I have been working on a simple survey app and what to send out emails inviting people to do the survey, the link includes the population of item on the home screen using the following notation :
https:// ... /apex/f?p=56773:1:::::P1_UNIQUE_CODE:A281Skh7
There is no authentication to fill in the survey other than this unique code. This works when I am already logged into apex as a dev but if I email it to someone else it immediately diverts and gets a session number and clears the P1_UNIQUE_CODE:A281Skh7 part that sets the value.
Is there a way to construct a apex URL that sets values when you are not already logged in?
Note: using Apex5
Thanks in advance for your help.
You need to set the page attribute Authentication to Page Is Public.
Related
I want to make an alert function in my side project where users set their custom limit(especially for cryptocurrency prices), and whenever price move beyond their custom limit, users get alert from my server.(It's almost like tradingview's alert function).
I managed to get price data by using websocket. What I'm concerned about is that where should I store user's custom limit data?
I want this feature to open everybody, not just logged-in user, so I think It would be very difficult to store all custom limit data in Database. OR should I use session to store data?? I'm making this project all by my self and got no one to ask.. could anyone give me any tips/ or references? Thank you in advance.
i think you can store user's data on localStorage without login. This is a reference article on W3School : link here
I'm trying to automatically display my user's login information on a merchant request page in a text field named P_Username. UI and the code behind merchant request shown below
Merchant Request UI
Merchant Request Code
I assumed I would just set the source of P_Username to the text field that I entered my username into upon login (P9999_USERNAME). UI and the code behind login page shown below
Login UI
Login Code
The login page was automatically created in my apex application so I did not create the table in which that login information was saved under. I'm fairly new to stack overflow, so feel free to give me any tips on how to better ask/portray my questions.
Username you're looking for (e.g. "collin", as displayed on the 1st screenshot) is - in Apex - :APP_USER. Literally like that; a colon : followed by APP_USER.
I'm assisting another developer with adding a link to a page in a product called Lawson that we use in-house. I need to pass the authenticated user's employee ID to an HTML page we're bolting on. I'm still looking at existing pages on the server, but thought I'd ask: does anyone know how the Javascript object that represents the authenticated user works? It looks like something server-side must be dynamically creating a Javascript object that has useful properties. It is usually called 'AuthUser'. I want to add the necessary JS references to my new page to support this object and access its properties. Does anyone have any experience with that? Thanks!
If you are in a portal session, you can access this in javascript through attributes of portalWnd.oUserProfile:
alert(portalWnd.oUserProfile.getAttribute("id"))
This will give you the logged in user's short username. Many other attributes are available. To see a complete list, log into a portal session and then replace the URL with:
http://YOURPORTALSERVER/servlet/Profile
I'm not sure what you mean by "bolting on", but if you want to pass an attribute to an external page launched from a Portal session, you could create a user shortcut via Portal preferences using something like:
javascript:window.open("http://yourserver/yourpage.html?user=" + portalWnd.oUserProfile.getAttribute("id"))
as the target and process in yourpage.html like a normal GET method form.
If you are still puzzling over this all these months later, provide some specifics if you need more guidance.
I'm very new to ion-auth so apologies in advance if this is a dumb question.
I have a feature request from a user (an admin) where they would like to be able to switch into another user's account to see the app from their point of view. The use-case here is that the admin would find the user in question's account in our user admin page in the app, then click a button to effectively 'become' that user.
Any ideas how this would be achieved?
Many thanks
Pete
#Pete,
What you're asking for is what is sometimes called "hijacking" the account.
There isn't currently a feature for that, but essentially what you need to do is:
1) destroy the current session
2) rebuild the session as the user you want to highjack
3) make sure the logged_in session variable is also set.
Passwords are all hashed, but I think it would be pretty straightforward to write a login function for yourself that doesn't go through the password hashing as part of the login steps.
In other words,
1) log out
2) look up the user id's username & password
3) login directly with that password, not a hashed version
Of course, you'll want to be very careful about your security
You need to alter the users_groups table adding a "status" field, in order to set true/false the current user_group.
Then, upgrade the model with a function that makes the following:
Get the current group and sets his status to false.
Get the new group and set his state to true.
Redirect to home page of selected group.
With this change, you can regenerate all the user`s data session and navigate as the selected user.
My website has no user registration (members are pulled through from an offline db) and the area that you can login to doesn't hold very sensitive information.
So I want a basic login with a remember me function.
• After checking input against the DB, I plan to store their user_id, name, email in a session.
• For the remember me, I'd store a cookie with value = user_id:randomcode. The random code is generated at login and stored in a field on their user record.
Is this secure enough? or how could it be improved without getting too complex.
You should use the user_id:randomcode only once and generate a new one when the old is used. Read Persistent Login Cookie Best Practice.