I want to send an email with a link, so that the user can reset his password. I need to check first if the email exists in the system. Does Laravel 5.7 validation features has the ability to check this or will I have to use Eloquent and search for the email?
yes you can use laravel validation rules. something like:
'email' => 'required|email|exists:users,email'
more description
Related
Using Symfony 5, Is there any way to avoid user edit (using browser inspector) on hidden input field?
My use case is:
My website can display to a user A a list of recommended user.
For each recommend user displayed, the user A can click on a recommended user to send him a message.
To do that, I am generating a specific form for each recommended users and the form contains an hidden input field with the recommended user ID as value, and a submit button to send the message.
I would like to ensure that the user A do not change the input hidden field in order to contact a user which is not recommended.
To do that, I am checking on server side, when the form is sent, that the user id in the form sent is an ID of a recommend user. It is working but I would like to avoid this double check on my side.
Nevertheless, as I am already using CSRF default protection, do you know if Symfony could do that natively? I mean to ensure that this hidden input field has not been changed by the user? By configuring a parameter for this HiddenType field?
Because as I am already using CSRF protection, symfony guarantee the security (against CSRF attacks) when I use $myForm->isValid().
I guess Symfony is storing the CSRF token somewhere...
So we could imagine Symfony could store solewhere HiddenType fields that we could flagged as "not-changable".
And the $myForm->isValid() could check CSRF token validity as usual + hiddenType field flagged as "not-changable".
What do you think about it?
This feature already exists?
Is it a good idea? New potential feature?
checking on backend is a must, it will be bad idea to relay on security or a control on client side
I have a web app, using ASP.NET Identity 3.0, in which I create the users (instead of users registering themselves). I send a confirmation email to validate their email accounts. The idea is that they come in through the URL and, since they don't have a password set yet, they will set an initial password and validate their email in one fell swoop (I'm trying to kill two birds with one stone as elegantly as possible).
The problem is that I shouldn't confirm the email with UserManager.ConfirmEmail() if the password they entered isn't a valid password as per the complexity policy because this will expire the token. The only way I know to check if a password complies is to actually try to set it with UserManager.AddPassword() but I shouldn't try to change it unless I know the email confirmation token is valid.
How can I check if a password will be compliant without setting it? Or how can I check if a token is valid without expiring it?
ASP.NET Identity 3.0 does provide a password validator that you could use to check if a password is valid before taking other steps.
Here is where you can find the actual code.
Here is where you can find some unit tests that will give you an idea of how to use the password validator.
The general usage looks like this:
var validator = new PasswordValidator<User>();
var result = await validator.ValidateAsync(UserManager, null, passwordToValidate);
if (result.Failed) // Failed Validation
if (result.Succeeded) // Passed Validation
The 2nd parameter to ValidateAsync is the User instance, but that may not be applicable in your situation, so it is null here.
I hope this helps you out.
Im trying to find look into functionality for forgot password,right now drupal
sends a link when user enters a emailaddress or username
Instead i require a random password to be sent to the user when requested for
password.
I know there is a module recovery password,after installing .its not working
Can any one suggest me any module or How i can write a custom module for that ?
There are few modules promising that feature (but I didn't try any):
https://www.drupal.org/project/rpt
https://www.drupal.org/project/genpass
i was wondering if any one can advise me on how i can go about implementing a email and account validation feature in my ASP.net website. so when a user creates an account, an email is sent to the email address used, and the user needs to verify that email address to be able to logon.
thanks
Suggested workflow..
Create an account for the user in your database and mark the account as "to be validated"
Produce a random key, maybe a GUID and add it to the users account
Email the random key to the user along with a unique URL, e.g www.myurl.com/validateuser.aspx?userid=45532
To email using asp.net use the system.net.mail namespace - lots of bits on the internet about this.
On validateuser.aspx ask user to enter key sent to them in email.
Check if keys match. If so update db record to "validated"
Edit
By the way, there is a nice answer here on Stack Overflow if you are using forms auth
you can use regular expression of email id check after validation save id in database and and on button behind code of registration write code for sending email using system.net.mail
many email sending function available on internet.
after registeration using coding to check on logon either the email exists in ur database or not.
This is almost a year too late, but for the records you should use the built-in ASP.NET Membership functionality because you get all this (and much more) for free, no need to make e-mail validation logic if it's already made for you is it?
http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
I'm try to use drupal open id module. When i used to login using any provider id(yahoo,google,facebook..) it goes to registration page of my site. My question is how to populate details of the user to my form without additional burden to the user ?. For ex name,email-id etc. Is there any module associated with it ?
I haven't tried this, but this module sounds like it does what you want:
http://drupalmodules.com/module/openid-autoregistration
"Module allows automatic registration of (successfully logged in) OpenID users, even in case OpenID provider didn't supply data necessary for Drupal user registration (valid username and email)".