use php and mysql,
My situation: users register to the web by entering username, email, password , birthday, sex and then activate account by clicking the link in their mails. Email and password are used in the log-in process.In database,I also record IP address and date-time of registration.
The problem is some users registered too much accounts to do something on the web as I limited one account per one click. The easy way is to check their IP address is existed or not, but in some academy organisation or company use the same IP address for all computers.
How to limit their registration and not to effect everyone who are those in the same ip address?
Think of a way to block automatic registration. That's usually why you see the many registrations pattern. Robots crawl and register any site they find and can figure out.
I usually encode the FORM and use JS document.write() to print the form. Or use a hidden field filled by JS using and external obfuscated file. Or a CAPTCHA...
See if this does not fix your problem...
Related
Websites will often send notification emails from addresses like hello#example.com or no-reply#example.com. When these show up in Gmail / Inbox, they often have a name and an avatar associated, like this one from Zeplin:
I know if you're using Google Apps, as an administrator you could create a user called no-reply and set their avatar. But this also uses up one user slot which costs $5 / month. And I'm not sure if this technique works outside of Gmail or Inbox.
Are there other ways to set the avatar for automated email addresses?
Have a look at Gravatar.
What Is Gravatar?
An "avatar" is an image that represents you onlineāa little picture
that appears next to your name when you interact with websites.
A Gravatar is a Globally Recognized Avatar. You upload it and create
your profile just once, and then when you participate in any
Gravatar-enabled site, your Gravatar image will automatically follow
you there.
More info here:
https://en.gravatar.com/
This is the result for the email above.
A catch all email address allows you can receive the Gravatar activation emails for non existent email addresses.
Details for Google Apps:
Google Admin console
From the dashboard, click Apps, then click G Suite
Gmail
User settings.
Catch-all address section
TL;DR Get a verified Google+ Brand Page and enable DKIM authentication for any external service you send email through (ala Mailchimp).
These steps are not documented and Google themselves did not help. But, after implementing them, my business avatar started to appear for emails sent via Mailchimp or Mandrill or some such with a return email address of my domain.
1) Create a Google+ Brand Account page (https://support.google.com/plus/answer/1710600). You may already have one set up as part of general SEO, but you need one for the avatar to work. Make sure too, at the end of the process (which is again, is poorly documented) that on your Google+ brand page, you see the little verified badge next to your business name.
2) Set the avatar you want on your brand page.
3) From whatever external service you send email from, set up DKIM authentication for your domain. Google Inbox won't display an avatar if it detects the email as being sent 'on behalf' of your domain; the DKIM authentication will make Inbox believe your domain actually sent it, and then apply the avatar. (These instructions vary wildly depending on your email provider, but here are the ones for Mailchimp).
Go to https://myaccount.google.com/email
Click on "Advanced Settings" then on "Alternate Email".
Verify emails.
I am working on a web apps with Asp.Net (C#) and I have a problem like this:
I will sent out an email for more than one person and there is a link in the email. If user click on the link I want to retrieve the email address of the respondent (as query string or whatever).
Is it possible?
How should I do?
Thanks in advance.
If you generate the emails dynamically, you can add a token to the url that is unique to each email address you send to. Your landing page will use the tokens to register a hit to a database.
On another note, please remember to handle information like email addresses with great care (i.e. securely), for example when storing them in a database.
I have a web application that allows registration and authentication through Facebook, Google and Windows Live. Each OAuth request has the required scope to retrieve associated e-mail addresses from the authentication provider.
The current situation is that an account is created based on the provider and the provided identifier. This means that if a user has logged in with multiple providers the user will have multiple accounts on the web application.
I want to have the ideal situation of having a single acccount even when using multiple providers. I was thinking about using the e-mail addresses to see if an account exists for the user. If it exists, use the account based on the e-mail address.
How safe/reliable is this? Do all OAuth providers mentioned validate e-mail addresses? Better ways?
EDIT: Ran a tests and came up with this. Still looking for further advice :)
FaceBook: Cannot authenticate with unvalidated e-mail. Additional e-mail will not appear until validated.
Google: Provides `verified_email`. Additional e-mail will not appear until validated.
Windows Live: Cannot authenticate with unvalidated e-mail. Additional e-mail will not appear until validated.
Interesting question. You could try to use e-mail to check if user exists, but the problem is, user could be using different e-mail addresses for different providers.
My suggestion would be asking user (once he/she logs into your application using one of the methods) to attach other providers to to this account, so he/she can use them as well to log into your application.
It doesn't completely solve your problem (I'm not sure if solution exists), but user will have more control that way and you'll reduce the amount of accounts per user.
The problem is -
" I have to design one website, which will contain number of blocks. Each block will refer to different email client. That means, a user of this site can see his/her all mail clients in one one blocks."
The user will provide his/her existing mail clients information (Username and Password) at the time of registering into this site.
So, when user comes to the site he will login by providing username and password of this site (and not with user name or password of any of his mail clients) and he will see his home page containing all his existing mail clients opened directly in one one block (without logging in to any of the mail client).
Basically, this website will help the user to use all mail clients in one page.
Will anybody suggest how to do this task ?
It will be better if working codes will be provided.
This sounds quite difficult - you will need to make a good web mail client, and it is very hard to compete with the existing services in this area. For instance, it would be hard to make a webmail client as good as the one gmail has.
If you can make a good webmail client, the rest is quite easy - the user would give login details for POP/IMAP services for each of their email services, and then you could make your server log in to each of them and pull back any mail to display.
It may be easier for you to purchase existing webmail client software, and then wire it up to a database containing user login details to make the website you require.
I've used this component in the past and may help with sending and reading emails/attachement from a variety of sources.
Rebex.net
my question is about the workflow of a web registration.
1) register with email + basic data
2) activate the account with a special secret link <- is this necessary?
3) allow the user to log in to the system
EDIT: I want to make the process as simple as possible without a password to choose/remember.
In more detail:
After a user is registering on a web site I sent out a confirmation with a generated password to login on the site and proceed.
Many sites sent an activation link first and then allow logging in to the system.
Is there any reason to do this additional step when I generate the password and sent it out to the user?
Thanks for your answers.
Is there any reason to do this additional step when I generate the password and sent it out to the user?
To ensure that the provided email address exists, and belongs to the person who registered the account.
I've noticed an increasing number of websites which skip this step. It seems to be a trend.
The purpose of the activation link is to guarentee that the email address provided by the user is one to which they have access. If you are generating a password and sending it via email to the user's email address, then the link is not required (because them logging in means that they read your email).
However, email is generally not a secure way to distribute information over the internet. You are sending them the password in plaintext, and you do not know how many people have access to that email account (e.g. a shared family account). I think you would be better off allowing the user to choose their own password at registration and then send them a link (offer to generate a password for them on the registration page, if you really believe that generating it is better).
The validation of an email account is usually to help prevent someone creating numerous accounts. This helps prevents spammers and various other bad people from attacking your site from different accounts.
In general you're trying to ensure that the person is who they say they are and that you have an outside means of communicating with them.
1 - to ensure that the email is belong to the registerd user.
2 - to make it harder to the people want to create many accounts (like forums where a single person have so many accounts to use them in voting or somthing).
I remembered a funny site that gives you a 10 minutes email , just to skip the process of creating a new email or even spamming your email by the sites you've registered in.
This way you make sure that the email address is valid and it will be more difficult for a spider to generate many users than without this step. Also, you might do a lot of things in your database when a user is registered and you can do these after the user is validated, to save time by not creating extra traffic on your database server for fake users.