SergioFeitoza Posted March 10, 2021 Share Posted March 10, 2021 Do you know any Unigui demo of a login + register system with e-mail confirmation? Quote Link to comment Share on other sites More sharing options...
fraxzi Posted March 10, 2021 Share Posted March 10, 2021 I am also looking for this example. Quote Link to comment Share on other sites More sharing options...
Ron Posted March 11, 2021 Share Posted March 11, 2021 I've made an example project, hope it helps. The basic idea is to send a special link, which expires, and pick it up as the app loads. emailconf.zip 1 Quote Link to comment Share on other sites More sharing options...
Ron Posted March 11, 2021 Share Posted March 11, 2021 Here is an example with a login form, where the checking is done in uniMainModule.beforeLogin. Token query is updated, had an error. emailconfwithloginform.zip 2 Quote Link to comment Share on other sites More sharing options...
SergioFeitoza Posted March 12, 2021 Author Share Posted March 12, 2021 18 hours ago, Ron said: Here is an example with a login form, where the checking is done in uniMainModule.beforeLogin. Token query is updated, had an error. emailconfwithloginform.zip 58.6 kB · 10 downloads Hi Ron Thank you very much . Very useful implementation. I am using the idea to implement it here. Thanks a lot Quote Link to comment Share on other sites More sharing options...
SergioFeitoza Posted March 12, 2021 Author Share Posted March 12, 2021 URL with parameters - General - uniGUI Discussion Forums Quote Link to comment Share on other sites More sharing options...
SergioFeitoza Posted March 12, 2021 Author Share Posted March 12, 2021 (edited) 3 hours ago, SergioFeitoza said: Hi Ron Thank you very much . Very useful implementation. I am using the idea to implement it here. Thanks a lot Hi Ron This example is very didatic . As I can not open the data base could you please confirm the fields of table TOKEn ? I want to check if I am doinf something wrong in the queries INSERT into token values(0, now(), :token) and SELECT ID from token where adddate(now(), interval 1 day)<now() AND token=:token Edited March 12, 2021 by SergioFeitoza last line seems strange Quote Link to comment Share on other sites More sharing options...
SergioFeitoza Posted March 13, 2021 Author Share Posted March 13, 2021 17 hours ago, SergioFeitoza said: Hi Ron This example is very didatic . As I can not open the data base could you please confirm the fields of table TOKEn ? I want to check if I am doinf something wrong in the queries INSERT into token values(0, now(), :token) and SELECT ID from token where adddate(now(), interval 1 day)<now() AND token=:token Hi I am new in the use of tokens and when I put the great second demo to work it sends the email ,correctly Then I receive the link in an e-mail and click on it. Up to here everything is OK. Then I receive a message "link expired or already in use". I think it is because one of these two queries are not OK (for the duration of the link) INSERT into token values(0, now(), :token) SELECT ID from token where adddate(now(), interval 1 day)<now() AND token=:token Supposing that I want to have the confirmation link valid for only 15 minutes , what should I write in the function adddate(now(), interval 1 day) ? Quote Link to comment Share on other sites More sharing options...
Ron Posted March 14, 2021 Share Posted March 14, 2021 Just try to manually add a token to the db, using INSERT into token values(0, now(), 'test') and then do a select on the same token, using select id from token where created<adddate(now(), interval 15 minute) and token='test'; If you get a result id, then there is nothing wrong with the queries. Since you get transported to the error page, a parameter is picked up during the beforeLogin event, but I have no idea why the query does not return a result set. Try and remove the date criteria, like select id from token where token=:token; and see what happens. Quote Link to comment Share on other sites More sharing options...
