL is simply the login URL with “?pdb-logout” appended to it. For example, if your Participants Database login page is at /pdb-login, your logout link would look like this:

/pdb-login?pdb-logout

If you are not using pretty permalinks, you need to do it slightly differently. For example, if your login page is on a page with an ID of 2034, your logout link would look like this:

/?p=2034&pdb-logout

Product Settings

Login Form Settings

Username Field

Selects the field that holds the username. This could be an email address, a made-up username, or even a member ID number. If the password is not required, this will be the only field shown.

This field should hold a value that uniquely identifies the record. If more than one record matches the value, the first record found will be used.

Username Not Found Feedback Message

Message to show if the username does not match any record.

Require Password

If this is checked, both the username and the password must match an existing record for the login to be accepted. If unchecked, no password will be required, and a correct entry into the username field will take the user to the record edit screen. Be careful with this, it could allow data to be changed by unauthorized persons.

Password Field

This is where you set the field that is used for your”password.” If “Encrypt Passwords” is set (this is the default) only “password” type fields can be selected here. If you deselect the encryption preference, you can use any text field here, but not password fields.

If you set this field to “required” (on the Manage Database Fields page) the user will be forced to type in their password when they edit their record. If the field is set to “not required” it will still be required in the login form.

Use Encrypted Password

You have the option to save the passwords as encrypted or unencrypted. If the passwords are encrypted, nobody will be able to know what the actual password is. This is to keep them secure in case of a breach. If you are using encrypted passwords, only a “password” type field may be used as the password field.

If this is deselected, you may us any “text” type field for your password field. This may be preferable in situations where keeping the password encrypted is not needed, or if you want to use a regular text field for your password field, such as a member ID or other identifying field value.

When deselected, the passwords are stored in plaintext and so will be visible. This would allow an admin to tell a user what their password is, for instance.

Important: when changing this setting, you must save the settings twice: once to change this setting, then again to save the “password field” selection.

Login Button Text

This is where you can set the text that is shown on the login form submit button.

Bad Password Feedback Message

Message shown if the password doesn’t match the value in the database.

Use Cookie

If checked, a cookie is stored on the user’s browser when they successfully log in, so tha when they are directed to the record edit page, the URL does not show the private ID of the record. This can also be used to allow the user to bypass the login for a while if the setting below is set.

Extended Access

This sets the cookie to stay valid for 24 hours, allowing them to bypass the login for that period of time. This requires the the “Use Cookie” setting be selected as well. When a user with such a cookie visits the Participant Login page, they will be immediately redirected to their record edit screen.

The 24-hour period can be changed to another value by using a code filter.

Password Recovery Settings

Show Lost Password Link

Provides a way to send the direct link to the user’s record so their password can be changed or recovered. This requires the the “Resend Private Link” functionality in Participants Database be correctly configured.

This does not send the password or set a new password, it functions in the normal way for Participants Database: it provides the recipient with a private link to edit their record. They may use that link to change their password if they wish.

Lost Password Form Shortcode

This shortcode is used to generate the lost password form. This setting allows you to customize the shortcode, primarily so that a custom template may be used. the default value here is [pdb_request_link].

One-Time-Use Private Link

Password recovery works by emailing the user a “private link” which can be used to access their record edit page, bypassing the login form. When checked, this setting will change the private ID every time it is used to access the record edit page. This keeps the private link secure because it can only be used once.

Don’t use this if your users need to be able to use a static URL to access their record edit page. This setting has the effect of changing the private ID code every time the record is saved.

F.A.Q.

How does the "brute-force" protection work?

Every time the form is tried, the attempt is recorded with a timestamp and and the user’s IP. If there are over 10 attempts in a hour from a single IP, that IP is not allowed any more attempts for an hour.

Can I change the number of login attempts are allowed before the IP is shut out?

Yes, it quires the use of a filter callback. The number of attempts allowed is filtered by ‘pdb-login_max_attempts’ and defaults to 10. The time within which this number of attempts is allowed is filtered by ‘pdb-login_attempt_timeframe’ and defaults to 1 hour in seconds, or 3600.

What if someone loses or forgets their password?

The plugin uses the “Resend Private Link” function that Participants Database uses. There is a setting to include the link in the login form. If someone doesn’t know their password, when they click the link and enter their identifying information (usually an email) a “private link” is sent to them that they can use to access their record. They can change their password at that time if they wish.

Is there any way to find out what someone's password is?

If you are using encrypted passwords, there is no way to know what the password is. In that case, the user must set a new password. If you are using plaintext passwords, then yes, no problem, the password will be visible to an administrator. The password will also be visible to the user when they edit their record.

How secure is the login form?

The login form provides a reasonable amount of security for non-critical applications. While security is very important to the design and operation of Participants Database, the plugin is not recommended for storing high-value information such as credit card numbers, social security numbers, passwords, etc.

The level of security when using this plugin is largely determined by it’s configuration by the administrator. Security is always a trade-off between convenience and how hard it is to break in. If you opt for convenience, it will be at the expense of security, that’s just how it works.

This plugin is designed to be useful in low-security situations where things link single-field logins and plaintext passwords are desirable. The security can be enhanced by using encrypted strong passwords, and hard-to-guess usernames that are not publicly viewable.

