How can the username be sent to a user in the Joomla PASSWORD_RESET_CONFIRMATION_EMAIL_TEXT?
The Joomla "forgot your password" process sends an email containing a token to the user. They can then use the url in the email to go to the "Confirm your account" page. But here they need to enter their username as well as the token. If the user has forgotten their password, they are unlikely to remember their username. So I'd like to display the username in the email to make it easy for users to reset their forgotten password.
The site uses Joomla 1.5.23.
Thanks.
Edited to add more info:
I've seen this item about the same issue:
Email Message configuration for forgot password
But that adds $fromname into the email; and that's the site name as shown in sent emails. It is not the username. So I don't believe that's the solution.
So I think I need a similar edit in components/com_user/models/reset.php to include the username in the email message in this line (about line 256):
$body = JText::sprintf('PASSWORD_RESET_CONFIRMATION_EMAIL_TEXT', $sitename, $token, $url);
Just adding $username (which is referred to earlier in the file) displays nothing.
And then I would amend the language to refer to the username variable in the following file:
language/en-GB/en-GB.com_user.ini
You are trying to add the user name in the forgot email?
then you can try this.
you can find some line similar to this. in the reset model.
$user =& JFactory::getUser();
here the $user object the current requested user email(if exists).
The you will get all the details of that user by using this object.
like $user->username,$user->email etc.
This is not solving your problem,Then you should try a custom query to fetch the details of the user from jos_users using the requested email id(is unique).
Hope this will help..
Firstly and I know this isn't part of your issue, but please upgrade to Joomla 1.5.26 which is the latest version of the 1.5 series.
Then try adding the following to the function:
$user =& JFactory::getUser();
$user2 = $user->username;
then change replace the $body variable with this:
$body = JText::sprintf('PASSWORD_RESET_CONFIRMATION_EMAIL_TEXT', $sitename, $user2, $token, $url);
Related
I'm new to CodeIgniter and I installed the codeigniter4/shield authentication and authorization framework for CodeIgniter 4.
I need the session data of the logged-in User such as username, and email.
How can I get it?
What I've tried so far.
$item = $session->get('item');
$name = $_SESSION['name'];
Solution:
Get logged-in username:
auth()->user()->username;
Get logged-in User email:
auth()->user()->getEmail();
Get the 'date & time' when the logged-in User account was created:
auth()->user()->created_at->toDateTimeString();
Get all logged-in User data.
auth()->user()->toRawArray();
Reference:
Auth Helper
The auth functionality is designed to be used with the auth_helper
that comes with Shield. This helper method provides the auth()
command which returns a convenient interface to the most frequently
used functionality within the auth libraries. This must be loaded
before it can be used.
// get the current user
auth()->user();
// get the current user's id
auth()->id();
// or
user_id();
I'm using Laravel 7.x and sanctum. Logins are working and I would like to create a Forgot Password option from my SPA application.
I'm struggling with the basics as most of the examples in the documentation rely on the auth scaffolding. So far I've managed to get the following:
I have a controller class called ForgotPasswordController with a method called reset that receives the email to be reset via POST.
I've created a object: $user = User::where('email', $email)->get()->first();
At this point I'm too unfamiliar with the architecture to know where to go next, whether it's the Password facade, I see some additional classes in the Illuminat\Auth\Password namespace. My goal is to create an expiring token, email it to the user via the default email config (I know how to send the email / design the template) and then be able to make the webservice call that will allow the password to be resolved.
Here's what I think I know...
I've set CanResetPassword trait on my user models, which I believe are necessary to support the native methods for password reset
I believe the goal is to create a reset token keyed against the user email that expires after a period of time, then send that token appended to a url in an email (I don't know the architectural implications surrounding the generation of the token beyond the table row)
There's a Password facade with a sendResetLink method - but this
method can't work for spa applications because the base url of the
client app will be different, so I'm assuming something native will have to be re-written. In fact, calling this method will return an error of Route [password.reset] not defined.
I'm assuming I will need the password Facade, if so, what is the method to generate the token? Should I just email the link with the token appended or are there other architectural considerations to support the token expiration?
Apologies if my questions are flawed, I'm unclear on the architecture so I'm making assumptions.
