Product Support

Participant Login

Provides username/password access to edit a Participants Database record.

Product Setup

To configure the plugin for use, start by making sure your “Participant Record Page” is correctly configured by visiting the “Record Form” tab in the main Participants Database settings. This tells the login form which page to go to when the login is accepted.

Setting up the Participant Record Page

Configure the Login Form

On the Participant Login settings page, you can configure the form to show one or two fields that the user will need to fill in to access their editable record. The first field is called the “Username” field, and it is used as the primary identifier. This can be an email address, an ID number of some kind, or really anything that can be used to uniquely identify the user.

The second field is called the “Password” field, but it can also be anything you want. It is usually used to verify the user, especially if the Username field is something that would be generally known, such as an email address. It is also possible to set up the form to use only a single input field by unchecking the “Require Password” checkbox. When this is unchecked, only the Username field will be shown in the form. You might do this if your username field was something only the user would know, such as an ID number.

When selecting the field to use for the password field, it is important understand that “password” type fields store the password in encrypted form, which means an administrator cannot know what the password is. If you need to be able to tell people what their password is, use a text-line field for your password field, then you will be able to look up their password because it will be stored in plaintext.

Create Your Login Page

Once you have configured the login form, you should create a page that will be the login page. On that page, place the [pdb_login] shortcode to show the login form. It is possible to use a custom template for the login form if you need.

This shortcode will accept the following attributes to configure how it looks and works:

  • template for using a custom template
  • record_page to set the page (use the page name or ID) that the user goes to after successfully logging in; that page must have the [pdb_record] shortcode.
  • login_button_text to set the text on the submit button for the login form

Persistent Login

When using the “Extended Access” preference, the user is automatically forwarded to the record edit page from the login page for 24 hours after successfully logging in. This period can be changed using a code filter.

Logout

To end the persistent login before it expires, you can use a logout link. You may need to use this if you have users that must have access to more than one record. The logout URL is simply the login URL with “?pdb-logout” appended to it. For example, if your Participants Database login page is at /pdb-login, your logout link would look like this:

/pdb-login?pdb-logout

If you are not using pretty permalinks, you need to do it slightly differently. For example, if your login page is on a page with an ID of 2034, your logout link would look like this:

/?p=2034&pdb-logout

It’s a good idea to put the logout link in a menu somewhere where the user can find it.

Product Settings

Login Form Settings

Username Field

Selects the field that holds the username. This could be an email address, a made-up username, or even a member ID number. If the password is not required, this will be the only field shown. This field should hold a value that uniquely identifies the record. If more than one record matches the value, the first record found will be used.

Username Not Found Feedback Message

Message to show if the username does not match any record.

Username Field Extra Attributes

This setting provides a way to add attributes to the username input element. This can be used to add client-side validation to the input, which can be helpful to users typing in the correct thing for the input. It can also be used to add simple javascript interactivity to the input.

This setting uses the same format as the “attributes” setting in the field definition: name::value,name::value etc. Because the comma is used to separate attributes, you must use the HTML entity , to represent the comma if it is in the value.

To set up a client-side validation, use the required and pattern attributes. The link provides the details on using the pattern attribute. Here is a simple example setting:

pattern::[a-z]{3,20},required,title::username must be all lowercase letters between 3 and 20 characters

That pattern will only accept lowercase letters and the length of the input must be at least 3 characters and no more than 20. You can use the “title” attribute to add a message to the pop-up that is seen when the validation fails.

Require Password

If this is checked, both the username and the password must match an existing record for the login to be accepted. If unchecked, no password will be required, and a correct entry into the username field will take the user to the record edit screen. Be careful with this, it could allow data to be changed by unauthorized persons.

Password Field

This is where you set the field that is used for your”password.” This field can be a “Text Line” type or a “Password” type field. If the field you want to use does not appear in the selector, you should either create it if it doesn’t exist or change its form element type to one that is valid for this setting.

If you select a text-line field for this, it will be stored in the database as plaintext. This will often be the case if you are using something like a customer ID for this field. If you use a “password” type field, the password will be encrypted in the database when the user saves their password.

