Jump to content

Demo with Login with e-mail confirmation


SergioFeitoza

Recommended Posts

18 hours ago, Ron said:

Here is an example with a login form, where the checking is done in uniMainModule.beforeLogin.

Token query is updated, had an error.

emailconfwithloginform.zip 58.6 kB · 10 downloads

Hi Ron  Thank you very much . Very useful implementation. I am using the idea to implement it here. Thanks a lot

Link to comment
Share on other sites

3 hours ago, SergioFeitoza said:

Hi Ron  Thank you very much . Very useful implementation. I am using the idea to implement it here. Thanks a lot

Hi Ron  This example is very didatic .  As I can not open the data base could you please confirm the fields of table TOKEn ?

I want to check if I am doinf something wrong in the queries 

INSERT into token values(0, now(), :token)

and 

SELECT ID from token where adddate(now(), interval 1 day)<now() AND token=:token

 

Edited by SergioFeitoza
last line seems strange
Link to comment
Share on other sites

17 hours ago, SergioFeitoza said:

Hi Ron  This example is very didatic .  As I can not open the data base could you please confirm the fields of table TOKEn ?

I want to check if I am doinf something wrong in the queries 

INSERT into token values(0, now(), :token)

and 

SELECT ID from token where adddate(now(), interval 1 day)<now() AND token=:token

 

Hi I am new in the use of tokens and when I put the  great second demo to work it sends the email ,correctly 

Then I receive the link  in an e-mail and click on it. Up to here everything is OK.

Then I receive a message "link expired or already in use". I think it is  because one of these two queries are not OK (for the duration of the link)

INSERT into token values(0, now(), :token)

SELECT ID from token where adddate(now(), interval 1 day)<now() AND token=:token

Supposing that I want to   have the confirmation link valid for only 15 minutes , what should I write in the function

adddate(now(), interval 1 day)  ?

Link to comment
Share on other sites

Just try to manually add a token to the db, using 

INSERT into token values(0, now(), 'test')

and then do a select on the same token, using

select id from token where created<adddate(now(), interval 15 minute) and token='test';

If you get a result id, then there is nothing wrong with the queries.

Since you get transported to the error page, a parameter is picked up during the beforeLogin event,
but I have no idea why the query does not return a result set. Try and remove the date criteria, like

select id from token where token=:token;

and see what happens.

Link to comment
Share on other sites

30 minutes ago, Ron said:

Just try to manually add a token to the db, using 


INSERT into token values(0, now(), 'test')

and then do a select on the same token, using


select id from token where created<adddate(now(), interval 15 minute) and token='test';

If you get a result id, then there is nothing wrong with the queries.

Since you get transported to the error page, a parameter is picked up during the beforeLogin event,
but I have no idea why the query does not return a result set. Try and remove the date criteria, like


select id from token where token=:token;

and see what happens.

Hi Ron  Thanks again.  SQLs are terrible but I cpould find errors and could even  make it to work in a "dirty" way. I used the code below. Now I am at the point of finding the rightplace tto put the lines in the end of this code (the part after the user click the link)

procedure TUniMainModule.UniGUIMainModuleBeforeLogin(Sender: TObject;
  var Handled: Boolean);
  var
    S1, S2, token  : string;
  begin
      token:= UniSession.UniApplication.Parameters.Values['token'];
      if length(token)>0 then
      begin
        with getTokenQuery do
        begin
    
          SQL.Clear;
          SQL.text:= 'SELECT * from tokens WHERE `dateexpire` >now() and  `token` = :token'          ;
          if active then close;
          ParamByName('token').AsString:=token;
 
          open;
          if not (recordCount=0) then
          begin
            handled:=true;
            newAccount:=true;
            //delete token from db...

          end else
          begin
            handled:=false;
            verifyError:=true;
            //will send to login form, with error tab selected
          end;
          close;
        end;
      end;

  end;

procedure TuniMainModule.saveToken;
begin
  //insert into token values(0, now(), :token);
  with saveTokenQuery do
  begin
    SQL.Clear;
    SQL.text:= 'INSERT INTO tokens (dateregister,dateexpire,token) VALUES (now(), now() + interval 1 hour, :token) '  ;

    paramByName('token').AsString:=token;
    ExecSQL;
  end;
end;

     {  Check the place to put this
       cpRegistro.Visible := false;
       cpAutenticacao.Visible := true;
       lblregistered.Visible:= True;

        case uniMainModule.verifyError of
          true: begin
                   //  pcMain.ActivePage:=tsReceivedError;
                    showMessage(' We are in the Experimental period and  may be a bug in the Register . Please write yp sergiofeitozacosta@gmail');
                end;
          false: begin
                  //  pcMain.ActivePage:=tsRegister;
                         cpRegistro.Visible := false;
                         cpAutenticacao.Visible := true;
                         lblregistered.Visible:= True;
                 end;
        end;
   }

Link to comment
Share on other sites

If there is an authentication or verification error, the user should always end up at the Login form.

So that is where you have to place whichever messages to such users, and specifically in the onShow event,
as it fires after the mainModule's beforeLogin event in case the return var handled is not set to true.

Link to comment
Share on other sites

15 minutes ago, Ron said:

If there is an authentication or verification error, the user should always end up at the Login form.

So that is where you have to place whichever messages to such users, and specifically in the onShow event,
as it fires after the mainModule's beforeLogin event in case the return var handled is not set to true.

Thanks Ron   I am doing some tests here and will comment at the end 

Link to comment
Share on other sites

When it comes to storing the user's first login information (email at least), there are basically two choices:

1. Not store the info in the db, but only in the link as a parameter, and then pick it up at verification and send it to the login form/complete account registration tab. 
But this makes it insecure, so token and email should really be encrypted into a single parameter and decrypted at verification. Or you can hash it, but then you need the original data to check the incoming hashed parameter, and that brings us to the next option.

2. Store the info in the db, with the token id, and look it up at verification, for instance in the login form after having fetched the token id in the mainModule.
Or you can store the account id in the token table and get it from there.

The point of email verification is of course to make sure the first registered email data is secured through the whole process.

Link to comment
Share on other sites

On 3/15/2021 at 12:31 PM, Ron said:

When it comes to storing the user's first login information (email at least), there are basically two choices:

1. Not store the info in the db, but only in the link as a parameter, and then pick it up at verification and send it to the login form/complete account registration tab. 
But this makes it insecure, so token and email should really be encrypted into a single parameter and decrypted at verification. Or you can hash it, but then you need the original data to check the incoming hashed parameter, and that brings us to the next option.

2. Store the info in the db, with the token id, and look it up at verification, for instance in the login form after having fetched the token id in the mainModule.
Or you can store the account id in the token table and get it from there.

The point of email verification is of course to make sure the first registered email data is secured through the whole process.

Thank you Ron for all the great  help    After some days I could implement and evething is working. Next Days I will post the link for accessing here during a free experimental period . Lets see how will move

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...