The latest update of Joomla added 'New ACL Verification on approving an user after email notification' See Joomla 3.8.13 Security Notice
I can now no longer approve user registrations, even when logging in as super user. It does not redirect me to the activation URL but instead I get the following message:
You are not authorised to view this resource.
Any help would be much apprchiated.
Related
Problem is:
User registers at the side and gets a registration email with a
confirmation link which can be used. and
Admin gets an email notification of a newly registered user
Admin activates & enables the user
No notification email to the user is sent about his accounts activation
No hints in the logs. Mailserver is working as described. Tests with System emails active for users show no difference in the behavior. Also added true to $return = JFactory::getMailer()->sendMail($data['mailfrom'], $data['fromname'], $data['email'], $emailSubject, $emailBody, true); in registeration.php
Does this feature actually work? Any help in solving this would be much-appreatiated.
Using Joomla 3.9.15 and no external plugins for user-management.
Thanks in advance for your time.
Joomla distinguishes between user activation by link through email or via administration backend. In order to send an email to the user after the activation of the user account one needs to use the link from the email. Activation from the administration backend will not send an email to the user who's account was activated.
Email is mandatory field in my .net application using web-api 2.0 and OWIN for facebook login. How can I ask permission for email again, if user first denied email on Facebook external login but allowed other permissions and successfully logged in.
I am in GetExternalLogin method of web-api2 template, which calls external login consent screen. I am getting other ExternalLoginData as other permissions allowed by user, but not email. The consent screen has set the External Cookie.
Now application showing user is authenticated and not challenging again for email. How can I call the consent screen to re-ask email permission.
After no response for multiple days, I myself got answer on facebook. We can do this by adding the auth_type=rerequest parameter to Login Dialog URL.
Link 1: Re-asking for Declined Permissions
Link 2: Re-asking for Declined Permissions using ASP.Net Identity OWIN
I have a website where I have installed a plugin Magegaint Social Login.
While registering through Google or Facebook, its registering. I checked in the admin panel, registration is confirmed.
But when I try to sign in through next time by Google, error message shows that account not activated.
Also mail is not going to the customer who has newly registered.
I have attached the picture below.
I will be glad to know some solutions.enter image description here
try it after disabled customer Activation module. B'coz this module also overwrite same function and method for customers.
Go To app/etc/modules/module_name.xml
I am working on a Laravel 4.2 project.
I already have implemented an email activation module for new user registration. Whenever a new user registers, I provide an activation link to him in an email and clicking on link, I compare the token (a random string with 30 characters) I have provided with link and user's email address with database records. If found to be matching, I just set is_active field of users table to true and redirect him to login page with a Congratulations message for successful activation.
But now, I DON'T want him to redirect to login page, but if successful activation, I want him logged in directly to his account.
But I believe that authenticate an user with just a string token and email address is not a secure way.
There must be something that I can trust on. Many sites do this including stackoverflow itself but I am not sure how?
Can you please guide me how to do this?
I've set a Joomla site password policy via users > options.
If I add a new user via the backend and try to set an insecure password, the policy seems to work and I get the appropriate error message.
If the user logs in, goes to their profile and changes their password, the password policy is still enforced.
However, if the user goes to the login screen, chooses 'Forgot your password' they are able to choose a new password which doesn't pass the policy.
I'm using the default Joomla login and registration extensions and as far as I can see, there's nothing else that could be causeing a conflict.
Does anyone have some suggestions on where to look?
EDIT
Site is using Joomla! 3.3.6 Stable, which is currently the latest version of Joomla
Thanks a lot!