SergioFeitoza Posted March 14, 2021 Author Share Posted March 14, 2021 30 minutes ago, Ron said: Just try to manually add a token to the db, using INSERT into token values(0, now(), 'test') and then do a select on the same token, using select id from token where created<adddate(now(), interval 15 minute) and token='test'; If you get a result id, then there is nothing wrong with the queries. Since you get transported to the error page, a parameter is picked up during the beforeLogin event, but I have no idea why the query does not return a result set. Try and remove the date criteria, like select id from token where token=:token; and see what happens. Hi Ron Thanks again. SQLs are terrible but I cpould find errors and could even make it to work in a "dirty" way. I used the code below. Now I am at the point of finding the rightplace tto put the lines in the end of this code (the part after the user click the link) procedure TUniMainModule.UniGUIMainModuleBeforeLogin(Sender: TObject; var Handled: Boolean); var S1, S2, token : string; begin token:= UniSession.UniApplication.Parameters.Values['token']; if length(token)>0 then begin with getTokenQuery do begin SQL.Clear; SQL.text:= 'SELECT * from tokens WHERE `dateexpire` >now() and `token` = :token' ; if active then close; ParamByName('token').AsString:=token; open; if not (recordCount=0) then begin handled:=true; newAccount:=true; //delete token from db... end else begin handled:=false; verifyError:=true; //will send to login form, with error tab selected end; close; end; end; end; procedure TuniMainModule.saveToken; begin //insert into token values(0, now(), :token); with saveTokenQuery do begin SQL.Clear; SQL.text:= 'INSERT INTO tokens (dateregister,dateexpire,token) VALUES (now(), now() + interval 1 hour, :token) ' ; paramByName('token').AsString:=token; ExecSQL; end; end; { Check the place to put this cpRegistro.Visible := false; cpAutenticacao.Visible := true; lblregistered.Visible:= True; case uniMainModule.verifyError of true: begin // pcMain.ActivePage:=tsReceivedError; showMessage(' We are in the Experimental period and may be a bug in the Register . Please write yp sergiofeitozacosta@gmail'); end; false: begin // pcMain.ActivePage:=tsRegister; cpRegistro.Visible := false; cpAutenticacao.Visible := true; lblregistered.Visible:= True; end; end; } Quote Link to comment Share on other sites More sharing options...
Ron Posted March 15, 2021 Share Posted March 15, 2021 If there is an authentication or verification error, the user should always end up at the Login form. So that is where you have to place whichever messages to such users, and specifically in the onShow event, as it fires after the mainModule's beforeLogin event in case the return var handled is not set to true. Quote Link to comment Share on other sites More sharing options...
SergioFeitoza Posted March 15, 2021 Author Share Posted March 15, 2021 15 minutes ago, Ron said: If there is an authentication or verification error, the user should always end up at the Login form. So that is where you have to place whichever messages to such users, and specifically in the onShow event, as it fires after the mainModule's beforeLogin event in case the return var handled is not set to true. Thanks Ron I am doing some tests here and will comment at the end Quote Link to comment Share on other sites More sharing options...
Ron Posted March 15, 2021 Share Posted March 15, 2021 When it comes to storing the user's first login information (email at least), there are basically two choices: 1. Not store the info in the db, but only in the link as a parameter, and then pick it up at verification and send it to the login form/complete account registration tab. But this makes it insecure, so token and email should really be encrypted into a single parameter and decrypted at verification. Or you can hash it, but then you need the original data to check the incoming hashed parameter, and that brings us to the next option. 2. Store the info in the db, with the token id, and look it up at verification, for instance in the login form after having fetched the token id in the mainModule. Or you can store the account id in the token table and get it from there. The point of email verification is of course to make sure the first registered email data is secured through the whole process. Quote Link to comment Share on other sites More sharing options...
SergioFeitoza Posted March 21, 2021 Author Share Posted March 21, 2021 On 3/15/2021 at 12:31 PM, Ron said: When it comes to storing the user's first login information (email at least), there are basically two choices: 1. Not store the info in the db, but only in the link as a parameter, and then pick it up at verification and send it to the login form/complete account registration tab. But this makes it insecure, so token and email should really be encrypted into a single parameter and decrypted at verification. Or you can hash it, but then you need the original data to check the incoming hashed parameter, and that brings us to the next option. 2. Store the info in the db, with the token id, and look it up at verification, for instance in the login form after having fetched the token id in the mainModule. Or you can store the account id in the token table and get it from there. The point of email verification is of course to make sure the first registered email data is secured through the whole process. Thank you Ron for all the great help After some days I could implement and evething is working. Next Days I will post the link for accessing here during a free experimental period . Lets see how will move Quote Link to comment Share on other sites More sharing options...
Ron Posted March 21, 2021 Share Posted March 21, 2021 Looking forward to check it out ! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.