A lot of times you get a form where you need to enter an email address (or other form field) twice in order to confirm that you typed it correctly the first time. Some forms disable the copy and paste action (via javascript) in the browser to force the user to type the email address again.
Personally I find this highly annoying. What are your thoughts? Are there other options?
If you really want to check the email address you could implement a confirm email address function, which sends an email to the provided email address. The email could contain a link which allows the user to confirm his/her email address.
For obscured fields like password fields, it is always best to implement a double entry input field in case the user made a typo.
I find it highly annoying as well since, in many cases, the initial entry was done from an autofill that I know is correct.
Please note that this should be a community wiki!
I think it depends on the site, if its something like a commerce site, I'd support disabling the copy and paste because if the address is typed in wrong it can cause pains for both the site and the customer. It's easier for everyone to just inconvenience the customer for 2 seconds during the process instead of having to deal with it later.
I personally disagree with disabling the copy and paste thing. If the user enters the wrong email twice and identically (worst case scenario) it's his fault really.
You should just believe the user. If he mistypes the address, live with it.
First of all, if you confirm registration by sending an email, on the “Now wait for an email and click a confirmation link there” screen you can still show the address to which an email was sent. It can be followed by a link “Oops, mistypes my email address” letting you to correct yourself.
Second, if you use email for notifications, user will not get them, and, curious, he will go to his/her profile settings to check the notification parameters. You just have to make sure that “E-mail” input is next to “Get notifications” checkbox.
Related
I have a sign up form where a user is required to type their email and password. Firebase won't let you create a user if their email and password don't meet certain conditions, namely, it should be a valid email and a password should be strong enough. On top of that validation I have that of my own. What I would like to do actually is somehow inform the user about those validation errors thrown by Firebase.
Problem: I can show the firebase errors only after the submit button is clicked.
It would be nice if it were possible to do this before a form submit. That's to say, if a number of symbols typed by a user in the password field is less than 6 the user should be notified about that.
So I think it would make sense to listen to what a user types and when they stop, make a request to some endpoint that returns an error object if the values entered don't meet the criteria. The responsibility of this request is to validate the fields and that's it.
Is it possible to make such a request in Firebase? From what I know it's impossible but I'd like to make sure, perhaps there're some nice workarounds or something.
This is something you're going to have to code up on your own. The Firebase SDK isn't going to make this any easier for you. I suggest being prepared to handle rejected promises from the call to createUserWithEmailAndPassword in order to determine if there's a problem with what the user entered, and prompt the user accordingly.
As I wrote in the title, is there any way to do that?
For example, Let's say I make some form tags that users will be typing their names and email addresses and submit button with html.
And the user inputs will be sent as an email to my email address as they press the submit button.
I think it is a dangerous thing to try because of security reasons but I wanted to know if there is such a way to do so.
Thanks!
So you know how you are presented with a login screen and then, you fill it out, and then the browser loads the next page? At this point, somehow the password manager bar pops up for LastPass, 1Password, or some other extension, asking if you want to save the password. How do they know you've just logged in successfully??
Forms are sometimes submitted and other times the js intercepts the form submit and sends AJAX.
The response comes back and may set a new cookie, but sometimes the existing session cookie continues to be used (allows session fixation attacks but some implementations do that).
A new location is loaded or reloaded but sometimes the javascript reloads a portion of the document instead
But somehow these password managers DETECT that I've logged into a site successfully! How? Is it because I entered something in a password field, and then some form was submitted or some network request was sent? But how do they know it was successful?
Anyone familiar with these password managers able to give some useful info?
The reason I ask is that I want to develop an extension that detects when you've logged in and somehow tries to extract your user id from the service. It is for the purposes of sharing your user id with friends automatically, and letting them know (with your permission) what sites you are using a lot.
Any hints on techniques to extract the logged-in user's id on the service would also be helpful.
They aren't actually aware of a successful login in most cases. They are aware that a form with a password field was submitted, and the response was a 200OK. This may still be a page displaying an error message.
As for extracting user IDs, I'm pretty sure you mean profile pages or something similar. That will have to be done on a site by site basis as sites will have their own APIs and route structures.
As someone already answered this question, I will agree with him.
