From what I've gathered, mail won't work offline using WAMP unless set up. So right now I have users that aren't activated. I'm not able to log in(or register) to wordpress as a registered user to create a specific additional functionality. Is there a way to get around this without taking it online?
Additionally can you collect more information from a registered user via additions to the form? How much access do you have to this information? The end goal is to try and keep specific information only visible to certain registered users. Only registered users that I allow would have access.
The Online/Offline of WAMPServer only changes the access allowed to Apache
Online = Apache accepts access from any ip address
Offline = Apache only accepts connections from the local PC i.e. the one running WAMPServer
The reason you cannot send emails is that Windows does not have a mail server installed by default like a *nix system. If you want to send emails you have to install some sort of email server that PHP can pass emails to.
There are a number that you can use :
I prefer hMailServer but it is a little complicated to configure unless you understand a bit about mail servers
Alternatively you could try fake Sendmail for windows
Related
I've recently hosted my wordpress website through AWS Lightsail. The site has a contact form and a newsletter, but neither are working. I'm also unable to send a password reset email through wordpress, receiving a message that the host may have disabled the mail() function.
How do I setup email on my website? Is it handled through the domain or the host? I've read that I may need to sign up for AWS SES, however I'm unsure how to proceed. My client has also informed me that they have Outlook 365 setup for the domain, but I'm unsure where that fits in.
Apologies for the vagueness. I'm new to hosting websites online, and have been unable to find any useful tutorials/resources so any help would be greatly appreciated.
I would suggest not hosting your client's email through your Lightsail server. There are a lot of extra headaches to consider and there are other services that are more reliable and offer a better more robust user interface than the options available on server.
To get your client a custom domainname email address (ie joe#domainname.com) here are two options:
Zoho -
Cost: FREE
You can sign up here: https://www.zoho.com/workplace/pricing.html?src=zmail
You need to verify the domain name for this to work (either by adding an HTML file to the site or a CNAME to the domain)
GSuite by Google - Cost: $5/user/month
You can sign up here: https://inbox.google.com/u/0/search/google%20suite#m_-1052842142248281614_
You can also get some good promotional codes to get 20% off the first year - here's one: 9746YLRVNWERPAH
And, to your question about making sure forgot password emails are sent, make sure sendmail is installed on the server (apt-get install sendmail), that the /etc/hosts file contains the following
127.0.0.1 localhost localhost.localdomain yourhostnamehere
and that port 25 is open on the server.
I am trying to create an authentication system that works within the limitations of my organisation's network infrastructure both when inside the local network and outside.
When inside the local network I want people to be able to access this ASP.NET Web Forms application without having to log in using their Windows login.
Externally I want people to have to log in through a custom login form.
The reason is that Windows authentication does not work outside of our local network, due to the local infrastructure.
So, I created a password protected folder by disabling anonymous authentication just for that folder, and then on every page request I check if the user is flagged as being logged in (details on how I do this are unimportant) and if they aren't I redirect to a page that does an AJAX request to a web service located inside the password protected folder to see if they are logged in on the local network. If they aren't then it redirects to the custom login form page.
Now this all sounded like a good idea at the time but in practice it does something undesirable... When an external user attempts to access and the AJAX request is made, I get a browser username and password prompt which has to be cancelled to continue.
I appreciate that this type of authentication is part of HTTP and probably can't be bypassed, even using AJAX, but any ideas how I can get this working without the username/password prompt or an alternate way of checking whether local network or external access?
I know I could check the IP address but I understand this can be faked (although that would only cause an issue to the user attempting to do this).
I also know I could have a different entry point for internal or external but I wanted to avoid this.
I couldn't find a solution for exactly what I wanted to do, so I opted to check if the user was on the local network by checking their IP address.
Although this is sent via a HTTP header and can be faked, it will only result in the user being prompted for username and password via Windows authentication.
I am currently doing work for a client and am running into a bit of an issue when an email receipt is sent to the user. What is happening is that once the email address is delivered the from address is completely different then the one I am using. I have tried using a few different email addresses and they work fine. It's only the one that they really want to use that is causing the problem.
I don't have access to their site and am also unsure of how the mail is sent. What I am wondering is if anyone knows the questions that I can ask to figure out what is going on on there end. They recently changed who was handling their site so I have a feeling something may be getting mixed up.
The site is built with WordPress and is using Gravity Forms. From the changed email address I can see that they are using Bluehost since the email changes from #companyname to #boxXXX.bluehost.com.
Email servers are not my area of expertise so I really appreciate any help.
Very likely their Wordpress website is sending emails through the wp_mail() function which is nothing more than the usual mail() function from PHP.
By default if you send an email through this method it will display either the hostname of the server where the website is sitting or the SMTP server, in this case boxXXX.bluehost.com depending on what's the policy of Bluehost regarding sending e-mails.
