I am stuck with user reset password. These are the steps that I have accomplished.
User selects 'reset password link'.
Sails.js generates GUID and saves it to a resetPassTable.
Email is sent to the users email.
I have changePwdController that has reset action
The email that is sent, contains localhost:1337/changePwd/reset/secrethash
User clicks on that link and is directed to my action
Basically I have access to that hash that is in id, something like:
var secretHash = req.param('id')
I check that hash against the one in the database, and can make decision as what to do.
If the check is passed, meaning there is that hash in DB...
...how do I present a user with two simple textboxes (new pass and repeat pass) and send button?
You should show the password reset form when the user clicks on the link from the email (this would be just rendering a view normally). You do need to carry the hash to that view though, maybe an URL param?
Then once the user submits the password reset form then do the password reset or rejection if hash does not match one in the database. So you need two different actions. One for showing the view, and another one the form hits upon submission.
Related
I created a form with Html, CSS and JavaScript and an API with ASP.NET for the HTTP request. Users will have a link to fill in the form. Is there any browser id or IP which I can get so prevent the user to submit multiple times the form?
Disable the submit button is not an option
The form has to be anonymous so a unique id for the users is also not an option
you could make like a cookie in java script that doesn't expire. after that you could make a if else state and check for the cookie if it exists in the browser
value_or_null = (document.cookie.match(/^(?:.*;)?\s*MyCookie\s*=\s*([^;]+)(?:.*)?$/)||[,null])[1]
// Put your cookie name in in place of MyCookie.
if (value_or_null = 1)
{
//redirect to other page
}
else
{
// let him do the form
}
There is no 100% safe way, as returning users could have cleared they cache or something. Also, tracking the IP could potentially work, but you ask for full anonymity...
If you want your server to have authority on this decision, the only information you will have or can use is the IP address. Even that would not be accurate if your users hop on different VPNs and stuff.
What I think could work is if the link for the users to access the form is unique for each user. You'd generate a UUID, that way it cannot be guessed if users want to answer more than one. That UUID would have no link to any user, it would just be stored in a list of VALID UUID and get removed when the user uses it to answer.
The link would provide the UUID through query param, the javascript would then add its value to the form when being sent.
If you do not link that UUID to a userId or if the email sent (or its content) is not stored, this would provide anonymity.
So I've looked online for countless hours for a decent tutorial on how to create a simple, login page that will store a user (no password) into a database and when that said user logs in and will find the user in the database and let them log in. I don't want password used and everything I find includes a password. Just was wondering if there was a way without it. Anything helps. If you need to see the code I already have let me know. Also, just a reminder that I want them in a PostgreSQL database. Thanks!
So you just make a simple form with one input text field for username and one submit field. Get the username from req.body.username and then query the database WHERE username = :username. Then add the user in session.
Another approach would be to use a tutorial with a password but not offer an input field for the password for the user to fill but you feed it with a hidden field.
I have a registration form that requires the input of name, address, contact and email.
If the name already exists in the database the rest of the information should be automatically filled in using the information saved in the database before the clicking of the registration button.
Need help, how to automatically fill in the field without directing to another page.
Make an AJAX call to an endpoint that checks if record with form-given informations exits. If so - return data so you can fill rest of the form
So I want to have a form that limits registered user to at least 20 without email address duplication. When it already hits 20, the form closes
I think you should track the number of users at the server side and use this number to show or hide your form after a particular threshold.
For email verification your app should have some server side logic which will be called whenever some one enters an email and if this email exist already then your form's submit button should be disable.
I hope this will help.
In my application, I have two forms for creating a user.
Form 1: I input the following details from the user in form 1.
Full Name
Email Address
Gender
Date of Birth
Profile Image
AND in the Form 2, I ask him to fill in his
desired #username, and
password
Problem is that I have associated my models in the following fashion, that
User has_one UserProfile
UserProfile belongs_to User
&
Email Address, username and password are attributes of User model.
The rest of the attributes belong to UserProfile model.
But in my forms, I am using Email Address in Form1 and the other attributes in Form2.
Should I make the forms as Rails forms or plain HTML forms?
How should I do this???
UPDATE:-
I don't want to create a UserProfile Object without creating a User object, so I need some way to store the form 1 values in javascript, and then when Form 2 gets submitted, then pass them both to Rails controller method.
I don't see the need to create both UserProfile and User but if you do have to create it,
and you first have to fill in form1 which is UserProfile and only then form2 which is User then you could create the following.
On the form1 first create a User.new and use User.save, then you have the new User.id and supposingly a new UserProfile has been created with the :reference to user_id,
(be aware that your validation process is more difficult because now if you validate :username it is null and therefore not unique nor whatever, you could make User.new defaults and call the data 'tempUser' until it is fully created.)
then you have the user_id to reference to, fill in the UserProfile, save it, redirect back to the User form, update it, validate the user entered data, and save it.
Why would you like to roll like that though?
Wouldn't having just User and retrieving the data?
Or less validation in the process would be first having the user create the User object (username, password first), only then create the UserProfile object (email and such).
There are ways to bypass all of that, it's just more complicated :(
I dont know much about ruby but whats the need to complicate the process.. Have one form and visually you can separate the fields using maybe two fieldsets. Then submit the form and at the backend save them any way you want.