It is important to understand that you cannot switch from or to a password field after the record data has been entered. Changing the field type cannot encrypt or decrypt passwords, so if there is data in this field, it will become incompatible with the field type. If the password field is empty, that is OK, the password will be saved in the correct format when the user enters it.

Login Button Text

This is where you can set the text that is shown on the login form submit button.

Bad Password Feedback Message

Message shown if the password doesn’t match the value in the database.

If checked, a cookie is stored on the user’s browser when they successfully log in, so tha when they are directed to the record edit page, the URL does not show the private ID of the record. This can also be used to allow the user to bypass the login for a while if the setting below is set.

Extended Access

This sets the cookie to stay valid for 24 hours, allowing them to bypass the login for that period of time. This requires the the “Use Cookie” setting be selected as well. When a user with such a cookie visits the Participant Login page, they will be immediately redirected to their record edit screen. The 24-hour period can be changed to another value by using a code filter.

Password Recovery Settings

Provides a way to send the direct link to the user’s record so their password can be changed or recovered. This requires the the “Resend Private Link” functionality in Participants Database be correctly configured. This does not send the password or set a new password, it functions in the normal way for Participants Database: it provides the recipient with a private link to edit their record. They may use that link to change their password if they wish.

Lost Password Form Shortcode

This shortcode is used to generate the lost password form. This setting allows you to customize the shortcode, primarily so that a custom template may be used. the default value here is [pdb_request_link].

Password recovery works by emailing the user a “private link” which can be used to access their record edit page, bypassing the login form. When checked, this setting will change the private ID every time it is used to access the record edit page. This keeps the private link secure because it can only be used once. Don’t use this if your users need to be able to use a static URL to access their record edit page. This setting has the effect of changing the private ID code every time the record is saved.

F.A.Q.

Is it possible to use the login form to show a list of records?

If you want to only show the list of records to people who are registered, you can set the destination of the login form to the page with the list shortcode. You can use the “record_page” attribute in the shortcode to direct the user to any page, for example:

[pdb_login record_page="show-list"]
How does the "brute-force" protection work?

Every time the form is tried, the attempt is recorded with a timestamp and and the user’s IP. If there are over 10 attempts in a hour from a single IP, that IP is not allowed any more attempts for an hour.

Can I change the number of login attempts are allowed before the IP is shut out?

Yes, it quires the use of a filter callback. The number of attempts allowed is filtered by pdb-login_max_attempts and defaults to 10. The time within which this number of attempts is allowed is filtered by pdb-login_attempt_timeframe and defaults to 1 hour in seconds, or 3600.

What if someone loses or forgets their password?

The plugin uses the “Resend Private Link” function that Participants Database uses. There is a setting to include the link in the login form. If someone doesn’t know their password, when they click the link and enter their identifying information (usually an email) a “private link” is sent to them that they can use to access their record. They can change their password at that time if they wish.

How secure is the login form?

The login form provides a reasonable amount of security for non-critical applications. While security is very important to the design and operation of Participants Database, the plugin is not recommended for storing high-value information such as credit card numbers, social security numbers, passwords, etc.

The level of security when using this plugin is largely determined by it’s configuration by the administrator. Security is always a trade-off between convenience and how hard it is to break in. If you opt for convenience, it will be at the expense of security, that’s just how it works.

This plugin is designed to be useful in low-security situations where things link single-field logins and plaintext passwords are desirable. The security can be enhanced by using encrypted strong passwords, and hard-to-guess usernames that are not publicly viewable.

How do I use encrypted passwords?

The first thing to do is to use a “Password” type field for your designated password field in the Participant Login settings.

If you want to use encrypted passwords, you will need to give the user the opportunity to create one. The way this usually works is when the record is created, either by a signup submission or in the backend, the user will receive an email (given that this is properly configured) with their “private link” that takes them to their editable record. They can enter a password at that time, then after that, they can use the PDB login form to access their record.

It is also possible to include the password field in the signup form so that the user can set their password when they sign up.

