Just want to ask if there is some way to add automatic email confirmation to vb.net website.
I want that user create new account in the website and the website sent the confirmation link to them. Only if the confirmation email is clicked the user will be able to fully register.
I know that there are ways with build in login page from vb. But I'm using my own login. Mainly becouse the database where user connect is MySql.
something like this: http://www.asp.net/web-forms/videos/authentication/implement-the-registration-verification-pattern
Any idea where to look? most of the google search links are with php or to Microsoft Sql.
Thanks in advance for any good link or solution.
Petr
basically, when an user registers the account, you generate a confirmation # (I will use GUID), then send the user an email with the confirmation link. the confirmation link is the url of the confirmation page with the confirmation # as parameter, i.e. www.mysite.com/confirmation.aspx?code={guid} . you save the confirmation code in the database with the user account table (it could be in the same table or a separated table). the user has to click the confirmation url to confirm. when confirm, you just need to check whether the code is the same as the Guid in the database.
Basically, the process is the same and it has no much relation with mySQL or SQL Server.
here is an example, although it is C#, the same process, just a little bit different syntax in code:
http://www.webreference.com/programming/asp_net/registration-confirmation-system/index.html
also
asp.net confirmation mail send link that contains a unique identifier
Related
TLDR: Is it possible to email a login button which will open a web page and enter the appropriate user information into the username/password fields? Is it possible to embed this within an HTML button, or possibly in SQL injection? If so, where should I start my research to make this happen?
OK, so what I am tasked with is generating the billing lists for about 2000 non-technical users. Currently we use a third party billing site which does not have an API or any way to authenticate users from the URL heading. What we have been doing is using mail-merge to email users their username and password along with a link to the billing site. This is great, except that our users are... special. We get dozens of phone calls a day from elderly users who can't copy/paste the given information into the website.
What I am looking for is someone to point me in the right direction for making an email click here button that will open the web page, enter the username and password (from a CSV/XML of usernames/passwords) and click enter.
I'd even settle for opening the webpage with their credentials filled into the appropriate fields. Is there a way to do this? What is the best way to go about this?
Before we get into best practices/security, CC information isn't stored on the site, and the only user info view-able is the invoice, so security isn't a huge concern here since the users can't set their own passwords (username / password generated from static fields in another database silo).
Not looking for someone to do this project for me, but perhaps a few friendly pointers in the right direction for how to do this.
Is it possible to email a login button which will open a web page and enter the appropriate user information into the username/password fields?
Not unless either:
The website is specifically designed to allow that. Since you said it was a third party side, then you would have to ask the people who wrote it.
The site suffered from an XSS security vulerability. (Explaining how to search for one would be too broad for a SO answer, searching for one would be illegal pretty much everywhere).
I've been coding a website, it's nearly finished but I want users to be able to sign up for a newsletter. I've found that you can use the submit button but I don't know how to. How do you get the button to email you the information? Any help appreciated, thanks.
Typically the page contains a series of input elements ( think text boxes etc) which the user puts their data in to, the submit button POSTs a form to the server, the server can then access those form values and use them as required.
So in your scenario the server received an email address and name, for example, and you have an email library which can send that information to you. Alternatively of course you might put that information in a database so you can more easily handle subscriptions.
Look at this tutorial how get user email and save in database.
http://www.informit.com/articles/article.aspx?p=1924985
There's an interesting problem I'm facing as an educator. I want to collect user names in a form, but when I do that, it automatically enables students to email themselves a copy of their response.
I believe there's a way to somehow poll who's responded. When you enable the "one response per user" option, it doesn't require a stored user name. I know the information is out there somewhere - I just don't know how to get to it.
Any help would be greatly appreciated!
EDIT: I neglected to be specific about the coding aspect - apologies. I'm generating the form programmatically, and wanted to know if the information is stored somewhere in the response when the one-response-per-person option is enabled. After more digging, it appears that the easiest way to deal with this is to use an extension to handle disabling the email option.
Thanks for all your help!
you cant get the user email unless you enable that option like you mentioned. yes google might internally know who you are if you were already logged-in but its not perfect because using chrome incognito mode for example would not detect the email.
one way I can think is to:
1) with apps script generate an array of all student emails and a random password. dump to a private spreadsheet and use as your database for the next script.
2) in your forms, ask first as a form question the custom username and password.
3) on another script you can generate form urls with prefilled usernames and passwords and email each student their own custom form url.
when the student opens the form to respond, the username and password would be prefilled already.
not perfect but a malicious user would need to hack the email and if they can hack their email then they could also impersonate the user logged-in.
I have a requirement to generate an email to administrator whenever a user sign up. Administrator will approve the registration by clicking on a link provided in email and database should get updated, without admin to login to administrator console.
I am looking for best practice to code this scenario with keeping application security intact. I can generate email with dynamic rendom value attached to the link(provided in email) URL, but i am not sure how to keep a track of this on application side?
Any thoughts?
You could generate a random validation number when the user signs up, and store it in the database with the user record. Then generate an email with a link such as
http://foo.bar.com/approveUser.action?userId=<theUserId>&validationToken=<theRandomNumber>
When the approveUser action is invoked, check if the validation token stored in the database for the given user ID matches with the token sent as parameter, and if so, approve the user.
I am trying to implement a simple login system with facebook, but I need users to pick a username. What I was thinking was to get all the information I need from facebook, request permissions, then add the information to the database, redirect to a form asking for a username and then add that to the database, to the same entry.
I think a transaction is needed so I don't end up with any half completed database entries. But I've only ever used them on the same page, so I'm wondering if this is safe? If it fails then there is no point where I would be telling the database to roll back the changes and it would be with a transaction open.
Is this right or will it be ok?
I think you made it more complicated than it should be :)
No need to enter facebook id into database before username as you can always grab it later.
Forward user to login screen (or better just open login popup using javascript FB API)
Once user is logged in forward them to username picking page (or better do javascript popup without page redirect)
When user is entered username request the current user id from facebook on server side (by either using graph api or fql) and then if everything is ok enter this record to database.