This is not a technical question at all but for some weird reason your support insisted I post this question on SO...
So anyways, I would like to change the email address of my account. I do not have access to the current email address anymore. I could just go ahead and create a new account, but wanna avoid the hassle of updating API keys, etc.
I tried doing it in https://account.here.com/ but there is an error "Unauthorized" when pressing submit.
How can I do this?
Turns out there was already an account using the email I was trying to use. A more meaningful error message would have avoided all this confusion.
Related
Using the Parse database platform in Xamarin.Forms, even though .NET development on Parse seems to have gone extinct.
Still though, love that Parse!
Anyway it seems like Parse automatically rejects a new user sign-up if they have the same email as an existing account.
Is it possible to turn this off, so people can register multiple accounts with the same email address?
I had the same problem , simply added a new field as customEmail and put email address there.
I have my firebase authentication set to prevent multiple accounts for the same email, but it doesn't seem to be doing that. See following pictures:
Has anybody experienced this issue before?
**Edit: Here's the details for reproducing this bug:
Pretty much the problem boils down to the updateEmail() function.
When a user signs up for my app I want to ensure I have an email for the user so searching for that user is easier. The problem is Facebook authentication doesn't ensure the user has an email for the following two reasons:
The user could have not allowed email permissions.
The user could have created their Facebook account only using a phone number.
Because of this, my
login code is somewhat complex but here's a link to my code with comments to explain everything (Note that I'm using custom Facebook/Google buttons which is why I had to manually do some stuff): Login Gist
If you look at the func getFBUserData() and see the comments above it, the bug is happening in the Case 1's first bullet point:
// 1) user's facebook does have email. This is common case
// - in this case, sign them into Firebase
// - could be that they previously didn't have email but now they do, so update Firebase user's email
This is the edge case where for some reason a user first didn't allow email permissions, then changed their minds and allowed them. What's interesting is that the code will still throw the .errorCodeEmailAlreadyInUse error, but the account will show up in the Firebase console as seen in the picture in the SO question and the following which I just did: http://imgur.com/yMjYXgH
Anyone know how to change the default verification email when subscribing? Its not using my microsoft email and it doesn't give me an option to change it. At least I don't see anywhere.
its this page https://www.microsoft.com/cognitive-services/en-US/subscriptions
Appreciate the help
For Reference
Registration Page Image
I logged in using a social network account and the default email changed. This probably seemed like a rookie issue but it really was a pain. There should be a way to set the email you want your confirmation sent to.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 4 years ago.
Improve this question
I am using contact form 7 (version 3.3) plugin to create a form and to send email. I have only 3 field:
firstname
lastname
email
When I click on submit button, email goes in junk folder.
The default CF 7 'from' field quite often results in the notifications being marked as spam. Change it to a proper email address, even noreply#yourdomain.com will work better than the default (as loan points out - missed that when I answered!).
If that doesn't help and it's actually the server you are hosting the site on that has been blacklisted, have a look at the WP plugin that allows you to use SMTP rather than the PHP mail() function.
http://www.wordpress.org/extend/plugins/wp-mail-smtp/
That can sort it too.
The recipient of the e-mail decides what e-mail content is to be considered "junk". Make sure there is a "from" e-mail in the e-mails sent out by the plugin. Then, in your e-mail client, add that address to a white list so that all future e-mails from it will always be considered legitimate.
Does your WP runs on a top level domain ? and on own hosting ? if you do try signing your domain with the SPF records and DKIM records.. Most of the main email providers look for these records on their incoming emails, before they decide it's a SPAM Hope that helps..
Avoid to use too much links in your e-mail, cause that will increase the chance that the mail will be marked as spam.
I had the same problem, but solved it by removing some links in the automatically generated mail.
I've just been resolving the same situation
My mail was being put in the spam folder and the email message wasn't being sent. I found this Link and added this code in my functions.php file:
function cdx_from_email() {
return "wpgod#yourdomain.com";
}
add_filter( 'wp_mail_from', 'cdx_from_email' );
function cdx_from_name() {
return "WPGod";
}
add_filter( 'wp_mail_from_name', 'cdx_from_name' );
By default your site will send as; from 'wordpress' by changing this to my name and email address everything worked sending to gmail.
This was all tested on a local MAMP set-up.
Although this question has already been answered, I thought I added this because the answer here provided was always my way to fix it until recently it stopped working again. So, I just came back from a seminar that targeted this specific problem. And I'm sharing :)
Most emails sent from third party applications such as Wordpress, Joomla, or Amazon get diverted to junk and sometimes they fail and get stuck behind a security layer. I know for a fact with Wordpress Contact Form 7, this is the case many times.
As much as I hesitate to relay on plugins, this one helps a lot! WP-SMTP
Before you do anything ensure your SMTP settings are written correctly and make sure the fields are filled correctly. This means ensuring these are the settings you are using for Outlook:
From: your email ("asdf#outlook.com")
From Name: "Your name or company name"
Host: smtp.live.com
Type of Encryption: TLS
SMTP Port: 587
SMTP Authentication: Yes
Username: Same you use to login (usually the complete email address)
Password: Enough said there
IMPORTANT - Send a test email even if it fails. The point is to trigger an activity in Outlook and have them flag it as an
unauthorized connection
Now, to the fix:
Go to Outlook.com
Login
go to Account Settings
Choose Security & Privacy
Click on "See my recent activity"
The most recent activity should be the fail attempt. Authorize it as a trusted connection.
