Using email address as username in Tank Auth - codeigniter

I am working on a project with Tank Auth and I would like to use the email addresses of my users as their username to login on the application.
This is the first time I work with a extensive library like this and I'm puzzled.
On the register view I have commented out the input for an email address and in the library of Tank Auth (line 177) I set email to the username as well.
Now when I try to register, I get an error that I can't include underscores or #-signs in the username. Where can I find these restrictions? Because I want to put email addresses here and store them as usernames.
Any advice is more than welcome. If you need more info, just ask :)

I think to can accomplish this with Tank Auth without a big mess.
Tank Auth provides options to activate login by email,username or both.
Simply go to application/config/tank_auth.php and edit the following lines
$config['login_by_username'] = FALSE;
$config['login_by_email'] = TRUE;
Then if you want you can totally remove the username field from 'users' table, register form etc.

Related

Laravel - Changing the Base URL of the Reset Email URL that's being sent to users

I am using Laravel's default email functionality when sending the password reset link to users, and because of this, i wanted to change some parts of the email content that's being sent. One of those is the base URL of the reset link in the email.
In the email, it has this:
I wanted to change the Base URL http://localhost:8081 into something different since I am hosting other web apps on a different domain.
How can I do that?
Any tips are greatly appreciated!
You mean you have 2 servers. One for user to click reset password (an email will be sent to user). The other for handling reset password logic (after user click the link in email, fill new information and submit)
Is that right?
You can check Reset Email Customization and domain you can set in .env for getting

Are there security issues with using ajax to send user objects to server?

I have an application and I want users to have the ability to create a user instantly without even having the page to reload (So that if they are in the middle of something they dont have to stop). I have used ajax for similar things in the past however I am a bit scared using it for something like users with passwords (I am using hash salt and pepper but still, im a bit paranoid). Are there any security issues with that?
Using AJAX is not a problem.
Using hash, salt, and pepper is fine, but do you check user's email address for receipt? You can send a six-digit number to the email address entered by the user, and ask the user to enter that number on the input form to confirm that the user can use the email address.

Show plain password in joomla

I would need a readout of joomlas user password in plain style to give special users the ability to send a mail in a custom module with login details like:
https://mydomain/login?user=testuser
password = testuserpassword
For that reason I need the plain passowrd out of the DB. Is there a way to show/read out password from joomla-db in plain style?
Thx in advanced!
Joomla saves the passwords in the database using a one way encryption mechanism, which means that you cannot know what the password is.
I am sure what you're doing can be done in a different method - if you want to login users automatically once they click on a link then you can have a different authentication plugin that will use a random, unique, one-time-use, and time-sensitive hash that will be associated with a Joomla user account.
You need to create a plugin with function after joomla user save
you need to store password in another table with user id and then you can use with sql query to get password.
This is a bad idea for the following reasons:
email is sent in plain text
email often is stored on several systems along the way to your mailbox
email often is stored on your computer in plain text or other unencrypted format
many copies may exist in many places, even after "deletion"
even encrypted email can be broken in to, given enough computing time
your account's security may have been compromised even before you read your email (changing the password will not help in this case)
However, you definitely can email the user their password upon initial registration by going to Global Configuration > Users and setting Send Password to "Yes" (default setting in Joomla 3.x).
If you are looking for a way to send this password after the registration event, as others have mentioned, you are out of luck. What Joomla! provides is a secure password reset functionality to reset a password to something the user can remember. This will be the best approach for you, as well.
Resources: Sending Passwords in Email, Stop Joomla Sending Passwords in Emails

Laravel new user registration, activation with email and secure login

I am working on a Laravel 4.2 project.
I already have implemented an email activation module for new user registration. Whenever a new user registers, I provide an activation link to him in an email and clicking on link, I compare the token (a random string with 30 characters) I have provided with link and user's email address with database records. If found to be matching, I just set is_active field of users table to true and redirect him to login page with a Congratulations message for successful activation.
But now, I DON'T want him to redirect to login page, but if successful activation, I want him logged in directly to his account.
But I believe that authenticate an user with just a string token and email address is not a secure way.
There must be something that I can trust on. Many sites do this including stackoverflow itself but I am not sure how?
Can you please guide me how to do this?

Creating users using e-mail address only - ruby on rails

I want to be able to create a user using only their e-mail address.
i.e. I want the admin to be able to enter a bunch of e-mail addresses, which will automatically create a new user and password and then e-mail the information to the address provided.
So I am hoping to figure out how to:
Create users using only e-mail addresses (rest can be randomly generated)
E-mail users their passwords and login details.
Any suggestions on a best way to approach this? I'm using authlogic for authentication.
Cheers!
I'd recommend using devise for this, as it handles generating confirmation emails, as well as the routes for confirming an email. A relevant tutorial for allowing users to sign up with just their email addresses: http://blog.devinterface.com/2011/05/two-step-signup-with-devise/
For having an admin create users, it'll be much the same, just generate random passwords+confirmations, and then call user.send_reset_password_instructions to send the email (which can be customized as in Ruby/Rails: How do you customize the mailer templates of Devise? )
see also: Rails Devise: Set password reset token and redirect user

Resources