I am using moodle 2.x for some testing courses.
I'd like to use one-time-password for moodle login.
That means when users login with certain password, then they can take exams in that session.
However if they close the window or login their account, they can't login again anymore. And if they want to continue to take another exam, the teacher or administrator will help them by provide another password or something like that help them to login again.
Thanks all,
Noat
Either you will have to write a new auth plugin or you can use
prelogout_hook()
https://docs.moodle.org/dev/Authentication_plugins#pre_loginpage_hook.28.29
to suspend the use account
Related
I need to implement a standard user registration/activation workflow with Firebase. There doesn't seem to be an obvious way to implement this. When I say "standard", I mean how most email/password accounts work - not necessarily specific to Firebase. I'm sure you're familiar with this. This is the workflow:
User enters their username/password on a form with some validation and submits details
The back-end creates the user record in the database, but the account remains deactivated (i.e. user cannot authenticate - the activated flag is set to false)
The back-end sends an email to the user with a link to activate the account
The user clicks the link in their email which triggers activation. This is probably a Web API of some description.
At this point, the user record's activated flag ticks over to true, and the user can now authenticate
The link probably also has a deep link that opens the app or navigates to a web page
The user can now log into the app
How do I configure Firebase to do all this?
Currently, the app allows the user to register. I am using the Flutterfire SDK. I call createUserWithEmailAndPassword, which successfully creates the user in Firebase. But, the user is already activated. The user should have a state of "disabled" in firebase until the account becomes activated. I can't find any settings to default the user to disabled when the account is first created.
I also managed to get Firebase to send out an activation email by calling sendSignInLinkToEmail, but this call is really designed for email authentication - not email activation. Opening the link should activate the account, but I have not figured out how to do this. This documentation makes it sound like it is possible. Perhaps, the Flutterfire SDK is missing this? I don't want to allow people to log in without a password. I only want to use this call to send out an email.
What am I missing here? Is this non-standard behavior for Firebase? If so, why? If the user is allowed to use an app with an email address that is not activated, they can impersonate someone else. We need to confirm at least that they are custodians of the email address that they are claiming to have.
Do other Firebase people just not worry about this?
Lastly, I know I can achieve this by creating a collection for users in Firebase and putting an "activated" flag there. But, if I do that, I've got to write a cloud function that accepts the link and then updates the user in the collection based on the received link. But I thought this would be automatic in Firebase. If Firebase doesn't have this built-in, I have to put all the security over the top to stop users from authenticating when they have not yet activated their account.
This is a pretty valid concern. I suppose the way around this is to check whether the signed-in user is verified whenever the app is launched. The User object that is returned from Firebase Auth has an emailVerified flag. Check this page for more details.
Using this flag you can choose to show a different screen or pop-up that has a button to send a verification link to the registered email address. Until the user verifies this address, you can limit access to some of the app's screens if you want.
Please note that I have not checked if this emailVerified flag is true for sign ups using Federated login providers like Google Sign-in and Apple Sign In. You might want to check that out.
I'm able to setup sugarcrm to my local machine. Also I've a bit of knowledge of studio. Now I've got a requirement like login to sugarcrm using google account. If user want to login to sugar he/she'll have to use his/her google credential. If the credential is correct and the email id matches with the email id for a user in user module, the he'll be able to login to sugar.
I'm pretty new to sugar so please provide help. Please write if the problem description is not clear to you.
Thanks
It sounds like your goal is to enable Google Authentication within SugarCRM, which would mean a rewrite of the entire login page and process. I think that's beyond the scope of a SO post, but I think you'd start here: https://code.google.com/p/google-authenticator/
SugarCRM does come equipped with the Zend Library, including a lot of classes for working with Google APIs, so that's a plus.
A simpler answer, if it meets requirements, is to set the Users' user_names to their google email addresses, either #gmail.com or #googleappdomain.com, whatever. The draw back here is that the accounts aren't actually linked with Google, so passwords won't stay in sync.
