I am trying to improve a user registration mechanism (I am using Flask and PostgreSQL) and I have an issue, so my question is:
The admin make an invitation email for a new user (the admin enter an email for a new user and save it to the database)
User opens that email and clicks on the invitation link, enter a new password (this saved his password to the database)
My question is how I can retrieve information from which email the user loaded the link, because at the moment the user can enter what email he wants, but I need in some way the email will be already there (the email is already at the database when admin saved it at the first step) and user will enter only the password (and save it to the database).
Related
I want to build a multistep registration Auth flow where these are the required steps and flow:
In the first step User verifies mobile number with otp.
In the second step User uploads image of some ID proof.
In the third step User fills some extra details such as name, email, address, etc.
Finally user submits the form.
Upon receiving the form details an Admin(having direct access to firebase console and firestore) manually checks the details , if they seem real he/she sends a newly generated Id(can be email or phone no.) and Password (created by admin) to the User through email or sms with which he/she can finally login.
I know it is complicated and might not be possible with firebase but I still want some insight and answer to my problem. Thank you.
My website has a normal sign up and sign in process now I want to add google login (and later facebook, yahoo and ...) to my website but I'm not quiet sure how to change my user table.
Add all user info I get from google, facebook as new fields to my current users table? each login type gives me a first and a last name I just can keep one of them. the only user info to connect different login types with each other is the email address. So if a user has used different email for his/her facebook account than his gmail then each user will have lots of unused fields.
Using separate tables for each login types. have a google table, facebook table and ... and connect each record with a user in user table (if user has not signed up before google or facebook information will e used to create one). in this case user record will have a missing password field that of course can be resetted from account or by password forgotton function
which one is the correct way to do this?
I have been thinking on a procedure/method to activate user accounts in pre-filled database. Username and email pre-filled according to existing data.
Since the activation of the account is based on introducing only the user ID (which is know by the user and unique to each) and only clicking "Activate account", my best guess would be sending an URL containing an randomly unique generated activation code to the user mail (which was previously filled in the DB) which redirected to a webpage for choosing a password to the respective user account or automatically sending and e-mail containing a random password to the user's mail.
Is this the best suited method?
I am trying to secure my DNN site running on DNN version 7.01.02
WHat i am looking for is that anybody who registers for a new account must enter a valid email id and should be able to login only after he clicks the verification mail.
Currently the way i have it is Once the user enters his Email and chooses a password he is directly logged into the site and only gets the following message.
Here are the site settings for the Website i use to control the user Registration.
So how can i change this config so that the user can only log into the portal once he goes through the verification mail
PS: My verification mail works. I have checked the SMTP settings.
As an administrator, go to Site Settings, User Account Settings and change the User Registration Setting to "Verified."
The user will be required to enter a verification code when they log in for the first time.
I personally use the private setting, but I have a low traffic site. IF you dont mind verifying the accounts you can do that. Also you can set it to redirect to a page where it tells them that the account needs to be approved before they can login
I am looking to build a "reset password" function in my CakePHP app, and reading around the net I have decided to: Have the user type in their email address, send them an email with a link to http://www.mysite.com/users/reset_password/generated_uuid_that_expires_in_24_hours. This will present a form that allows them to change their password. Obviously the hiccup is that I don't know how to log the user in with a temporary password. Am I approaching this correctly? I am thinking that the url I send them would be a hashed version of their email plus a uuid to use as a temp password, and that I would perform a user id lookup based on the email that comes in the url....but still, I wouldn't know how to manually log them in so they can change their password.
I use the session approach.
after using the token from the email the user gets a
Tmp.User.id (as opposed to Auth.User.id)
in the session which will allow him to change the password.
afterwards it will be removed from the session again.