The use of encrypted passwords is not compatible with the use of plaintext passwords, so if there are records in the database that already have a value for the designated password field, changing the field type to or from a password type field can cause problems. If you do that, the data will become invalid, and cannot be used to validate a login.

If you were using plaintext passwords and decide you need to change to using encrypted passwords, you must have your users go to their record using the private link, then enter a password. After that, they can use the password in the login form.

Is there any way to find out what someone's password is?

If you are using encrypted passwords, there is no way to know what the password is. In that case, the user must set a new password. If you are using plaintext passwords, then yes, no problem, the password will be visible to an administrator. The password will also be visible to the user when they edit their record.

How can I prevent the private ID from being seen in the URL after they log in?

In the Participant Login settings enable the “Use Cookie” setting. Now, when someone uses the login form, they will be directed to the record edit form without any indication of the record ID or private ID in the URL.

Is it possible to direct the user to a different page depending on a value in their record?

Yes, there is a filter that is used to get the URL of the page the user goes to after they successfully log in. The filter is ‘pdb-login_after_validate_submission’ and it passes in the user’s record and whether it was validated or not. (This means this can also be used to change where they go if the login wasn’t valid.)

I have created a simple plugin that demonstrates how this can be done:

Redirect PDB Login

You can download this demo plugin and make the changes needed to work for your situation.

How can I add a CAPTCHA to the login form?

It is possible to add reCAPTCHA protection to the login form if you have the PDb reCAPTCHA add-on installed and working. You need to use a custom template, I have provided an example of the template you can use for this.

pdb-login-recaptcha.php

You will need to understand a bit about how custom templates are set up, ready this article for the details:

Using Participants Database Custom Templates

Once you have the template in the correct location, you can use that template in the login form with this shortcode:

[pdb_login template=recaptcha]

Support Discussions for Participant Login

  • I have done the debugging (see my earlier post) and my SQL is correct. But, I still get no records found over and over again. I posted the debugging information.

    • OK, yes, the query looks right. What is the exact shortcode you are using on the Participant Record Page that the user goes to after using the login form?

      If that is correct then this means the php sessions are not working. Check that you are using the latest version of Participants Database, it should be at least 1.9.7.7.

      If that is right, try using the “Alternate php Session Method” setting in the Participants Database settings under the Advanced tab.

  • No matter what field I set as the username it keeps coming back with no records found. I did notice that the username field in the participant “Username Field” is the name I assigned to the field for display purposes, but not the actual database field name. For example, I have a database field in the participant database named “mem_num”, but in the dropdown it only lists “Member Number.
    I have also noticed that not all the database fields are in the “Username Field”. There are entries, but some are blank. It looks something like this:

    Name
    Address

    City
    Zip

    Email

    Where each of the empty lines are actually choosable.

    • To be more clear, it lists the Title of the database field and not the actual name of the database field.

    • There is a difference between a field’s title and it’s name. The name is a unique identifier that can’t be changed, this is used internally by the plugin to reliably identify a field. The title is a label for the field you can change any time, even leave it blank. Those blank spaces in the selector are fields that have a blank title. Using blank titles is allowed, but it can sometimes cause problems.

      • Thanks for the explanation. But, I am assuming that setting the username should be set to the actual database name, but only the Title is being shown. The result is that every time I try to log on as a user it comes up with “no records found”. Is there a way to send a screenshot?

        • The username selector shows the field’s title. Selecting the title is the same as selecting the field by name.

          Screenshot won’t help much. What I suggest you do is turn plugin debugging on, clear the debugging log, then test your login. Both values entered into the login form must exactly match the contents of a single record in the database. If there are multiple records that match the submitted data, it will give you the “no records found” message, so watch out for that. The debugging log will show you the database query that was used to locate the record.

