So I've looked online for countless hours for a decent tutorial on how to create a simple, login page that will store a user (no password) into a database and when that said user logs in and will find the user in the database and let them log in. I don't want password used and everything I find includes a password. Just was wondering if there was a way without it. Anything helps. If you need to see the code I already have let me know. Also, just a reminder that I want them in a PostgreSQL database. Thanks!
So you just make a simple form with one input text field for username and one submit field. Get the username from req.body.username and then query the database WHERE username = :username. Then add the user in session.
Another approach would be to use a tutorial with a password but not offer an input field for the password for the user to fill but you feed it with a hidden field.
Related
We have a small form that users can fill out to chat with a member of the help desk. It asks their name, email, phone number, and what their question is. If accessed from the Sharepoint, the Name field is pre-filled and unable to be changed. I had to remove that portion when I pulled the code for the self-help page, as several bits of the javascript call function were tied with sharepoint editing permissions.
What I'm wondering is if there is some way to pull the name or username of the currently logged in user to fill in that field instead? Eventually I plan on adding SSO integration, but I'm learning as I go along so that may be awhile off yet. I have included a portion of the original link below, where '+str+' was pulling the username from sharepoint, and removing it was leaving the field free for input.
http://SERVERNAME?cname='+str+'&cemail=&cphone=&activeimage=
I may not have been clear, this project lives outside of SharePoint, so any code reliant on it would not work here.
If the user's username is in the query string, Sharepoint designer Rob Howard has provided the Javascript he uses to pull values into the form field. So try to replace +str+ in the URL with the username, if that's not too insecure.
I'd like to confirm a user's email using Cloud Code. The problem is I don't want to use Parse's method, being that you can only customize the text and not the email itself.
I'm looking for a way to generate my own "confirm email" link similar to how Parse does it, and use cloud code to send an email through send grid (a customized email), etc. Does anyone know how to get started with generating the link?
I know how to generate a session token and username, but other than that I'm a bit stuck. Thanks!
You can customize the emails and password reset page, etc. Check out this blog post for a bit more info: http://blog.parse.com/learn/engineering/express-your-brand-with-parse/
I have been reading thru the Stripe documentation and I was unable to find the answer.
I have a form that has the following fields: first name, last name, address, credit card number, cvc, card expiration.
I know the credit card and cvc fields will not have have a name so it does not get posted to the server.
If the user forgets to fill out the entire form (server side validation for the name and address fields), it displays an error and reloads the page with the fields populated with the data the user entered before submitting.
This may not be possible but wanted to ask, is it possible to repopulate the cvc and credit card fields? I obviously could accomplish this if I gave those two fields a name, but that is insecure and not a option.
There is no way to achieve that, because if you want to repopulate those fields, you have to store that data somewhere, and that's very dangerous. The only way I can think right know would be using cookies, but those are sent to the server too.
What you could do is, if the server displays an error, it could send a page with a simple script window.history.back(). As said on the comment, Chrome and most browsers will repopulate them for you.
I am stuck with user reset password. These are the steps that I have accomplished.
User selects 'reset password link'.
Sails.js generates GUID and saves it to a resetPassTable.
Email is sent to the users email.
I have changePwdController that has reset action
The email that is sent, contains localhost:1337/changePwd/reset/secrethash
User clicks on that link and is directed to my action
Basically I have access to that hash that is in id, something like:
var secretHash = req.param('id')
I check that hash against the one in the database, and can make decision as what to do.
If the check is passed, meaning there is that hash in DB...
...how do I present a user with two simple textboxes (new pass and repeat pass) and send button?
You should show the password reset form when the user clicks on the link from the email (this would be just rendering a view normally). You do need to carry the hash to that view though, maybe an URL param?
Then once the user submits the password reset form then do the password reset or rejection if hash does not match one in the database. So you need two different actions. One for showing the view, and another one the form hits upon submission.
A lot of times you get a form where you need to enter an email address (or other form field) twice in order to confirm that you typed it correctly the first time. Some forms disable the copy and paste action (via javascript) in the browser to force the user to type the email address again.
Personally I find this highly annoying. What are your thoughts? Are there other options?
If you really want to check the email address you could implement a confirm email address function, which sends an email to the provided email address. The email could contain a link which allows the user to confirm his/her email address.
For obscured fields like password fields, it is always best to implement a double entry input field in case the user made a typo.
I find it highly annoying as well since, in many cases, the initial entry was done from an autofill that I know is correct.
Please note that this should be a community wiki!
I think it depends on the site, if its something like a commerce site, I'd support disabling the copy and paste because if the address is typed in wrong it can cause pains for both the site and the customer. It's easier for everyone to just inconvenience the customer for 2 seconds during the process instead of having to deal with it later.
I personally disagree with disabling the copy and paste thing. If the user enters the wrong email twice and identically (worst case scenario) it's his fault really.
You should just believe the user. If he mistypes the address, live with it.
First of all, if you confirm registration by sending an email, on the “Now wait for an email and click a confirmation link there” screen you can still show the address to which an email was sent. It can be followed by a link “Oops, mistypes my email address” letting you to correct yourself.
Second, if you use email for notifications, user will not get them, and, curious, he will go to his/her profile settings to check the notification parameters. You just have to make sure that “E-mail” input is next to “Get notifications” checkbox.