They aren't actually aware of a successful login in most cases. They are
aware that a form with a password field was submitted, and the response
was a 200OK. This may still be a page displaying an error message.
Since browsers watch for the request having a password field in it and the response status, But still you can fool the browsers easily. To get to know about the logged in userid you definitely need backend support / api. It depends on the authentication frameworks used in the back-end. But you can get the form fields easily, but extracting / finding userid from the form fields is a quiet difficult task, In most cases, form will be having only two fields there you can manage to get the userid. But in some cases like banking sites they will send few dummy fields fool such tools, Also many fields will be encrypted in the client itself to protect man in the middle attacks. In some cases userid is different from email, So its difficult task.
They only detect if the form was submitted, and it a code 200 (OK) was returned. They don't necessarily know if you were logged in, but this method works on most websites. They might also detect if a new page was loaded afterwards, since a failed login doesn't usually redirect the user. I have, however, had a prompt to save an incorrect password before.
They can detect your current tab. and each HTML element of that page.
May we they have list of login page case to detect keywords like
login,username,forgot password. and check all keyword to identify this is login page.
They just ready page and even they can read your password (yes) .
If you made request from that page & response will be 200ok it means your password is correct.
Whenever to request to server with username and password the server checks these two entry into their database and the server will found your data it will return response code 200 and using AJAX success call back script will catch the response code and will show successful message.
and also return some sort of information you can store into localStorage of browser or into cookie for further use.
I have created a couple of pages static HTML and form: So when form is submitted it goes to second page.
Let's test
<form action="test1.html">
<input type="text" />
<input type="password" />
<input type="submit" />
</form>
</body>
Chrome don't bothered anything happened. While firefox has given a popup to save password even when form is submitted to an error page.
So firefox only looks for a form submitted with a password field and asks for save password popup box.
If want to create an extension which can check wheather user is successfully logged-in and then you want to ask for password remember popup. For that you have to check for server response. I couldn't create a dynamic page to to proof read it with browser example.
I need help.
We need to find a questionnaire in which the answer to the question (for example, telephone number) may not be the same for two users.
For Example:
Enter a phone number:
First the user enters a phone number: 123456789
And completes the survey.
The second user starts to question and answers the same phone number 123456789.
He receives an error message or a request to enter a different answer.
Or is there any easy implementation of this problem using php or javascript.
Maybe it is possible to implement with surveymonkey api.
I would be glad of any help or advice.
Google forms writes to a spreadsheet database, allows regular expression fields and attached scripts. Set the field to mach your required format, then validate the response with a script.
Your requirement is persistent storage. You will either require a database, such as MySQL, and use PHP to access it, or a third party application such as SurveyMonkey. However, I can't tell you the limitations of SurveyMonkey, you will have to check their documentation.
I realize that this late and this thread is limited but for others looking for same answer. Here is how I did exactly the same thing for one of my coworkers using Examinare Framework and Examinare Survey Tool.
First, create a html form that sends the phone number to a form.
Inside that PHP file call Examinare PHP Wrapper and check if a recipient has this phone number on their recipient profile.
https://developer.examinare.com/apidocs/listrecipientsbygroup/
A tip: And loop through it the results.
If the recipient not exist, create the recipient. Make sure you add a fake or real email to prevent getting an error.
https://developer.examinare.com/apidocs/addrecipient/
Mark the recipient as a active in the survey.
https://developer.examinare.com/apidocs/markrecipientstosurvey/
Redirect to the survey.
If you want the recipient to return to a certain path then add redirect_url variable to the url with a valid url.
Hope it helps you and future seakers.
I am taking emails id's on input form along with other details like name, address,contact no etc. Now, User can enter any email id's.
e.g. abc#abc.com
I can do check for standard domain whether is it present or not. but Is there any way available to check that email id exist or not?
Is there any API available??
How can i detect wrong email id's.
would be grateful for help...
The only valid solution to detect if an email address exists is to send an email and wait for answer.
Most of the times you also want to be sure that your user is the owner of the account, and this solution does both checks.
You can't do this client-side only, you'll need a server-side API. Precise your language (or google "send email yourLanguage").
The way to check is to send a link to that email, user clicking on that link verifies if email is valid or not. Invalid emails won't response of course.
If email is valid and user clicks on the link you send him, you can register him or do any other action you want.