        • I did the debugging thing. The SQL is correct. Here is my debugging output:

          [12/11/21 11:03pm UTC]
          Undefined index: portfoliopage_item_overlay_bgcolor
          in /home/2068rfpi/public_html/wp-content/themes/business-a-pro/functions/template-tags.php on line 848
          [12/11/21 11:03pm UTC]

          Undefined index: portfoliopage_item_overlay_bgcolor
          in /home/2068rfpi/public_html/wp-content/themes/business-a-pro/functions/template-tags.php on line 848
          [12/11/21 11:03pm UTC]

          Undefined index: portfoliopage_item_overlay_bgcolor
          in /home/2068rfpi/public_html/wp-content/themes/business-a-pro/functions/template-tags.php on line 848
          [12/11/21 11:03pm UTC]

          PDb_Login::handle_incoming input: 42109 login query: SELECT * FROM wp_participants_database WHERE

          mem_num

          = ‘42109’
          [12/11/21 11:03pm UTC]

          Undefined index: portfoliopage_item_overlay_bgcolor
          in /home/2068rfpi/public_html/wp-content/themes/business-a-pro/functions/template-tags.php on line 848
          [12/11/21 11:03pm UTC]

          Undefined index: portfoliopage_item_overlay_bgcolor
          in /home/2068rfpi/public_html/wp-content/themes/business-a-pro/functions/template-tags.php on line 848

        • I issued the same exact SQL statement in the mySQL database and it returned the one record that I expected it to. But, it will not return any records in the participant login page. I am getting extremely frustrated.

  • I want to incorporate the user login page, but I am already using the member search plugin. Per the instructions for the member login page, I am supposed to set the Participant Record Page to “Edit Record”, but I currently have it set to “Member Search”. Is there a way to use both plugins?

    • Hi Kurt,

      I’m not sure I understand what you’re trying to do. There is no “Member Search” plugin for Participants Database, so it sounds like your question is unrelated to that plugin. The “Participant Login” add-on for Participants Database is not a user login, it just provides password access to the user’s record. This has nothing to do with the WordPress user login.

      The Participant Record Page must have the [pdb_record] shortcode to work properly, it will not work with other shortcodes.

      • Thanks for the fast response! You are correct. My question did not make sense. I figured out what I was doing. I do, however, have some other questions.

        1. I was able to put [pdb_login] into a page and have it display the login page. I set the username and password fields to the correct database fields on the settings page. Strangely, in the settings, I was not able to see the participant database field “email” as an option. This is not a big deal since all the users do not have an email address.

        2. I set the username to last name (everyone has a last name). The password field, as it stands, is not ideal – I will have to add a field for that.

        3. All the users are already in the participant database. Thus, there will not be any signup form. On a regular basis I add users to the database by importing a CSV file.

        4. More specific to this plugin: On the page with the [pdb_login] code, are there parameters that I can set in it to direct the users to an editable page? Furthermore, I would only want certain things allowed to be updated: mainly their company name, address, and email address. How do I do that? It might be on the settings page.

        • The [pdb_login] form send the user to the Participant Record Page if the info they enter is correct.

          If you want to limit which fields are shown on that page, you can set that globally by field group by setting the groups you don’t want edited by the user to “admin” visibility. This will also affect how records are displayed on the frontend.

          Or, you can do it in the shortcode by using the “fields” attribute in the shortcode…for example:

          [pdb_record fields="fist_name,last_name,phone"]

          Or, you can use the “groups” attribute to control which fields are shown by field group if that is more convenient.

          There is no password field by default, you need to create it. If you want to store the passwords in plaintext, you should use a text-line field for your password field,. If you use a password type field, the passwords will be encrypted. You will not be able to upload the passwords in that case.

  • Hello,

    I use participant login on my website since 2019, and for security reason, I want to activate the “One-Time-Use Private Link” functionality. But it doesn’t work.
    When i use the Lost Password Link page, the private link emailed with the “record id” is each time the same.

    Can you help me or give me some advices to check ?

    • The private ID is reset when the user uses it to log in. Until then, it will be the same.

  • I have tried to purchase the Participant Login plugin twice (Paid for it twice as well). At first, it would not download but now I have it downloaded but it is giving me an error. I have sent you multiple messages on your contact form and have not received any response.

    • Hi Chris,

      I’m sorry…for some reason I did not receive your previous notes.

      Can you be specific about the problem you’re seeing? Exact wording of any error messages would be very helpful.