How can I prevent the private ID from being seen in the URL after they log in?

In the Participant Login settings enable the “Use Cookie” setting. Now, when someone uses the login form, they will be directed to the record edit form without any indication of the record ID or private ID in the URL.

Is it possible to direct the user to a different page depending on a value in their record?

Yes, there is a filter that is used to get the URL of the page the user goes to after they successfully log in. The filter is ‘pdb-login_after_validate_submission’ and it passes in the user’s record and whether it was validated or not. (This means this can also be used to change where they go if the login wasn’t valid.)

I have created a simple plugin that demonstrates how this can be done:

Redirect PDB Login

You can download this demo plugin and make the changes needed to work for your situation.

Support Discussions for Participant Login

  • Hi,
    I have several issues:

    1. on the Resend Link Tab, I edited Lost Private Link Text, but it never updates the page still shows
    “Forget your private link? Click here to have it emailed to you.” instead of “Reset password? Click here to have it emailed to you.”

    2. i have installed the custom template tool, so i assume this plugin will work like the others, I added the shortcode [pdb_login template=mdbootstrap], then created a file pdb-login-mdbootstrap.php in “/wp-content/themes/slgaeighteen/templates” and “/wp-content/participants-database-templates” and both didnt work, any idea why?

    • oh and …
      3. Where is the custom template for Request your Private Link form page? eg (/members/profile/access/?m=r)

    • It looks like the Custom Template Folder add-on is not working properly with the Participant Login plugin. However, it should be getting the template in your theme. So, for that, I would check to make sure the “templates” folder in your theme is in the correct theme…if you’re using a child theme, it should be there. Second, of course, double-check your shortcode and filename to make sure they match. It does look correct in your post.

      For the second issue, it should use the Participants Database “Lost Private Link Text” setting, or you can set it in your custom template by including it as the first argument of the print_retrieve_link() function. Of course, the custom template has to be getting loaded for that to work.

      Your third question: the template for the Request Your Private Link form is in the main plugin as pdb-retrieve-default.php and you can use a custom template for that.

  • I am unable to delete users on my site (participants database), now there are a lot of spam registration. How can I delete these user?

    • You can delete records on the admin List Participants page, select the records you want deleted, then select “delete” in the action dropdown at the top of the list.

  • Greetings Roland,

    I’m using the participant login plugin with participants database. I can’t seem to figure out how to let the users change their passwords. In this case, they can request a private link to edit pieces of their profile, but no password field is available. Is there a way I can make the password field show up on their manage-participant page?

    • Make sure the password field is in a “public” group so that it can be edited by the user.

  • Hi Roland! Weird question….. Is there any way to have a participant edit only selected data? I use field group tabs and I would like my participants to only have access to one tab of data. (We track transportation mode for kids and the parent has the option to change a transportation mode if the kid’s schedule changes).

    Thanks!

    • Yes, there are a couple of ways to do this. First, you can control which fields are shown by the shortcode using the “fields” or “groups” attributes to name the fields or groups you want shown in the form.

      For example: [pdb_record groups="main,address"]

      Another approach would be to use the “read-only” setting to prevent user from changing values. This would allow you to show them the values they can’t change.

      If you’ve got some coding skills, using a custom template is another way to go to give you complete control over how it looks.

    • I didn’t received a reply on the above, so don’t worry about that questions. We found a work around.

      • Oh gosh…. so sorry…. just saw the reply below. Geez! I guess the email notification of a response didn’t work for me. I will ready it now.

  • Hello! I tried to put the shortcode pdb_login and it did not show me any form, I do not understand how to do it, could you explain it to me?

    • First, check the Participant Login settings to make sure that the correct fields are configured. You may need to select 1 or 2 fields to appear in the form if the default values don’t work for your setup.

      Then, on the page where you want the login form to appear put:

      [pdb_login]

      Sometimes, this doesn’t work if you try to put it into a sidebar or into a special location. Try it in the regular content of a page first.

  • Hi

    Could you tell me how to set up the log out button?

    Cheers

    • This is in the instructions, you just need to create a link of some kind that includes “?pdb_logout” It should be the normal URL for the logout form with that added at the end. It can be any kind of link: a button, a “logout” item in a menu, etc.

  • I just bought this plug-in and it’s already broken. On the Participant Login Settings page, next to Password Field, the drop-down menu is empty. It showed up fine at the start, and then I went back to it and now it’s empty. I tried deleting this plug-in and reinstalling it, and nothing has changed.

    • Hi Joanne,

      Sorry for the difficulty with the UI…I know it’s not clear. If you have the “Use Encrypted Password” setting checked, then only “password” type fields can be selected as the “Password Field” If there happen to be no password fields defined, that dropdown will be empty. If you uncheck that, then you can use other types of fields for your password field.

  • Hi, i would like to know about Spanish languaje.

    I will need to change all the botton´s and responses in “Participants Database” and “Participant Login” to Spanish, please let me know if it is possible.

    Thank you

    • If you install the Spanish language in your WordPress and run the site in Spanish, you will get the Spanish translation of Participants Database. You will need to translate some of the settings yourself. Take a look at this article it explains some of this:

      Localizing Participants Database

Got a Support Question?

You have to agree to the comment policy.