hi Guys!
I am Struggling a lot to figure out how the forgotten password function work. I want the 'Forget you password' button to always show on my login page. So I've copied the Javascript for that as well as the <a> link from the Logon2 page to my form. So that should work.
However the bigger problem is this... How do you let the system know which user is trying to log in? I.e. in the process that handles the functionality, how do I tell the system to Edit User X if i have no Idea who user X is because there is no 'LoggedInUser' yet.
My best guess whould be something like . Find User where User.LoginName=LoginNotofication.LoginName...
Am I on the right track? When i click the button on my logon page nothing happens.
Any advice or examples will be greatly appreciated.
kind Regards
Hein
Forgotten Password Function
-
- Posts: 345
- Joined: Mon Nov 12, 2012 9:08 pm
- Location: South Africa
Forgotten Password Function
Hein Hanekom & Werner Hanekom
Sinov8.net
AwareIM Version 5.9 | 6.0 | 7.0 | 7.1 (Windows EC2 R2012 & MySQL)
Sinov8.net
AwareIM Version 5.9 | 6.0 | 7.0 | 7.1 (Windows EC2 R2012 & MySQL)
I haven't implemented this feature yet but my thoughts are to email the user the reset password link. There would process to create and email this link.
Lets all collaborate and create the safest way to implement this step by step.
Roughly the process would:
1. Find the user in the system that matches the recovery email entered on the form.
2. Set resetPassword (Yes/No) flag to yes.
3. Create a random password and store it in a plain text attribute.
4. Using ENCRYPT_B64 function, enrypt domain, userName & resetPassword.
5. Create a complete URL to your application that includes #4 and would log the user in.
7. Email this link to the user.
8. When clicked, another process on startup would then check the resetPassword flag is Yes.
9. You would have a non-persisted form with an plain text attribute for the user to enter a new password.
10. The process would then use the value of the new password and update the user password.
I would make sure the reset link expires and cannot be re-used.
Lets all collaborate and create the safest way to implement this step by step.
Roughly the process would:
1. Find the user in the system that matches the recovery email entered on the form.
2. Set resetPassword (Yes/No) flag to yes.
3. Create a random password and store it in a plain text attribute.
4. Using ENCRYPT_B64 function, enrypt domain, userName & resetPassword.
5. Create a complete URL to your application that includes #4 and would log the user in.
7. Email this link to the user.
8. When clicked, another process on startup would then check the resetPassword flag is Yes.
9. You would have a non-persisted form with an plain text attribute for the user to enter a new password.
10. The process would then use the value of the new password and update the user password.
I would make sure the reset link expires and cannot be re-used.
FP
Great initiative Rennur and the outline you have posted sounds good. 1 comment, instead of the ENCRYPT_B64 link. A link where the user has to log on with their temporary credentials (and then a process is executed for change) can also be used?
http://www.awareim.com/forum/viewtopic.php?t=7135
http://www.awareim.com/forum/viewtopic.php?t=7135
Henrik (V8 Developer Ed. - Windows)
Missed a step (4)
Roughly the process would:
1. Find the user in the system that matches the recovery email entered on the form.
2. In the relevant SystemUser object, set resetPassword (Yes/No) flag to yes.
3. Create a random password and store it in a plain text attribute.
4. Replace the User's currently stored password with the random password.
5. Using ENCRYPT_B64 function, enrypt domain, userName & randomPassword.
6. Create a complete URL to your application that includes #4 and would log the user in.
7. Email this link to the user.
8. When clicked, another process on startup would then check the resetPassword flag is Yes.
9. Display a form with an plain text attribute in which the user will enter a new password.
10. The process would then use the value of the new password and update the user password.
Roughly the process would:
1. Find the user in the system that matches the recovery email entered on the form.
2. In the relevant SystemUser object, set resetPassword (Yes/No) flag to yes.
3. Create a random password and store it in a plain text attribute.
4. Replace the User's currently stored password with the random password.
5. Using ENCRYPT_B64 function, enrypt domain, userName & randomPassword.
6. Create a complete URL to your application that includes #4 and would log the user in.
7. Email this link to the user.
8. When clicked, another process on startup would then check the resetPassword flag is Yes.
9. Display a form with an plain text attribute in which the user will enter a new password.
10. The process would then use the value of the new password and update the user password.
-
- Posts: 2405
- Joined: Mon Jul 02, 2012 12:24 am
- Location: Ulaanbaatar, Mongolia
Anyone know how to create a random alphanumeric password rather than just a numeric?Rennur wrote:Missed a step (4)
3. Create a random password and store it in a plain text attribute.
4. Replace the User's currently stored password with the random password.
Would like something like: M5RS83BWQ
rther than some text just concatenated to a Random generated number.
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Not exactly random, but you could use certain letters from the user name.Anyone know how to create a random alphanumeric password rather than just a numeric?
Would like something like: M5RS83BWQ
rther than some text just concatenated to a Random generated number.
(IE:letters 1, 4 and 6)
Tom - V8.8 build 3137 - MySql / PostGres
Skip step 4. Do not reset the user's password with a random password. If you do, anyone that knows the user's email can submit it via the lost password logon and it will be reset straight away.1. Find the user in the system that matches the recovery email entered on the form.
2. In the relevant SystemUser object, set resetPassword (Yes/No) flag to yes.
3. Create a random password and store it in a plain text attribute.
4. Replace the User's currently stored password with the random password.
5. Using ENCRYPT_B64 function, enrypt domain, userName & randomPassword.
6. Create a complete URL to your application that includes #5 and would log the user in.
7. Email this link to the user.
8. When clicked, another process on startup would then check the resetPassword flag is Yes.
9. Display a form with an plain text attribute in which the user will enter a new password.
10. The process would then use the value of the new password and update the user password.
Step 6 will not work without step 4.