      • Thanks Roland for responding. The error is

        File is empty. Please upload something more substantial. This error could also be caused by uploads being disabled in your php.ini file or by post_max_size being defined as smaller than upload_max_filesize in php.ini.

        When I try to open the Zip file, I get this message.

        Unable to expand “pdb-login.zip”. It is in an unsupported format.

        I noticed the file is shows to have a Zero KB file size.

        • OK, I’ll look into this, I’m having some trouble with my server apparently.

        • Please try it again, I made some changes, tested the result, and you should be good with the download now.

          Thanks for your patience.

        • That seemed to work. Thank you for all your help. I do love your plugins. Sorry if I came across too irritated.

  • i apologize for such a basic question. I have the paricipant DB installed and purchased the Participant add on “Login”. I received the zip file but can’t find instructions to link it to the Participant DB, either in the zip file or Participant support wenb site.. I am an old dog. Please teach me a new trick!

    Bill

    • It’s important to understand that all this does is provide a form that your users can use to edit a Participants Database record. The form is placed using a shortcode [pdb_login]

      The instructions for setting it up can be found here: Participant Login

      It is probably best for you to configure the main plugin and get that all doing what you want it to do before tackling the Participant Login.

    • Let us know if you have any specific questions about getting it set up.

    • Hi Roland:
      What I was trying to say, is that I was able to download the “login” plugin addon to a resident file folder. in my computer However, evidently it does not automatilly load the login plugin to my website beause I don’t see any installed “login” plugin on my website’s dashboard file of installed plugins. I do have the actual pdp database plugin installed and the database seems to be working in test. What I need to do is get the Login add on installed within my website dashboard plugin file so that i can activate the login plugin and use it. I don’t know todays IT words very well. Hope this better explains my issue .

      God Bles
      Bill

      • I see… I didn’t understand. Take a look at this, it explains what you need to do.

        Installing a WordPress Plugin From a Downloaded Zip File

      • Roland:
        Thank you very much. I know your time is valuable. The plugin loaded great.and seems to work fine. You proved the “old dog” adage is not true…..you actually can teach an 80 year old dog new tricks.
        Fyi: I am using your system to “track” our Sons of The American Revolution applications for the South Carolina Society SAR membership applications..

  • I have added the Login plugin to my new sight. I have everything set up, it appears to be working, except the Logout. I have the logout code (/3on3xLogin?pdb-logout) set and it does take me to the Login page (however there is no message that says you are logged out). After I have logged into my first record and made edits, I Logout and attempt to Login to any other record, it always take me to the first record. The browser is holding onto the credentials of the first Login.
    I don’t believe it’s your plugin but perhaps something in WordPress where cookies/session variable are being retained. Any thoughts? Thank you.

    • Check that you have any page caching turned off for the page with the [pdb_record] shortcode. Plugins that cache content have a way to exempt certain pages from caching. If you are not using a caching or accelerator plugin, the caching may be happening at the server level, this would be under the control of your web host, usually.

      There is no “log out” message, it’s not really possible to implement that since the logout link can go to any page…although it may be possible to configure a logged-out page, I’ll look into that.

  • Hello

    I want to update this plugin from version 1.12 to 1.17.1, but when I do, all the data on the front-end disappears. How can I do it?

    • And how can I change this text “You have been logged out.” when I log out?
      I need translate it to spanish.

      • This is in the translation files for the plugin, you will need to generate one for Spanish, there is no Spanish translation for the Participant Log plugin. It’s not hard, you need to get an application like Poedit to generate the translation file.

        Localizing Participants Database

        • Okay, I know how to do it with Poedit.
          Thanks

    • Can you be more specific about what happens and what you are seeing? Do you see any error in your php error log?

      • Hello
        No type of error appears.
        I’ll explain better: in the font-end I have my user logged in and all my data (name, etc.) appear. I update the plugin, go back to the front-end and all the data disappears. I log in again but my data does not appear. The rest of the content on the web looks good.

        • The error will be in your php error log, you need to be able to check that log to see what the problem is. Without more specific information, I can’t really help you solve the problem.

