Is there a way to have Google Forms send a confirmation email, containing a unique link that the user must click in order to validate the form? If the user does not click the link, the form is not accepted.
If it is simpler, I could also send a code to the user by email, which the user must input in the form.
Related
I handle user email verification as in the docs. When user verifies email by clicking the link does he also need to login also? Because after this process when I check it with "firebase.auth().currentUser" on console it returns null. I would expect it would auto login after clicking the verification link.
function handleVerifyEmail(auth, actionCode, continueUrl) {
// Try to apply the email verification code.
auth.applyActionCode(actionCode).then(function(resp) {
// Email address has been verified.
// TODO: Display a confirmation message to the user.
// You could also provide the user with a link back to the app.
// TODO: If a continue URL is available, display a button which on
// click redirects the user back to the app via continueUrl with
// additional state determined from that URL's parameters.
}).catch(function(error) {
//
});
}
Email verification does not auto-login. It just verifies the user's email.
You have 2 situations here:
User opens the link on the same device and it is opened in the same browser where the user initially logged in and sent the email verification, but in a different app. The continue URL takes the user back to a page of the same domain as the page where they initially logged in. In that case the user would be logged in.
The user opens the link on a different device or browser. In that case, the user is not logged in. You have to login the user again after they click the continue URL and are redirected to it.
As the email verification may happen on a different domain or the email could have been triggered from a mobile app, logging in the user on the action callback page after verification may be a bad idea and could leave a dangling auth state.
in the site in which I'm working the registration is mandatory to complete an order (is an ecommerce site). In the registration process, users have to fill in a registration form and then submit it. An email will be sent to users to confirm the account. After the confirmation (click on a link sent through email) the account is active.
I would to keep track of the user which complete the registration and then confirm his account clicking on the confirmation link in the email.
Basically, my questions are :Do users which submit the registration form, confirm their account? then, Do users which confirm their account make a purchase on the website?
I know how to track the submitting of the form (with event tracking or destination goal, it depends), but I don't know how to put a trackable link in the confirmation email. I can't use URL Builder, because the confirmation link is generated automatically and it depends on the account itself (each link is unique for the account). How can I keep track of it?
One solution for you is to include a Google Analytics _trackEvent call on the email activation page. Docs here:
https://developers.google.com/analytics/devguides/collection/gajs/eventTrackerGuide
This is the method we use to do something similar on our site.
I have a web application that creates user accounts, but I would also like to have the ability to have users that can sign up for subscriptions without accounts. All they have is a subscription page to modify email settings and enable the newsletter subscription.
My questions is how do I verify that the user is who they say they are without a username/password, and my second is how should they access this page. I dont want just anyone typing in the url with the email and access subscription settings for that user.
For each user entry you create a unique access code that you use in the url in order to validate that this is the user you want.
The subscription form will give these options:
subscribe by filling in your email
request to change your settings by just putting your email to another field
both action will send an email to you with a special url
the first to validate that this is made by you so you will enable this user & his email
the second to send him another special url to make any changes to his settings in the case that this use is active in your database.
For this unique code you can use md5 of his email with a timestamp when he was registered.
My client requirement for the password recovery is,
when user enters his email/username, system will email him a unique link. In users email, when the user will click the link,
system will take the user to the change password page. User will type a new password and his password will be changed.
Any idea how to do this??
Right now the change password page is only accessable for the logged in users. How do I let a user in to the page by a external link click?
This is a kind of a "Password change process":
Create a database table with the userId, createDate, closeDate, and a UUID
send the mail with a link to your page that has the uuid from the prcoess database table
if the user enters the page you check if the process is still open (closeDate is null)
user can change password
you set the closeDate
First check the user Email IF it exists then send him/her a unique email of the link
Example:
link : http:\\www.abc.com\passwordrecovery.aspx?ID="+Guid.NewID()
In this way you will send a unique email to every user also store this ID in the user table so when the user click the link you will be able to verify sender.
On your Password Recovery Page Check the value of Query String variable ID
and matched the ID of the user in the database if they are equal then show the password page of the required user.
Hope you understand it.
In your link use a unique indentifier as the query string. Intercept the params on your page load event and look in the database if there is a match.
I am developing an ASP.Net application that will need to verify that the user is legit and not a spam. Once the new user enters their first name, last name, email address, my application will send an email to verify the user's authenticity. The email would conatin a link that would confirm the users account.
I am looking help on what the logic is behind the email link. Once the user clicks the link, what happens?
I have had a website that has used Captcha, and not had much luck stopping spam (I know you can't stop 100% spam) similar to this Stopping spammers from creating accounts (reCaptcha not doing the trick)
As Rook has pointed out below, the simplest way is to use Captcha.
If you need to verify the email as well though, see below.
You could generate an approval GUID and pass it to the email URL which would mark the User as Active.
For example, add a column called ApprovalID to the users table and generate a new GUID when the user registers, i.e.
You should mark the user as inactive at this stage.
Example Guid 3F2504E0-4F89-11D3-9A0C-0305E82C3301
Then pass the User Id and GUID in the email body
Verify your account
Then a simple page verify.aspx
Code Behind
string UserId = Request[UserId].ToString(); // You can parse these as Guids
string ApprovalId = Request[ApprovalId].ToString();
TODO:
// Get user from database
// Match QueryString ApprovalId to Column ApprovalId
// Ask user to Log In
// Set user as active
Sending a confirmation link doesn't do anything to stop spam. Emailing someone a link with a Cryptographic Nonce just insures that they can receive email, bots can also receive email.
The best way stop spam is by using capthca, and I recocmend using reCapthca. You should prompt the user with a capthca when a user signs up for your service.