joomla - forgot password page saying invalid email - joomla

I have a user who registered with an email like "word+word#email.com" it allowed the + sign when registering but it is not allowing him to retrieve his password from the forgot password page. The email input line goes read and gets the "invalid" class when the plus sign is entered. Any ideas on how to fix this?

There's documentation for that. You have to have access to your database, though
Also, most of all mail services does not support letters like +, _, - in the URL (mail address)

Related

Laravel - Changing the Base URL of the Reset Email URL that's being sent to users

I am using Laravel's default email functionality when sending the password reset link to users, and because of this, i wanted to change some parts of the email content that's being sent. One of those is the base URL of the reset link in the email.
In the email, it has this:
I wanted to change the Base URL http://localhost:8081 into something different since I am hosting other web apps on a different domain.
How can I do that?
Any tips are greatly appreciated!
You mean you have 2 servers. One for user to click reset password (an email will be sent to user). The other for handling reset password logic (after user click the link in email, fill new information and submit)
Is that right?
You can check Reset Email Customization and domain you can set in .env for getting

Why is my Prestashop forgot password not working

The Forgot Password link in our Prestashop 1.7 site is not working. After setting the admin email on the following, we still do not receive any reset password
Shop Parameters > Contact > Stores tab: <set the admin email>
When I try to send a test email using the links below, I receive the test email
Advanced Parameters > Email > Test Your Email Configuration
I am able to receive a test email from the admin email address I set on Shop Parameters. So that means, the email sending is working.
On the Forgot Password page, I entered my email and clicked the Send Reset Link. I checked the Inbox and Spam and did not see any reset link email.
Do you check that you have a mail template for sending forgotten emails in the corresponding language folder?
Regards
I'm having the same issue (Prestashop 1.7.2.5) From what I can find, if your email setup is configured as PHP, Password Reset works only occasionally depending on email account you are sending to.
It is better to configure your email setup for SMTP. Due to the high amounts of spam being circulated, most email servers will flag email sent from PHP as potential spam and most times will be blocked and not even sent to the junk folder. The fact that some mail gets through and others just disappear is because Spam traps set thresholds. Depending on the body text, subject line, type of links, etc.
Make sure your theme have mails folder and have password_query mail templates in
corresponding language folder.
Go to Preferences > Customers, and check the value of password reset delay. Make the delay value higher like 360 minutes.

Show plain password in joomla

I would need a readout of joomlas user password in plain style to give special users the ability to send a mail in a custom module with login details like:
https://mydomain/login?user=testuser
password = testuserpassword
For that reason I need the plain passowrd out of the DB. Is there a way to show/read out password from joomla-db in plain style?
Thx in advanced!
Joomla saves the passwords in the database using a one way encryption mechanism, which means that you cannot know what the password is.
I am sure what you're doing can be done in a different method - if you want to login users automatically once they click on a link then you can have a different authentication plugin that will use a random, unique, one-time-use, and time-sensitive hash that will be associated with a Joomla user account.
You need to create a plugin with function after joomla user save
you need to store password in another table with user id and then you can use with sql query to get password.
This is a bad idea for the following reasons:
email is sent in plain text
email often is stored on several systems along the way to your mailbox
email often is stored on your computer in plain text or other unencrypted format
many copies may exist in many places, even after "deletion"
even encrypted email can be broken in to, given enough computing time
your account's security may have been compromised even before you read your email (changing the password will not help in this case)
However, you definitely can email the user their password upon initial registration by going to Global Configuration > Users and setting Send Password to "Yes" (default setting in Joomla 3.x).
If you are looking for a way to send this password after the registration event, as others have mentioned, you are out of luck. What Joomla! provides is a secure password reset functionality to reset a password to something the user can remember. This will be the best approach for you, as well.
Resources: Sending Passwords in Email, Stop Joomla Sending Passwords in Emails

Laravel new user registration, activation with email and secure login

I am working on a Laravel 4.2 project.
I already have implemented an email activation module for new user registration. Whenever a new user registers, I provide an activation link to him in an email and clicking on link, I compare the token (a random string with 30 characters) I have provided with link and user's email address with database records. If found to be matching, I just set is_active field of users table to true and redirect him to login page with a Congratulations message for successful activation.
But now, I DON'T want him to redirect to login page, but if successful activation, I want him logged in directly to his account.
But I believe that authenticate an user with just a string token and email address is not a secure way.
There must be something that I can trust on. Many sites do this including stackoverflow itself but I am not sure how?
Can you please guide me how to do this?

Using email address as username in Tank Auth

I am working on a project with Tank Auth and I would like to use the email addresses of my users as their username to login on the application.
This is the first time I work with a extensive library like this and I'm puzzled.
On the register view I have commented out the input for an email address and in the library of Tank Auth (line 177) I set email to the username as well.
Now when I try to register, I get an error that I can't include underscores or #-signs in the username. Where can I find these restrictions? Because I want to put email addresses here and store them as usernames.
Any advice is more than welcome. If you need more info, just ask :)
I think to can accomplish this with Tank Auth without a big mess.
Tank Auth provides options to activate login by email,username or both.
Simply go to application/config/tank_auth.php and edit the following lines
$config['login_by_username'] = FALSE;
$config['login_by_email'] = TRUE;
Then if you want you can totally remove the username field from 'users' table, register form etc.

Resources