Have you tried Laravel authentication? All authentication requirements have been moved to a package called laravel/ui.
By installing that package you can use Laravel authentication. It will take care of your registration, login, and forgot password processes.
This package will create some controllers for all those processes and those you need for forgot password are
ForgotPasswordController: will generate and send reset password links.
ResetPasswordController: will reset the password by getting user's email, new password, and reset password token.
But if you don't want to use the official Laravel package you should take these steps:
Show a "Request reset password form" to the user.
Validate the provided email by the user.
Generate a random reset password token and store it at DB (Need a table with at least two fields: email and token).
Send that token to the user(It's better if you send it as a URL parameter in the reset password link).
When the user navigated to the reset password page, ask for email again and validate the token by checking your DB table and matching the email and token.
Reset the password to whatever the user wants at this point.
Update: I use this piece of code for generating random tokens:
$email = 'user#email.com';
$token = \Illuminate\Support\Str::random(10);
while(\DB::table('reset_password_tokens')->where('token', $token)->exists()) {
$token = \Illuminate\Support\Str::random(10);
}
\DB::table('reset_password_tokens')->insert(compact('email', 'token'));
Got laravel's password reset setuped correctly and working, now whats left is how to verify if the reset token exists in the password_resets table and proceed if valid. At the moment if I type in my url example.com/password/reset/somestuff it redirects me to the page where it asks for email and password, so there's no security :)
Thanks and I hope you understood my question.
You can use the laravel query builder to make this check. For example:
if(DB::table('table_name')
->where('user', $user)
->whereNotNull('token')
->exists()){
do something
}
https://laravel.com/docs/5.6/queries
Question: why can I not authenticate a known registered user through Adldap despite being able to access information about the user using Adldap on laravel 5.2?
I am attempting to use Adldap on laravel 5.2 to authenticate users at a university. I have successfully managed to connect to the ldap server with the admin credentials and can even retrieve information about the user.
`
namespace App\Http\Controllers;
use Auth;
use Input;
use Adldap;
class AuthController extends Controller
{
public function authenticate()
{
$username = Input::get('username');
$password = Input::get('password');
$authentic = Adldap::authenticate($username,$password);
$userData = Adldap::users()->find($username);
var_dump( $authentic );
dd( $userData );
}
}
`
when I try to log in, dumping $authentic gives me false despite having the correct password (I dumped it as well to check). However, with the same username if I dump $userData i get a massive array of (correct) user information. Using my username, if I open the $userData object up I can see what email groups i'm in, my campus mailing address, my work title etc.
Dumped variables. I am very new to using ldap and am not quite sure how everything works. Also, its probably worth noting that despite me being the guy doing the setup and such I do not have much access to the servers. Everything is on an as needed basis.
One though was that the ldap server took care of any password hashing on that end. However, since i'm getting connected but the authentication fails could it be that I need to hash the password on my end? Please explain any solutions in detail. As an Ag engineer none of this is exactly my field but sometimes branching out is a necessity.
There are no errors. I'm on wamp and in logs/php_error (I assume this is the equivalent local version of /var/log/debug). Additionally, apache_error shows no problems.
You better check the messages created in /var/log/debug while trying to log in. Please add these messages to this post.
There was no "error" on my end. The Ldap server was simply configured to accept the users full email address and not their short id as I was using.
I just installed the ion-auth library and I'm trying to do some basic operations with it, including registering and logging in. Registering works just fine (I can see the row has been added to the database), but trying to login with the same credentials as I used to create the user with doesn't work for some reason.
This is the basic flow:
$username = $this->input->post('username');
$password = $this->input->post('password');
$email = $this->input->post('email');
$additional_data = array(
'first name' => 'John',
'last_name' => 'Doe'
);
$this->ion_auth->register($username,$password,$email,$additional_data);
$this->ion_auth->login($username, $password, TRUE);
But for whatever reason, the login mechanism simply won't work. Hope someone can help.
I have also had he struggle that i could not login with ion_auth, i could only login with the admin credentials.
For me the answer was simple but very specific. It may not answer the question for you, but it just might.
I had a redirect from the login to the dashboard controller. Only the dashboard controller was only viewable by an admin. If the user wasn't an admin, it was redirected to the login page.
Therefore it looked like the user was not logged in, but he was.