Is it possible to create a WordPress account for users who submit an email (no password or username) through an email collection form?
I am looking at sending the user a link to their email to set a password and setup the account in full. The use case is content locking to signed up/logged in users without requiring them to go through the full sign up process. Thanks
I would recommend one of two options: 1) search wordpress.org for a frontend user registration form that may allow you to customize the password options or 2) simply use a generic form or subscription plugin to collect user info, create the new user on the backend manually and then send them an email with a link to change their password
Related
I'm working on a Node js project using Firebase. Currently, I store several User fields in the database under their email address. (Users > Email Address > (five different fields)). One of these fields is the user's password.
In my Reset Password workflow, I have Firebase send the User a reset password email. After the user goes through the link in that email, they successfully change their password and can now log in with their new password. My question is how can I grab that new password, and update the Users > Email Address > password field in my database right away? Currently, this field is holding the old password that doesn't have any use any longer.
I don't believe we will need this field for the project, but I want to keep it updated for now in case another member on my team needs it. Thank you
My question is how can I grab that new password, and update the Users
-> Email Address -> password field in my database right away?
By using the standard reset password email mechanism proposed by Firebase you cannot "grab" the password.
You would need to implement your own mechanism as explained in the "Create custom email action handlers" page in the doc.
As evocated by #Kiran in his comment, storing users' passwords in your Firebase DB (Firestore or the RTDB) can be dangerous: you should take care that they cannot be read by some malicious users, typically by using security rules.
It can make sense, from a specific business/admin/organisational reason, to store users' password in a Firebase DB but then you should correctly protect them.
Firebase Auth has a method to send a verification email so the user can reset his/her password. This link redirects the user to a website where the new password will be written and saved.
Is there a way to reset a user's password using flutter and firebase inapp? I mean, could I send a verification code through SMS or email that would be then typed into the app and the user would choose a new password all inside the app?
Thank you!
To be able to change a user's password directly through the API, the user will have to enter their current password in order to be able to update it.
If you use the Admin SDK however you can implement whatever flow you want, and update the password at the end of the flow. But of course in that case it is up to you to ensure you do it securely.
You can do so by using custom email handlers along with dynamic links to open them in your app. This might require a custom domain to do so. Once the user visits your application on the custom route/page, you can then use applyActionCode method to process the email action. Checkout my answer here for a detailed explanation on processing the email actions:
How to build a custom Email action handler in Flutter for Firebase Authentication
I am using wp-members plugin for user registration and login. But I have to send a verification link in mail when user registers. How can I do that?
you can also use theme my login so you can easily achiv this.
Require users to be approved or confirm e-mail address upon registration
one of this plugin options
I have a web application that creates user accounts, but I would also like to have the ability to have users that can sign up for subscriptions without accounts. All they have is a subscription page to modify email settings and enable the newsletter subscription.
My questions is how do I verify that the user is who they say they are without a username/password, and my second is how should they access this page. I dont want just anyone typing in the url with the email and access subscription settings for that user.
For each user entry you create a unique access code that you use in the url in order to validate that this is the user you want.
The subscription form will give these options:
subscribe by filling in your email
request to change your settings by just putting your email to another field
both action will send an email to you with a special url
the first to validate that this is made by you so you will enable this user & his email
the second to send him another special url to make any changes to his settings in the case that this use is active in your database.
For this unique code you can use md5 of his email with a timestamp when he was registered.
A customer ask to create a one step form : registration + login;
I have configure plone to let the user choose the password, so at data level we should be able to achieve this.
Now at code level, I have no idea which API I'm supposed to use to 'logged in' a user while having it's username and password.
By default Plone show two screen after the registration before having the web site:
registration form
success page with a login button
success logged in page.
have to move your self in the website has member
I want to short cut this to:
registration form
redirect to dashboard
You can use the updateCredentials() method on the acl_users user folder; it'll call the right plugins, resulting in a cookie being set for the user in a default Plone setup:
users = getToolByName(self.context, 'acl_users')
users.updateCredentials(self.request, self.request.response, username, password)
The method needs request, response, username and password parameters.
Customize portal_skins/plone_login/registered and insert a redirect to the dashboard.