I'd like to confirm a user's email using Cloud Code. The problem is I don't want to use Parse's method, being that you can only customize the text and not the email itself.
I'm looking for a way to generate my own "confirm email" link similar to how Parse does it, and use cloud code to send an email through send grid (a customized email), etc. Does anyone know how to get started with generating the link?
I know how to generate a session token and username, but other than that I'm a bit stuck. Thanks!
You can customize the emails and password reset page, etc. Check out this blog post for a bit more info: http://blog.parse.com/learn/engineering/express-your-brand-with-parse/
Related
Basically i'm creating a website for a friend and he needs a "Contact Us Page", i'm using bootstrap studio and I have a page where you enter your name, and email. But i'm having trouble with the next part. I need the page to open the client's default email program to compose to a certain address with the entered name and email already in it how would one go about this?
simply do something like this
Click Here To Email!
if you want the email to be sent via a form submission you either need to setup a backend that will do that or you can use a service like https://formspree.io/
I've used them before, but I'm not certain what they're rules are about data privacy so its really up to you.
So I've looked online for countless hours for a decent tutorial on how to create a simple, login page that will store a user (no password) into a database and when that said user logs in and will find the user in the database and let them log in. I don't want password used and everything I find includes a password. Just was wondering if there was a way without it. Anything helps. If you need to see the code I already have let me know. Also, just a reminder that I want them in a PostgreSQL database. Thanks!
So you just make a simple form with one input text field for username and one submit field. Get the username from req.body.username and then query the database WHERE username = :username. Then add the user in session.
Another approach would be to use a tutorial with a password but not offer an input field for the password for the user to fill but you feed it with a hidden field.
So basically my req is to hide 2 fields username and password in a form from viewing it in console log. So what i am planning to do is to listen to event console log and when it executes i remove the values from username and password.
How can i do it? i am also using jquery in my page.
Thanks
You can't do that, and you shouldn't try. Never expose sensitive data like passwords like this.
No you cannot hide these data, because javascript is client-side.
Despite of the advises you received, Facebook uses this system and expose in browser username and password by accessing https://www.facebook.com/login.php?login_attempt=1&lwv=110 when you try to connect, along with all inputs from your form. This procedure is often used before submitting for different reasons: verify email if it is not duplicate, how many login attempts were...
As long as you have SSL connection the only user that can see username, email or password in console is the one who enters these sensitive data in the form so it is not a threat.
So you know how you are presented with a login screen and then, you fill it out, and then the browser loads the next page? At this point, somehow the password manager bar pops up for LastPass, 1Password, or some other extension, asking if you want to save the password. How do they know you've just logged in successfully??
Forms are sometimes submitted and other times the js intercepts the form submit and sends AJAX.
The response comes back and may set a new cookie, but sometimes the existing session cookie continues to be used (allows session fixation attacks but some implementations do that).
A new location is loaded or reloaded but sometimes the javascript reloads a portion of the document instead
But somehow these password managers DETECT that I've logged into a site successfully! How? Is it because I entered something in a password field, and then some form was submitted or some network request was sent? But how do they know it was successful?
Anyone familiar with these password managers able to give some useful info?
The reason I ask is that I want to develop an extension that detects when you've logged in and somehow tries to extract your user id from the service. It is for the purposes of sharing your user id with friends automatically, and letting them know (with your permission) what sites you are using a lot.
Any hints on techniques to extract the logged-in user's id on the service would also be helpful.
They aren't actually aware of a successful login in most cases. They are aware that a form with a password field was submitted, and the response was a 200OK. This may still be a page displaying an error message.
As for extracting user IDs, I'm pretty sure you mean profile pages or something similar. That will have to be done on a site by site basis as sites will have their own APIs and route structures.
As someone already answered this question, I will agree with him.
They aren't actually aware of a successful login in most cases. They are
aware that a form with a password field was submitted, and the response
was a 200OK. This may still be a page displaying an error message.
Since browsers watch for the request having a password field in it and the response status, But still you can fool the browsers easily. To get to know about the logged in userid you definitely need backend support / api. It depends on the authentication frameworks used in the back-end. But you can get the form fields easily, but extracting / finding userid from the form fields is a quiet difficult task, In most cases, form will be having only two fields there you can manage to get the userid. But in some cases like banking sites they will send few dummy fields fool such tools, Also many fields will be encrypted in the client itself to protect man in the middle attacks. In some cases userid is different from email, So its difficult task.
They only detect if the form was submitted, and it a code 200 (OK) was returned. They don't necessarily know if you were logged in, but this method works on most websites. They might also detect if a new page was loaded afterwards, since a failed login doesn't usually redirect the user. I have, however, had a prompt to save an incorrect password before.
They can detect your current tab. and each HTML element of that page.
May we they have list of login page case to detect keywords like
login,username,forgot password. and check all keyword to identify this is login page.
They just ready page and even they can read your password (yes) .
If you made request from that page & response will be 200ok it means your password is correct.
Whenever to request to server with username and password the server checks these two entry into their database and the server will found your data it will return response code 200 and using AJAX success call back script will catch the response code and will show successful message.
and also return some sort of information you can store into localStorage of browser or into cookie for further use.
I have created a couple of pages static HTML and form: So when form is submitted it goes to second page.
Let's test
<form action="test1.html">
<input type="text" />
<input type="password" />
<input type="submit" />
</form>
</body>
Chrome don't bothered anything happened. While firefox has given a popup to save password even when form is submitted to an error page.
So firefox only looks for a form submitted with a password field and asks for save password popup box.
If want to create an extension which can check wheather user is successfully logged-in and then you want to ask for password remember popup. For that you have to check for server response. I couldn't create a dynamic page to to proof read it with browser example.
I am taking emails id's on input form along with other details like name, address,contact no etc. Now, User can enter any email id's.
e.g. abc#abc.com
I can do check for standard domain whether is it present or not. but Is there any way available to check that email id exist or not?
Is there any API available??
How can i detect wrong email id's.
would be grateful for help...
The only valid solution to detect if an email address exists is to send an email and wait for answer.
Most of the times you also want to be sure that your user is the owner of the account, and this solution does both checks.
You can't do this client-side only, you'll need a server-side API. Precise your language (or google "send email yourLanguage").
The way to check is to send a link to that email, user clicking on that link verifies if email is valid or not. Invalid emails won't response of course.
If email is valid and user clicks on the link you send him, you can register him or do any other action you want.