My custom policiy for forgot password is based on this documentation: doc
how can I add to the 3rd page before password label, a label and an input text for readonly email?
To add labels, you need JavaScript.
For "readonlyEmail" look at this sample.
You'll see it copies it from "email".
Then in "LocalAccountWritePasswordUsingObjectId". set "readonlyEmail" as an input and output claim.
Related
I used this documentation to split email verification and sign up for my sign up process.
I found in other questions that to skip the email changing step, just hide the email change button. My need is to create a button in the 4th step to allow to change the email.
Is there a way to give the same behavior to the button created with JS as the one hidden in the previous step please?
PS : I tried to give it the same id and class name to the js button but it didn't work.
If you make the email field in 4th step not read only, and apply email.verified as the partnerClaimType (like default starter pack), it will force email verification if it’s changed on that page to anything other than what was pre populated.
I am a naive programmer and currently using web2py to create a web app. In the website I ask the user to enter the password first. In the models section, in db.py I have written the following code for entering password:
db = DAL('sqlite://webform.sqlite')
db.define_table('register',
Field('password', requires=[IS_NOT_EMPTY(),IS_MATCH('somepassword',error_message='Invalid password')]));
Here, 'somepassword' is just a predefined password I have given for testing.
How can I make the field to display "*" or dots while the user is entering the password? like in the image given below?
The DAL has a password field type:
Field('password', 'password', requires=CRYPT(min_length=8))
Password type fields by default get the SQLFORM.widget.password.widget widget in SQLFORMs (which you can also set manually on any field via the "widget" argument). The HTML input type will be set to "password".
As shown above, it is also recommended that you do not store passwords as plain text but instead store a hash of the password, which is what the CRYPT validator does (it can also be used to enforce a minimum password length). You can specify additional password complexity requirements via the IS_STRONG validator (though make sure that validator is applied before the CRYPT validator, as the latter tranforms the password).
I have Created the Custom Form in the Orchard CMS in which i have created one field for Password. But when i enter the password it do not get Mask. I want to Mask the Password enter by user. I have enabled Custom Field module in Orchard Module. But still i am not getting the exact solution for it. Please help me to get out of this..
There is no built-in password content field in Orchard.
You could however use a Text Field on the content type of your choice to store the password. Then, enable the Shape Tracing feature, hover over the generated Text Field editor and create an alternate for it (as specific as possible, so it will be used just for that field). With this alternate in your theme you can override the html of the field and change the text field's editor to that of a password input box.
I'm new to the Zend Framework and I have a problem to create an edit form with the Zend_Form.
My problem is that I need to store the entry ID during editing, I've seen some examples that are using a hidden form field, but a hidden field can be manipulated by a user.
So: how can I set a form field which gets populated by $form->populate($data); and is available after submiting the request but is not editabel/visible to the user in any way?
Thanks for any help!
I'm not sure if there's really a point in trying to hide the value.
Consider the following:
To display the correct editor form, you need the ID of the object that is to be edited.
Before allowing the user to edit a certain ID, you would check if the user can edit it or not.
Thus, if you put the ID in the form, it shouldn't really matter:
When you POST the edit form, you should again check that the user can still edit the ID.
If the user changes the hidden ID, it doesn't really matter. They could still go and edit the other ID by finding it on the site. (This is assuming your check didn't tell you the user does not have access)
what kind of data you wanna hide?
data should be in post or get.if you dont put your data in your form,then you will have to use GET which is less secure than POST.
If you have some data and you dont want the user to see those data,then you should not put those data in a form.you can store and retrieve hidden data using forms submitted values.lets suppose your hidden field is users password.you dont need to send password back to the client when client is editing the form.you can manipulate password in your controller according to the user`s submitted first name and last name.
If you still insist, you may wanna try encrypting data using ZF and echo ing your value and setting encrypted data into a hidden form element.
Zend_Form generates an HTML form element with the form elements you specify. So its element capabilities are narrowed to a simple HTML form.
The hidden form element is used to pass those data that the user is not supposed to enter by hand. But as you yourself said it, there is no guaranty it could not be tampered. so no security is provided by using a hidden form value.
Most of times you'd better use server side values (like stored in sessions) to reference to values that are to be protected from user.
I suggest you keep the ID in a session value, and then you could use the session key in the hidden form field. this way the user can not change the target ID. However you are not able to use the $form->populate($values) on this in one step. you would have to set the target value with other steps:
fetch data from the session
set the form element value with the fetched data
Today I'm looking for a recipe to force drupal to change a password on activation email page on first login.
I tried to alter my user_reset_pass form, and I know how to print password confirmation fields, but I don't have any idea how to override verification of that form to check if password is set and proper value.
Maybe You can give me some hints to do that?
Check this module out:
Force Password Change