when user given username and password then click on login button. If login fails then redirect to login page but remove username but i want to retain username. i am using spring security version 3.1.4
You can try as below. This worked for me.
<input name="email" id="email" type="text" value="${SPRING_SECURITY_LAST_EXCEPTION.authentication.principal}" required email>
Hope this helps!!
Related
I have a member login system (symfony/php website). When the member logs in, the browser asks the user (as most browsers do nowadays), whether the username and password should be remembered. So far so good.
When the user needs to set a new password by the "forgot password"-link, he will receive a link via his email address. When the link is clicked, he gets a form with two inputs (newPassword and newPassword2) where he can decide on a new password.
Since there is no username-input on this form, the browser cannot know, to which username he should save this password.
How can I make the browser know what the correct username is? I have all data available, but I don't know how to present it to the browser in a correct way. There should be no additional fields visible to the user.
I tried
<input type="hidden" name="username" value="some#username.com"/>
but at least Google Chrome doesn't seem to read that value for its password manager.
No need to send the username to the browser (it's dangerous, I will explain further). When the "forgot password" link is clicked, generate a unique key and store it in a special field of the user table in database (i'll call it "validation code"). This validation code will be inserted in the link sent to the user. When the user click on this link in its email, this code is inserted in a hidden field of the "new password" form. This key will be used after submit to determine the user.
I recommend you not to insert the username directly since a malicious user could modify the HTML code to set the password of any user account.
i'm having an issue using wordpress pathing when i use paypal button. the paypal button is working if the form code is not encypted but when i encrypt it does not work
sample code
without encryption
<input type="hidden" name="notify_url" value="<?php echo get_bloginfo('template_url');?>/myfile.php">
with encryption
<input type="hidden" name="encrypted" value="-----BEGIN PKCS7----- blahblah -----END PKCS7-----
what can i do in order for my notify url work?
The URL cannot be encrypted.
see the PayPal IPN Integration Guide. The request to your notification URL will contain some information which you can send back to a PayPal server to confirm to confirm for yourself that it was really sent by PayPal, and to let PayPal know that you received the notification.
Is there a simple way to set recovering account's password to work with email instead of user name?
Or I must override mail_password_form template and it's related script?
(Our users seems to forget user ids, too...)
It seems Plone already has this case implemented in mail_password_form.pt.
<label i18n:translate="label_my_user_name_is"
tal:condition="not:use_email_as_login"
for="userid">
My user name is
</label>
<label i18n:translate="label_my_email_address_is"
tal:condition="use_email_as_login"
for="userid">
My email address is
</label>
In Site setup -> Security (##security-controlpanel) check: Use email address as login name (Allows new users to login with their email address instead of specifying a separate login name. Existing users can still login with their user id until you use the ##migrate-to-emaillogin page as a site admin. It is recommended to do that immediately after changing this option.)
(Working for simple accounts, but not useful in my case - ldap accounts.)
I am working on a Classic ASP application hosted on IIS 6. User can enter the details in Enter_details.asp page and click on send email button to receive email confirmation. After clicking on Send email button, page is redirected to email.asp page and email is sent.
If users refresh the email.asp page, a duplicate email is sent with the same details. How to check if an ASP page is redirected or refreshed and avoid duplicate emails?
Page1: Enter_Details.asp page
<form action="email.asp" method="POST">
<input type="Submit" name="Submitbutton" value="Send E-Mail">
Page 2: Email.asp
code to send email goes here.
What i want is to alert the user if an email is already sent.
How to check if an ASP page is redirected or refreshed?
The page the user ends up on shouldn't be the one to actually do the emailing.
In your situation, Enter_details.asp submits data to email.asp, which does the emailing, and tells the user the email has been sent. Hence, if it is reloaded, both actions will be repeated.
If you leave the emailing functionality where it is in email.asp, and when this is complete, do a Response.Redirect to a new page emailConfirmation.asp which simply tells the user whether the email has been sent successfully or not (you could pass a success flag, and any other details required, through to it via Querystring or Session from email.asp).
Then, if emailConfirmation.asp is reloaded, no duplicate emails will be sent.
I am attempting to do a POST securely from one website to another. Instead of trying to do our own encryption or hashing I would like to use SSL. Is it possible to do a form post from one site to another using SSL that would be completely secure for transferring the user information?
You can't redirect the user's browser to another site with POST (the redirect will switch to a GET), but you can certainly have one server initiate a POST to another site over SSL.
A simple form post should work.
<form action="https://theirsite.com/Form.html" method="post">
<input type="hidden" name="UserID" value="1" />
<input type="text" name="UserName" value="Quickfire55" />
</form>