Generally hosting provider switch off the php mail() function in shared hosting environments to prevent spam and they provide you with the details to connect to their SMTP server and send legit e-mails, if their server is sitting on a shared hosting I think you might need support from Bluehost directly, explain to them the situation and they will help you throughout the process.
If the website is sitting on a virtual dedicated server then they need to do additional configuration on it. In this case what I do is to access onto cPanel and create a new mailbox with the address I want to send from (wordpress#domain.com, info#domain.com, whatever the client wants to be displayed) and configure Wordpress to send with through the VPS SMTP (you can do that easily with this nice plugin: http://wordpress.org/plugins/wp-mail-smtp ) with the address and password you chose when creating the email account on cPanel.
From now on the email will show the correct address.
Also you might want to increase the deliverability of your message and to instruct the email servers that are receiving the email that you're using a legit account, so you should add to their DNS both DKIM and SPF server records.
Note: I suggest you to be extremely cautious when playing around with DNSes, especially when touching email related records. If you are not familiar on how setup new and change the current existing records ask for help from someone who has quite good experience and to guide you through the process so you understand how it works and the consequences of a bad formatted or clashing records.
We recently had a really bad couple of hours at work when someone touched the company records without any clue of what was doing and we ended up with no email and website working for several hours.
I'm having a similar problem as was discussed in this question:
authClient.login returning error with "Unauthorized request origin"
I can't find anything on the firebase site that directly addresses this problem so I have 2 questions about the "unauthorized request origin":
1.) If I'm testing my program through my own computer (as in, it's just a file on my computer), what exactly am I supposed to add to the Auth panel? I tried following the advice offered in the link above but no luck.
2.) My eventual plan is to create an app using firebase and it's login system. Is this going to be a problem for when users try to login? Is there going to be something that I need to allow so that any user will be allowed to login to the system?
With the release of Firebase Simple Login, which contains a number of OAuth-based authentication methods (Facebook, Twitter, GitHub, etc.), we included the idea of 'Authorized Origins'. Without this restriction, malicious sites could pretend to be your application and attempt to access your users' Facebook, Twitter, etc. data on your behalf.
By restricting the domains for these requests to ones that you control and have verified, we can protect your users' data. Once you have configured your application domains, your users will be able to log in seamlessly and securely from the domains you defined.
To fix this error, log into Firebase Forge (by entering your Firebase URL into your browser), and navigate to the 'Auth' panel on the left.
For testing locally, you'll need to run at least a barebones webserver on your machine, rather than loading your test files via file://. The easiest way to run a barebones server on your local machine is to cd to the directory of your files and run python -m SimpleHTTPServer, which will allow you to access your content via http://127.0.0.1:8000/....
For your users, configure the domains that you'll be using to host your application. This can be any number of specific subdomains (such as a.b.www.domain.com) or high-level domains which will act as a wildcard (domain.com will allow requests from *.domain.com).
You can configure multiple application domains or IPs here, comma-delimited.
See https://www.firebase.com/docs/security/simple-login-overview.html for additional documentation about application configuration for Simple Login.
I hope that helps! Feel free to ping me directly if you have further questions.
I have my website, and it records the number of visitors, IP and time of access...
I want to identify each visitor... I think that this was possible recording IP Address... but when the IP is dynamic, my system fails. So I think that I can solve it recording MAC address... is possible? What language should use? PHP, ASP, Javascript?
Thanks
Edit: What I can use to identify each user without having login information (username & pwd).
The MAC address, by TCP/IP standards, is never communicated outside of the local-area network to which it pertains — routers beyond that LAN don't even get the information you're trying to record.
There are many other ways to try and identify unique visitors, including matching the user-agent's details in addition to the IP, serving cookies as part of your response, etc… it is, after all, a core functionality in the field of "web analytics".
MAC addresses are simply not part of the gamut of techniques that it makes sense to utilize for it!
It is only possible if you use a technique where you install a "native" app on the client machine. For example, an activeX component, java applet or a client application. Then that application, once installed can get the MAC and then call to your web server with the MAC as an argument. In other words, you have to build your own front end "browser" to handle logging in. Then once the user is logged in, you can launch the app in the default browser.
It would be nice if future browsers allowed users to give permission to specific sites to access the MAC. Then if a site had a button that said "Register this device" the web application could do so without needing an additional native app installed (after all, the browser IS a native app).
Can't you just have them store a cookie, so that when they come back they can be uniquely identified? No username/password requirement.
http://en.wikipedia.org/wiki/HTTP_cookie
Sorry but sending MAC address isn't part of the HTTP. However, you can use cookie to identify different users. Any backend language will do (add cookie in the server side). You can set the cookie in the client side using JavaScript too.