        • Is that in the error_log file no error appears. There is no other way to see what happens?
          It seems as if when changing the version, it did not recognize the shortcode or the data. Could it be that there is a big change between versions?

        • Which plugin did you upgrade?

          Do you see the record in the backend?

          When you log in, what exactly do you see? Dies it look like you logged in successfully?

          I’m sorry, there really is not enough detail for me to understand the problem.

        • When updating the plugin “Participant login” from version 1.12 to 1.17.1, the login fails. No error message appears either on the frontend or in the error_log file. It simply does not log in, so it does not give way to access the data. In 1.12 the login works fine but when updating to 1.17.1 it stops working.
          If you can see it live, tell me when you could and I’ll show you both versions.

        • There are dozens of changes between those two versions, so we’ll need more detail on how it is failing to get to the problem. When you attempt to log in, what do you see on the page the login takes you to? Are you using a password in your login form? What kind of field is it? Does the login fail for all accounts?

          The problem with php error logs is they are often not configured correctly and don’t catch all the errors. If you have the plugin debugging set to “verbose” the query that is used to determine the record will be logged. Clear the log, test the login then see what comes in to the log.

        • I update the plugin, I go to the login screen, fill in the email and password fields, it directs me to the page where my data is but none appears. I create a new login account and create it successfully. I log out to switch to the other user but it doesn’t log out. I go to another browser and try to enter with the data of the previous user and it does not show any data. I try it with the new user and neither. It always takes me to the data page but nothing comes out. It is as if it does not recognize the access but it does not say that the password or the user is wrong either.
          I cleared the error log and checked the box for it to log all the detailed errors. I send it to you by email.

  • Hi,
    I don’t get where to set up the logout.
    If I don’t use the extended access, is there a way to logout?
    I tried creating a separate page for a shortcode with [pdb_logout] but that doesn’t work.
    I can’t put the logout on the login page either. I currently have the signup and the login on the same page, which is nice. That means they don’t have to wait for the email before logging in. It usually takes 24 hours to receive the email. But then if they click on Login from anywhere on the site, it directs them to the Record page, meaning they can no longer access the login page to logout.

    If I use the extended access, I also don’t get where to direct the link to the logout.

    • For a user to log out, all they need to do is click a special link that goes to the login page. This link is constructed by adding ?pdb_logout to the link to the login page. This link can be placed in a menu or on any page (except the login page, as you’ve seen). There’s no shortcode, all you’re doing is providing a special link to the login page for your users to use to log out.

      • I put the logout link on a page and it brings people to the WordPress login screen, rather than the site’s login page. Why is that? What do I have to do to direct it to the site’s login page instead.

      • Never mind. I figured it out. My own stupidity. Thanks for being patient.

      • Hi Roland,
        Another question here. People are always confused with the logout. I know in WP, I can set up two menus, one for logged-in and one for logged-out. Can I do the same with pdb? Can I make it pdb-login_logged_in and pdb-logged_out or some such thing in Menus?
        Thanks!

        • There isn’t any mechanism for detecting the Participants Database user’s status like that. The Participants Database “login” doesn’t do anything other than make it possible to edit the record, so there doesn’t seem to be much reason to treat it as a global condition.

          Is there a particular reason why your users need to log out from Participants Database? This is not normally something you need your users to be able to do, the functionality is provided for special setups where a particular user has access to multiple Participants Database records.

      • I think some people want to log out to protect their data. It’s partly a habit. Others may share a computer with others, e.g. in the family. so they need to log out for another member to log in.

        Perhaps all I have to do is create a separate page just to acknowledge that the person has logged out.

  • Is it possible to protect other pages behind the user login? For example, only show the participant list to logged in users?

    Hoping to go live with our new membership management system soon!

    • This is a general WordPress question, so there are various ways to do this. The plugin uses shortcodes, so you simply need to make the page with the shortcode private. You can either do that in the page editor or there are plugins that can help you manage private pages.

Leave a Reply to William Wilson Cancel reply

Your email address will not be published. Required fields are marked *

Would you like to be notified of followup comments via e-mail? You can also subscribe without commenting.