Hi I have ang MVC website wherein there are many accounts. Each account has an email address. Whenever a specific action is done, an email is sent from the email of the user to the email of another account. But whenever I change the email address of a user through the website, the email still gets sent to the old email address. I tried checking the Database and it's already updated there but still it sends to the previous e-add.
I have to do 'iisreset' in command prompt in order for the change to really take place. Can I do this without manually resetting the IIS everytime a change is made?
I hope I made myself clear, and that someone can help me. Thank you!
Related
I'm trying to create a new user in MODX REVOLUTION 2.3.0 but for some reason, the user cannot access the manager area. I tried to clear every bit of cache as well as to made sure the password is created by the system (email has been sent) and the user belongs to the Users Group.
Strangely, when looking at the user settings, it says that the user has made some 10 logins, but in reality, he has not.
When I type a wrong password, I get the wrong password error message, when I type a correct password, the input field gets cleared and nothing else happens.
Any idea how to solve this?
Thanks.
It seems that user don't have access to mgr context. Any user needs «frames» permission to get access to the manager.
Try to update user's data and make him a sudoer. It'll help to understand if wrong permissions cause the problem.
Exactly. Like #proxyfabio said, he needs access to the manager. To at least asses if the user login works, give him temporary SUDO rights. If that works, work your way from the ground up.
Make sure an Access Policy Template and Access Policy is created. Make sure the policy contains "frames" and is checked at the Policy Template edit screen. Next, PLEASE, make a separate Role, like "Customer". Go into the Aministrator group (or again, PLEASE, create a Customer group) and head on over to the Users tab. Add the User to the group with the Role Customer - "your level" (I usually use increments of 500 or 1000).
Under Context Access, add the user to the mgr context with the specified role and your Customer policy. Do the same for web if you with to avoid any in depth issues.
Finally, save your settings, flush your permissions, clear your cache and optionally flush your sessions table (you can also delete cookies for the browser you're using). When you've done all that, create an Incognito tab in Chrome or Firefox to avoid issues and try the login again.
I have somewhat the same issue if I try login a duplicate manager user from an android phone, the login count goes up, wrong password gives error and correct password just refresh the login page.
However logging in from a computer works. Initially it didn't...
Here are my steps:
Duplicate manager user
Set new password
Login fails
Click forget login for e-mail
Login successfully (computer) with the new generated password
Change original password to original password!? :D
Login works everywhere except my phone
I'm having trouble finding a way to provide users a reset password method for my apps.
Unlike this question, I don't wan't to manage it locally, instead I prefer to validate the user by some sort of connection to my server.
Should I validate the user via e-mail? By sending him a link containing a key like:
http://www.myweb.com/inc/mobile/activate.php?email=pepe%40hotmail.com&key=252b6a8e98b8109cda4f53500a419b62
I'm not sure how to make that work without using any webView.
Or maybe the best approach is to e-mail them a link to a website in which they can reset their password (like in Path).
Please, can someone point me in the right direction?
Any help would be appreciated.
The safest approach is to have your app contact the site, and have your site send an email to the user with a password reset link. It seems fairly common to provide a GUI in your app telling the user to check his email for the password reset instructions.
That way, if an impostor gets access to the app, he may not have access to the email or may not know the credentials for your site.
Your GUI could be done natively or with a webView. I am not sure why you are trying to avoid a webView in any event, but it is not required.
Is it possible to retrieve the user email associated with the default email account directly from an app?
Screenshot:
Thanks.
I can't prove a negative, but I am fairly certain this is not possible. You can use MFMailComposeViewController to allow the user to send an email from the default account, but you cannot directly access information about the default account. If you need the user's email address, you either have to ask for them to type it in, or have them select it from their contacts.
In addition to #woz answer, this is a gist that can help you.
In my app, I have a feedback form to let users could get in touch with me. Unfortunately, many users had minor misspellings in their email addresses and I couldn't reach back to them.
As I couldn't get a perfect way to be sure the email was correct, I've developed the following gist which:
asserts the mail is a proper foo#bar.tld
verifies that the email is contained in the user's address book
if not, suggests the closest match
Again, this is far from perfect and I only included this behavior optionally (a little 'check mail' button next to the UITextField)
https://gist.github.com/dirtyhenry/7547064
I'm developing an application that requires authentication with devise/rails and it was decided to allow users sign in without email confirmation. However, after a deep thinking this odd workflow came in mind:
What if someone registers with my email, starts using it and later
I decide to join the app with my stolen email? The guy did not
confirm, but should I keep his account, block it or remove it?
(side note: email must be unique)
As the designer of the application, you are in control. You can handle that situation how you would like.
I'm not sure how facebook deals with 'unconfirmed' account creations. I would imagine that they allow whoever registered to check their e-mail and click the confirmation link within a certain amount of time - after which that e-mail becomes available for use by other users. This makes sense to me, as this would prevent people from spamming the site and effectively 'e-mail blocking' legitimate users from registering. If you forever allow unconfirmed accounts to sit and 'use up' e-mails, you could run into the following situation:
A malicious user creates thousands of 'fake' account registration attempts with bogus e-mails. These e-mails sit and wait forever to be confirmed, but never will be because they don't exist (yet), acting as 'in-use' e-mails. Some time later, a legit user happens to create an e-mail account with GMail or whoever that happens to match one of the 'bogus' e-mails submitted by the malicious user earlier. This legit user is then unable to register his or her e-mail with your service because the malicious user has 'e-mail blocked' this address.
My personal opinion is to give the registrant a certain amount of time to confirm their address as legitimate, and if they never confirm within that time frame, just discard the account creation attempt.
I've a very similar problem and the solution I've arrived (not implemented yet) is to make the user choose the email he want if there is not other confirmed user with that e-mail.
Once registered the user will be uncorfimed/nonactive and will receive a confirmation e-mail, when it will follow the link it will confirm his e-mail and other can't use it anymore.
Most of these sites require you to verify your email by sending you an email link. Only afterwards can you create an account. This handily sidesteps the problem of someone trying to steal someone else's email: unless they can log into your email account, they simply cannot.
Do you have a 'resend confirmation email' action (you should) or 'password forgotten' action (you should)? With both I could reclaim the account with my email address as only I have access to my emails.
Also think about the case of the user who creates an account, forgets about it and creates another account with the same email address.
I'm trying to use MyOpenID for my sign-in, but it doesn't seem to be sharing the email address.
If I use Google or others I do seem to get the email address, though. I thought that this was a standard field to return.
I even see some documentation here that seems to suggest they would share email:
https://rpxnow.com/docs/providers
(I'm using Ruby on Rails and Janrain for this project)
One interesting thing is that if I setup an identity page on MyOpenId, then the email IS shared with my application. I thought that there was supposed to be a way when logging in with MyOpenID to specify what data is shared during "SimpleRegistration"?
The problem was that I was testing with my own MyOpenId account and the very first time I logged in to my development server I had not paid enough attention.
When logging in the first time it said something along the lines of "blah site is asking you to share information with it. Click here to use an existing persona or to create a new one. I didn't select one and it defaulted to "don't ask again".
I was able to fix this by going in to MyOpenId and revoking permission for my site. Then the next time I logged in it asked me again and it worked.