I am a beginner programmer who has completed a Ruby on Rails bootcamp, but I have very little experience with PHP. I currently am developing an company training course using Moodle, and one of the requirements of the site is that each user will have their username and password displayed for them on a certain page in the course so that they can access a course-related App on their mobile devices. I have looked through the MoodleDocs and found nothing. Is there a way to do this?
No is the simple answer, the password is stored in the db using a md5 or sha1 hash, so its pretty much impossible to extract the password.
If you need to connect to another app, then use one of the external authentication methods.
If the database is on the same server then external database authentication is probably the easiest to set up
https://docs.moodle.org/27/en/External_database_authentication
You can show the users username using the global variable $USER
$USER->username;
But as others suggested is impossible to show password in clean text to the user.
Maybe Moodle Web services can help you achieve what you need
You can't access password as it is encrypted with md5 and sha1.
But, from what I understood from your question is that you want to authenticate user through your app on moodle. For this, you can take use moodle web services and moodle's auth plugins.
If you want to display the current user's username, you can do as follows:
global $USER;
echo $USER->username;
Related
I am using mongo db to store user data, their passwords. I have two ways of creating an account:
Regular sign up when user selects username and password and
Sign up using facebook log in.
Now, when I have regular sign up, password and username should be required, but using facebook log in they are not, so I am wondering how I should now design a schema for the users model to include both cases?
The most obvious way seems like to have two different models: users_facebook and users_regular, but is it the right way to go? Why or why not? It could also be users_auth (auth data only for users who signed up manually) and users_data (both users' types data). There is also something like MongoDB Facebook Stitch that is somehow used for the purpose it seems, although I do not get what it is. I am very new to databases and not sure which is the right way to go. The problem seems though pretty trivial.
Working on a new app and have some testers using it. One of them forgot their password and my partner made a mistake and changed the password for that user to something in plaintext from mLab. We usually make password changes (for now, until we build the password reset logic) in parse dashboard directly: enter in a password in plaintext, it's hashed automatically.
When we try to load the User collection in Parse Dashboard to make the change to the password and hash it accordingly, the User collection doesn't load. The other collections load just fine though.
I've tried updating my parse dashboard version since I was running a slightly older version, but that didn't work either.
Any advice on a fix?
I'm creating a simple React-Redux Blog website. So these days i was searching and searching how to do user authentication, and i couldn't find nothing helpful, there were only auth with JWT token, which for me at this moment is really hard to understand so i came to idea, which i don't know is it good or no, so i want to hear more about it.
WHY am i doing this? Because i already made more than half website, but made mistake at beginning because i did simpliest possible auth with local storage, which is really bad...
So idea is to user register with Firebase with email and password.
Then will be created a user in Mongo with unique email(which i will use as ID), and empty other data like username, about section etc, which are not required and which user enters later. So Firebase is only for user login and sign up...
After login i am checking if user is authorized with checking if email in state provided by redux is empty... If is some value in it then i will allow user to do some stuff around...
So i am wondering how i'm gonna deploy it on web and will it work... Any suggestion?
We are using identityserver3 and membership reboot for authentication in our application.
We now have a requirement to change the UserName Email and Reset Users Passwords form an Admin area in our application. I have seen Identity Manager but that seems to not be what I'm looking for. From reading Membership Reboot Wiki it seems to support everything that I would want to do. I just don't have a clue what the implementation for this would look like.
My thought is that we would call into our API where we know that the user is authenticated and then just call into the MembershipReboot API to take care of the task at hand be it changing UserName or Email or Reset Password.
But like I said I'm not sure. Should we be using Identity Manager middleware? It feels like that isn't the answer as we are writing our own admin interface and from what I could see it is't supporting a password reset via email and the MembershipReboot API says that it does.
Or should we be calling back into our Identity server and making the change? It feels like no because that is for logging into the applications.
Yes, you need to create your own code to allow users to update their demographic info including email and password.
You need to use the UserAccountService -> This code I am using my own CustomUser where I store all the information that would normally be stored in the UserAccount Table
_userAccountService = new UserAccountService<CustomUser>(new CustomUserRepository(new CustomDatabase()));
Then use:
_userAccountService.ChangeEmailRequest();
_userAccountService.ChangeUsername();
_userAccountService.ChangePassword();
If you prefer to have users do this from an email (use when they are not logged in)
_userAccountService.ChangePasswordFromResetKey()
I'm looking at this too but haven't actually implemented it yet. Yes I think you are right that you need to call into the MembershipReboot API yourself. There are methods on the UserAccountService class to perform these functions. See the sample SingleTenantOwinSystemWeb in the MembershipReboot source code.
The IdentityManager functionality is limited but useful for developers to set up users with roles & claims etc for testing, or as a basic Admin tool.
Can anyone think of a neat solution for this; we operate an website service and sell to large organisations. Rather than have a logon for everyone, we'd like to be able to provide a direct link to our website from the organisation's Intranet page. We'd then like to check the referrer and if it's in our listed of 'trusted referrers', i.e. the intranet url, then we grant logon without asking for credentials.
I'm aware you can do $_SERVER['HTTP_REFERER']; to get the referrer, but I'm also aware that can be spoofed. Can anyone think of how we could achieve what we want, but while also guaranteeing it won't be hackable?
Thanks in advance
It's not exectly what you want, but to make logging on easier and ensure you don't need to store all the passwords you could use, for example, OpenID.
I think that there is no perfect and safe solution for this.
One solution would be to append tokens to the urls. It will work and it will be save, but anyone who knows the link (including token) will be able to login as that organization
Another solution would be to check the source ip. This can be done in different ways *apache, load balancer, app, etc).
Also a combination of token + ip could work (this token for that organization but only if the request comes from allowed_ips for that organization)
A more elegant solution (which I implemented for several big companies) would be to integrate you website login with the active record domain login. It is possible to use the current user window login as login into a website, using domain authorization. If a user is logged in into a domain, when enters your site will automatically login to the website.
This solution is much more easy to implement than it sounds. But, requires Active directory and workstation that connects to a domain to be in the company (this shouldn't be a problem, most of corporations are using windows on workstations and active directory for domain controller). Also is working best on IE only (direct login to the website). On other browsers the domain login popup will appear and user will have to enter again the domain password.
Also, I am pretty sure that can be made to work on linux environments, but I have no idea how.