Done!
Re-test and you shall see your emails showing in the inbox as an authorized connection. Doing these steps let Outlook know that your emails from Wordpress are legitimate connections and not solicitations etc.
As you have been advised changing the default cf7 to noreply#yourdomain.com may give you a better result however, from my experience, more often than not, this is a problem with your hosting company's restriction of the PHP mail () function and not cf7 itself.
Since wordpress by default sends email using the PHP mail() function, which is already very popular for not being reliable, you should expect to lose some mails to the junk.
you can loose some mails to the PHP mail() function for a number of reasons but top of the list is:
Most hosting companies restrict usage of this function to prevent abuse and spam.
So if you are loosing emails to junk, chances are your hosting company is restricting the usage of this function for reasons mentioned above.
Solution:
Your best choice is to use SMTP (simple mail transfer protocol) in place of the PHP mail () function for sending mails.
The SMTP is the industry mail standard and it uses proper authentication which ensures more mail delivery than the PHP mail () function which have a solid reputation for helping to conduct throngs of your mails into junk.
A simple fix for this malady is to install and configure this plugin Post SMTP Mailer/Email Log
I logged into Hotmail, opened the Junk folder and ticked the box next to one of the messages from my form. Up top there appears a "...", click that. Create a rule (delete others by clicking the X) that allows all from the domain your form is on, that moves it to your Inbox.
That's how I did it. Except I used the rule that says anything with "These words" in the subject line (see the Contact Form 7 settings and put "those words" there before the "[your-subject]").
net website, i would like to implement forget password. I am using following steps
Form having input box for login Id and email Id and CAPTCHA
when user enter details and submit, at backend after validation new password is generated and replaced old password at database.
New passowrd is send to user at email.
Please help me whether i am doing right or not?
Is there any other secure mechanism for the same?
[EDIT]
Thanks, i got your reply. Really this is a secure mechanism. But here i have few doubt
What message should i shown to user when he enter loginId and email address at forgotten password page?
Whether message would be same for valid user and mallicious user?
Advantage of using CSRF token? Any help / link
When user click on link then what should i do; because as i guess user should automatically loggin into their account -then after that i have 2 choice (first) send new password automatically to user (second) new form will shown to user where user will enetr old password and new password twice?
Please help?
I can see why you'd want a CAPTCHA, but I'd take a different approach.
When a password reset is requested check that a reset has not already been requested for that account within the last X minutes. If a password has already been requested ignore the reset request.
Check the IP requesting the password reset. If that IP has requested a password reset in the last Y minutes ignore the request.
If the checks in 1 & 2 pass check the account exists. If it doesn't ignore the request.
If we've gotten this far generate a one time token, which expires in Z minutes and a password reset URL which encompasses this token. Email this to the registered email address. When the URL is loaded prompt for a new password and reset.
For those who believe that you should tell the user where the email has gone I strongly disagree. This is "information leakage", even if you do limit it to the domain name. For example say I've registered on JeffAtwoodEatsBabies.com as blowdart. If Jeff had requested a password reset for me and you showed the registration domain then he'd see idunno.org. This is my personal domain and thus Jeff would know the blowdart user is, in fact, me. This is a bad bad thing. I should not have to register using hotmail or gmail or whatever in order to protect myself from your code showing an email domain to all and sundry.
In addition you shouldn't be showing error messages at all. No matter what happens, a username is not actually registered, or too many requests have been made or the sky has fallen you should be telling the user that the password reset procedure has started. Informing a user that an account doesn't exist is more information leakage.
One final thing you could do is add a CSRF token to the reset request page, so it cannot be driven from other web sites.
Followup
So to answer your further questions.
What message you show is up to you. "Instructions for resetting your password have been emailed to the registered email for this account" is one idea, but really it's down to your audience.
Already addressed above.
Wikipedia is a good starting point. How you do it depends on your platform and is a complete other question! For ASP.NET you could look at my codeplex project, http://anticsrf.codeplex.com or look at ViewStateUserKey.
When the link is clicked I would first validate the token in the URL against the username it's being applied to then I would either allow the user to enter a new password, or generate a new one and email it. You can't prompt for the old one, as the whole point is the user has forgotten it!
There are many ways this has been implemented. As you said, generating a new password and sending it to the registered email address is one method. I wouldn't suggest you go that route though, as my password would be reset everytime somebody tried guessing my password.
Instead, the best thing I've seen to date is simply emailing the registered email with a link that will begin a password reset process. You may even let the user know which email address to check by showing a masked version of their email address used in registration:
An email was sent to ********#hotmail.com. Please check your inbox to continue.
Be sure to keep in consideration those of us who may forget which email address were registered with - typically a few security questions are a great way to make that information available.
I've done that recently. When the user enters their username or email address, we generate a unique token and email it to them as part of a link. Upon receipt of that email, they click the link, and are automatically logged in, taken to the my account screen, and prompted to reset their password.
Of course, this relies 100% on the security of the email client, but it's hard to beat from a usability perspective.
You shoud check the answer to the question : Can anyone provide references for implementing web application self password reset mechanisms properly? from D.W. on security.stackexchange.
It is the most complete answer I found on the subject. I also suggest you to read this article : Everything you ever wanted to know about building a secure password reset feature