I have created a joomla component where we can upload the csv file which contain the user name and email of many users.I have written query for inserting the data to the jos_users table.The password in auto generated and i have encrypted the password using
$crypt = JUserHelper::getCryptedPassword("blabla", $salt);
I haven't inserted anything in the activation field.
But due to some reasons I cannot login using the username and the password.Should I do any thing else for this ?
Thanks Brent for your time.I have found the answer and is explained below.
For creating new user accounts by script you need to execute three queries.
1)
insert into jos_users (id,name,username,email,password,usertype,block,sendEmail,gid,registerDate,lastvisitDate) values (NULL,'name','username','email','password','Registered','0','0','18','date','date2')
2)
insert into jos_core_acl_aro (id,section_value,value,name) values (NULL, 'users', '(insertid of the above query)', 'name')
3)
insert into jos_core_acl_groups_aro_map (group_id,section_value,aro_id) values (18, '', '(insertid of the above query)')
This worked for me.
In order for a user to be able to log in -
activation field must be blank
user must be enabled
user must be a member of a group
Related
Since my 2 post about the LDAP Authentication (first post, second post), we created our own custom authentication scheme and function to connect to the application using our Active Directory credentials.
We can successfully log in the application. However, we have a second function which retrieves the group of the user in the AD. Here's the code when I'm trying to retrieve the group into a Text Field (P1_GROUP) :
ourschema.ldap_get_group_apex_from_user(
p_username => v('APP_USER'),
p_password => 'thepassword')
As you can see, this is working, because the password is in static text. This leads me to my main question :
How to retrieve the user's password in Oracle Apex, and what is the most secure way ?
I tried to set a Branch or a Process in the Log-In page while redirecting the user's the the home page, and Set Value of the :P9999_PASSWORD field to the home page text field P1_PWD.
So, I tried to adapt my code with the text field
ourschema.ldap_get_group_apex_from_user(
p_username => v('APP_USER'),
p_password => :P1_PWD)
Unfortunately, this doesn't seems secure because the password would be visible in the HTML code of the page (right click + inspect and there it is. Moreover, sometimes it gives me an error
Error computing item source value for page item P1_GROUP
It seems like the application cannot execute the function because the password is still not initialized.
Is there a way to retrieve :P9999_PASSWORD or to transfer it from the login page to a global variable/global page or a text field ? Or is there a function to retrieve the current user's password ?
Thank you again for your time, do not hesitate to ask for more details as this is a very specific case,
Thomas
I don't think your approach is correct. Ideally, even an administrator of your system should not be able to decrypt a user's passwords; they should be stored as hashes.
You're trying to look up the user's group memberships? You don't need the user's own credentials to do that. Use a dedicated account that has access to your Active Directory system and store that password encrypted in your database. Use that account to search for and look up the user's group memberships. That way, even if your system is compromised, only that account is exposed.
Thank you all for your answers and your advices on my case, and for taking the time to help.
We found a solution that we think is reliable, here's what we did if that could help other people.
We created a global variable G_GROUP, which will receive the group of the user
On the login page, we created a process before the login process.
Set the Source of the Process to PL/SQL Code :
:G_GROUP := pdbadmin.ldap_get_group_apex_from_user( --our custom function to retrieve groups
p_username => :P9999_USERNAME,
p_password => :P9999_PASSWORD); -- the function get the username and password in the fields
If i want to display the group of the user in the main page, let's create a Text Field P1_GROUP which as for Source the PL/SQL Expression :G_GROUP
Our group is initialized, and the password is not shown in any field.
Let me know what you think about it, and if you guys think this could be improved.
I would like to ask about logging in to Laravel but in a different way:
User information including the password but not the email will be stored in users table, while email_address will be stored in a email_addresses table with a boolean field called is_default.
So the user can have several emails, but he can log in with only one email that has the is_default is true. and he could change his default email through his profile.
So, how can I make the login process through the Auth::login() facade.
I was able to register the user by storing the information in a users table and store his email_address and is_default = true in the email_addresses table.
It can be a little tricky. Auth::login() just needs to fetch email and password, so if you can trick the model into thinking it has an email field accessible via $user->email, things will work out:
public function getEmailAttribute()
{
return DB::table('email_addresses')->whhere('default', 1)->where('user_id', $this->id)->first()->toArray()['email'];
}
I have a two tables in database
1. users(default user table)
2. suspend_users(only two column:- id, email)
now i want to first check in the "suspend_user" table user email exist or not if user email exist in the "suspend table" authentication failed message shows.
now i do not understand that how to check second table(suspend_users) first and how to check multiple table authenticate
I dont understand exactly what you mean, you can check first if the mail exists on the suspend_table and after check login:
example:
if (SuspendedUser::findBy(['email' => $user_email])) {
// go back to what else... throw expetion etc....
}
if (Auth::attempt(email, pass)) {} // check login
you can easily authenticate multiple table in laravel 5.1 and above.
http://blog.sarav.co/multiple-authentication-in-laravel/
Does Service Now allow querying referenced fields through the GlideRecord? And if so, how?
I have an application with a local user table for preferences specific to the application. When a user fills out a new form, I would like to query the local user table to see if a record exists for the currently logged in user. If it does, then I would like to prefill some of the answers on the form.
My user table has a reference to the sys_user table in order to link the local user record to the actual service now user. When I try to run the script to check the local user table, it returns "sys_idNotValidnull" for the query statement I add.
var lscUser = new GlideRecord('x_wadm_lsc_user');
lscUser.addQuery('UserID', '=', gs.getUserID());
gs.info("Query: "+lscUser.getEncodedQuery());
lscUser.query();
Returns: "Query: sys_idNotValidnull"
If I change the query to search a different string field it works as expected.
var lscUser = new GlideRecord('x_wadm_lsc_user');
lscUser.addQuery('temp', '=', 'dan');
current.temp += " Query: "+lscUser.getEncodedQuery();
Returns: "Query: temp=dan"
I would agree with Dan that the first step should be to confirm the column names. I usually don't take anything for granted, and always double check. You can use the dictionary or right click on the field label and it will show the column name.
I have seen "sys_idNotValidnull", but usually only within scoped applications.
How do i know the users who added the record in quickbase table or who have the permission to add ,Edit or delete the record or how can i check the flow of adding a data into quickbase tables ?
When you create a table in quickbase, it defaults to creating a field that display which user account has inserted the record. The default names are Record Owner and Last Modified By.
Record Owner is for the user who initially created the record.
Last Modified By is for the user account that last modified the record.
Date Created will tell you when it was created and Date modified will tell you when it was last modified. These fields are not default in reports. I would make a custom report that only the administrators can see to follow the tracking of the flow of records adding and editing.
The help file at this link QuickBase Help for User Control will help you understand how to manage your user accounts and also know who has access to what for which application.
Hope this helps.