848
Free
Add to project

Product support

Get help in the plugin support forum.

  • Added on Mar 29, 2026
  • Current version: 1.0.1
  • Platform Compatibility
    v4.x use latest
    v3.x use latest
    v2.x not tested
    v1.x not tested
  • Created by
    Bronze partner

Categories

Passwordless authentication for RainLab.User. Replaces password-based login with one-click magic links sent to the user's email, no passwords to remember, no passwords to reset.

How It Works

Login: User enters their email → receives a magic link → clicks it → logged in. That's it.

Registration: User fills in name and email (no password field) → account is created → magic link is sent to verify and log in.

Features

  • Drop-in replacement components for [authentication] and [registration]
  • Configurable token lifetime (default: 15 min)
  • Built-in rate limiting with resend cooldown
  • Force email as login attribute (hides the option in backend)
  • Customizable mail template via Settings → Mail → Mail Templates
  • Secure: 64-char tokens, one-time use, email enumeration prevention
  • EN + PL translations included

Configuration

Go to Settings → Users → Magic Login to configure token lifetime, free resends, cooldown period, and force email login.

Requirements

  • October CMS v2 or v3
  • RainLab.User plugin
The following plugin is required
User
Free

User

Front-end user management.

169,447 installations
# 5 in Free of all time.
Free

User

Front-end user management.

Users

Installation via Command Line

php artisan plugin:install Pear.MagicLogin

Installation

Install via the Marketplace or manually copy the plugin to plugins/pear/magiclogin/ and run:

php artisan october:migrate

Components

magicAuthentication — Passwordless login form. Replaces [authentication]. Only asks for an email address, sends magic link, auto-logs in via token URL.

Properties:

  • rememberMe (checkbox, default: true) — Keep user logged in after browser close.

Usage:

[magicAuthentication]
rememberMe = 1
==
{% component 'magicAuthentication' %}

magicRegistration — Passwordless registration form. Replaces [registration]. Collects first name, last name, email — no password field.

Properties:

  • loginPage (dropdown) — CMS page used for the magic login link after registration.

Usage:

[magicRegistration]
loginPage = "account-login"
==
{% component 'magicRegistration' %}

Settings

Setting Default Description
Token Lifetime 15 min How long a magic link stays valid
Free Resends 2 Resend attempts before cooldown
Resend Cooldown 15 min Wait time after exceeding free resends
Force Email Login On Locks login attribute to email

Mail Template

Registered template: pear.magiclogin::mail.magic-link

Customize via Settings → Mail → Mail Templates.

Events

The plugin hooks into existing RainLab.User events:

  • rainlab.user.beforeAuthenticate — intercepts login when magic token is present
  • rainlab.user.beforeRegister / rainlab.user.register — standard registration events

Database

Adds 4 prefixed columns to the users table: pear_magic_token, pear_magic_token_expires_at, pear_magic_resend_count, pear_magic_first_sent_at. Safe to uninstall — columns are removed on plugin removal.

Security

  • 64-character cryptographically random tokens
  • One-time use — consumed immediately
  • Configurable expiration
  • Email enumeration prevention (always shows "link sent")
  • Banned user rejection
  • All columns prefixed with pear_ to avoid conflicts
1.0.1

Fixed composer dependency: support RainLab.User v2 and v3.

Mar 28, 2026
1.0.0

Initialize plugin.

Mar 28, 2026

1.0.0 → 1.0.1

No breaking changes. Composer dependency range expanded to support RainLab.User v2 and v3. Update via Marketplace or composer update.