We have a Joomla 2.5 website and a second site (non-Joomla) that needs to have user information synchronized. We already have implemented a user registration that syncs to the other system after the email verification link is clicked.
The issue I have now is password reset. Joomla has a nice system to allow a user to reset the password. What I need to know is once the user clicks on the email to start the reset process (reset.php), how can I grab the user information within the confirm() method? All I need is the user (email or id) so that I can pass the new encrypted password to the other system.
Any suggestions would be VERY helpful.
In file components\com_users\models\reset.php, within function processResetConfirm() around line 227, the userid is available in $user->id.
// Get the user id.
$db->setQuery((string) $query);
$user = $db->loadObject();
The userid should now be found int $user->id
Related
In my Spring Boot I'd like to have both social login and signup with user and password.
Let's say the user signs-up via Google. After some time, he forgets that he signed-in via Google and tried to register using the same email.
What should happen in this case?
Should I save user info (returned by Google) in a "users" table of my database to prevent the same user to register twice?
Is there an article or something that explains a similar login/registration flow?
you can save all the users(OAuth or signup) in the user table. you can maintain a column by which you will be able to identify them if a user is signed in via OAuth or email. then if a user tries to signup via the same email you can show a message. or you can design your signup process using multiple steps. at first, the user needs to enter her email address, then you can send her an email where she needs to click some link that has some token in the url, if she previously logged in using some oath provider then she will be automatically logged in otherwise she needs to set her password.
I have an application where a user (we will call 'original user') can create a 'plan' and then add other user's to that 'plan' so they can view the 'plan'. The original user can simply enter the email address of the user they want to add. If that user already exists, the user will be added to the plan and there are no issues.
In the case that the user does not exist, I am having the original user enter the email address and an initial password for that user. I can trigger an email to go to the new user to notify them. The new user is added to the Plan Mapping table so they are attached to that plan.
The vulnerability in my approach is that the original user could start creating accounts for people inappropriately and that the original user has to tell the new user their password or the new user has to hit 'Forgot Password' the first time they log in.
It would be ideal for the original user simply to add an email for the user they want to add to the plan. If the user exists, the user is added to the plan automatically. If the user does not exist, they are added to the Plan Mapping somehow and sent an email with a token to create an account.
I know how to send an Activation email. However, that doesn't work because the password is still created by the original user. I don't know how I could send an email with that user to sign up and then automatically do the Plan Mapping after that user signs up.
1) You could create a user without password.
2) When create a signed url for the new user and send it via email. https://laravel.com/docs/6.x/urls#signed-urls
3) User will get to the link you have create and will have to enter a new password.
In our usecase, we need to login the user automatically soon after successful registration for enabling, rather forcing the user to:
Change password.
Upload a file.
How to achieve this programmatically, in AccountController's register method?
Ideally, it should be a seamless registration process that ends with the login state in the user dashboard.
Request valuable help / hint / pointers...
Thanks!
The best way to approach this is to take a cue from the password reset controller, which already does this (in this case, it automatically logs the user in after they've selected a new password).
So, add this to the bottom of the register method in AccountController:
// Log out any existing user, and create a new session
if (!$this->_app->user->isGuest()) {
$this->_app->logout(true);
// Restart session
$this->_app->startSession();
}
// Auto-login the user
$this->_app->login($user);
$ms = $this->_app->alerts;
$ms->addMessageTranslated("success", "ACCOUNT_WELCOME", $this->_app->user->export());
You will also need to modify the AJAX callback in register.twig to redirect the user to the home page, instead of the login page:
window.location.replace(site['uri']['public']);
The user will then be automatically redirected to the landing page for their primary group after being logged in.
I am working on a Laravel 4.2 project.
I already have implemented an email activation module for new user registration. Whenever a new user registers, I provide an activation link to him in an email and clicking on link, I compare the token (a random string with 30 characters) I have provided with link and user's email address with database records. If found to be matching, I just set is_active field of users table to true and redirect him to login page with a Congratulations message for successful activation.
But now, I DON'T want him to redirect to login page, but if successful activation, I want him logged in directly to his account.
But I believe that authenticate an user with just a string token and email address is not a secure way.
There must be something that I can trust on. Many sites do this including stackoverflow itself but I am not sure how?
Can you please guide me how to do this?
Can Codeigniter allow multiple users login with the same username ? and also making a refresh page every people who have same username ? for example, having 3 people login with the same username in different places. Person A uploaded file then redirect to the same page and not had an upload button. The button will disappear after Person A used. The question is How can I made Person B and C not see an upload button after Person A used it. Redirect with sending session id then refresh ? Any idea ?
Wow, that's quite a system. If you're implementing the login and using Codeigniter sessions, then: Yes, you can allow multiple users to login. Codeigniter sessions are based on browser/ip/etc - not on username. So, you control the logic of the app and you can determine in your libraries and controllers if you allow multiple logins with the same username.
The other part of your question is also based on the logic of your app. You'll have to keep track of the CI sessions and add the usernames or other identifying information to the session with:
$this->session->set_userdata('username', 'userA');
Then, when userA clicks that upload button, you'll have to save that as well:
$this->session->set_userdata('upload_clicked', 'userA');
Then, for your other users, you'll have to query the ci_session database to see if userA has clicked that upload button to determine if you should show the button to the other users:
$results = $this->db->query("SELECT user_data FROM ci_sessions WHERE user_data LIKE '%upload_clicked%'");
// pseudo-code below:
// this will give you all the records with `upload_clicked` saved in user_data
// then loop through those results and unserialize user_data
// then check if upload_clicked == userA