I'm about to use one of those multi-provider authentication frameworks Opauth or Hybridauth (don't know which is the best but I had a little preference for the second one) so the consequence is that I have to manage multi account.
In fact I already have my own account management (login+password+email) and I had last year facebook users. Now I will have to deal with Twitter account, linkedin account, etc...
So the question is easy : how to manage the username ?
For instance, John create a account on my site. So "John" login/username is taken. But if another John from Facebook then another one from Twitter arrive, what i'm supposed to do ?
In Stackoverflow (or elsewhere), what is the practice ?
I don't want a John write on the behalf of another John. Today with my own system, I verify that the login (username) is unique. If not I reject the user. But now ?
I thought that I can check the email but... I learnt that email address can't be the key because of Twitter that doesn't give it to you.
Hope I'm clear enough :)
regards
As you say it's not possible to just retrieve the username from different sources and just store it. I don't know how it is done here in stackoverflow but if you try to register the name is optional so probably it is not an unique key. I can't see the way to login with twitter here so I bet that email is a unique key.
I'll try to answer your question but I've only used facebook API so maybe this can't be done with others. I suppose that each API gives you something you can store in your database and use it later to identify your user against their API.
If you allow users to register with facebook (or gmail, twitter...)then you can use the next approaches (I'm sure there are few more):
They always login with facebook (or twitter, gmail...): you store a record for them inside your database with the key provided by the API and other useful info you can collect. As you said each API gives you different things so you have to think in advance what you really need to provide your users with a good experience: is their name needed? age? If you need more data than the provided by the API you should jump to the next approach or prefetch it and make it editable before. Here you don't ask your user for a password so they can only login with facebook not with a login form, if a user tries to authenticate with facebook (or twitter, gmail) again you know which key you have to look for and authenticate your use.
The can create an account and link it with facebook (or whatever): you ask for facebook permission and then prefill a form for them to provide the data that is missing (password, mail if they use twitter...) and then create the record storing the unique key provided by the API as well to proceed exactly as step 1 if they use their facebook accounts to login. If you asked for a password and an email they can use a standard login form as well.
You can use the first approach and ask the user to change the attribute that is in conflict with other user (name in your case) or even ask to fill what is missing depending on which social network they are using to sign in. You can use name+surname as username to reduce the colission possibility if this is what you want to store to identify your user.
Hope this helps
HybridAuth gives you an excellent way to integrate your site with the social media...
http://hybridauth.sourceforge.net/
This should also help...
At the moment I'm building a login Script on powershell basis.
This login script should be able to change the users Password on login and change it back to the original on logout.
Problem here being that I want to change a Password of a domain user, the same user as the one who is logged in obviously
Now I found some neat stuff like the old, net.exe. but it all says I don't have the rights to change the password in the Domain.
I really can't believe that this is something impossible cause the user himself can change the password too.
Otherwise I'd have to find out how to run a login script with a domain admin...
Edit:
ok I'll try to explain our setup we have a so called VMware View environment, in which every user can login once. now we have the problem that there are accounts with generally known passwords, and some people find it highly amusing to steal others sessions. I've thought about it and making a little script that changes and then resets the password would be a neat little solution. I hope I was of help^^
It would be really helpfull if I could get some thoughts on this
Thanks in advance
This link might help you.
Also, according to the link above, you need to be on the domain controller to use net to change password (or supply the "/domain" option).
I'm trying to make a login system for my cocoa app. How would I do this? I know it involves SQL, but I know nothing of SQL. I want the user to register or login. It would be easier if apple had a source code for this kind of thing, but I don't think they do.
Best Regards,
Kevin
Implement the login system on the server. Then all you have to worry about in your app is:
send them to your website via URL to
sign up
query for a name and password
if name and/or password is incorrect more than three times, go to 1
user is logged in. Do something.
You can also use the keychain on the iPhone to securely store and retrieve passwords. Here's excellent code from Sci-Fi Hi-Fi. You prompt for a password, store it securely in the keychain for later comparison. Pretty simple. Documentation on the site.