- Forums
- Support and Presales
- Developer Members Support
- [SOLVED] Password retrieval and cb auto actions
[SOLVED] Password retrieval and cb auto actions
- activha
- ONLINE
-
Platinum Member
- Posts: 2270
- Thanks: 113
- Karma: 13
7 years 3 months ago - 7 years 3 months ago #290083
by activha
[SOLVED] Password retrieval and cb auto actions was created by activha
Hello
We use auto actions with OnAfterUpdateUser and OnAfterUserUpdate to update password and username of a connected and registered user (both on CB and on PAP).
For old users, we use OnBeforeUserProfileEditDisplay to check if it belongs to our PAP application and if not, we register the user on PAP before showing the profile.
When an old user has forgotten its password and tries to retrieve it, CB does not check the PAP belonging and then the OnBeforeUserProfileEditDisplay auto action for registration is not fired.
What trigger can we use for forgotten password or forgotten username to trigger this code auto action before the password/username is updated ?
Thanks in advance
Jean
We use auto actions with OnAfterUpdateUser and OnAfterUserUpdate to update password and username of a connected and registered user (both on CB and on PAP).
For old users, we use OnBeforeUserProfileEditDisplay to check if it belongs to our PAP application and if not, we register the user on PAP before showing the profile.
When an old user has forgotten its password and tries to retrieve it, CB does not check the PAP belonging and then the OnBeforeUserProfileEditDisplay auto action for registration is not fired.
What trigger can we use for forgotten password or forgotten username to trigger this code auto action before the password/username is updated ?
Thanks in advance
Jean
Last edit: 7 years 3 months ago by krileon. Reason: Added [SOLVED] tag to subject
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68492
- Thanks: 9080
- Karma: 1434
7 years 3 months ago #290093
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Password retrieval and cb auto actions
onBeforeUsernameReminder is fired just before the lost username email is sent and onBeforeNewPassword (new password is var2) is fired just before the lost password email is sent (and before password is actually changed). Both contain the user objects. There's no trigger earlier than that that contains the user object for the forgot login process. Note this process does not change usernames. It just sends you an email with what your username is. Password does indeed change.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- activha
- ONLINE
-
Platinum Member
- Posts: 2270
- Thanks: 113
- Karma: 13
7 years 3 months ago #290110
by activha
Replied by activha on topic Password retrieval and cb auto actions
Thanks for that ! 
Just a quick question, is the password in the user object if we want to update our PAP user registration without the user changing its password ?
For now we use a temp CB field where we store the first password to be able to send it to PAP if it's needed, but it does not seem the best way.
If we could just send the password when needed to another app that would be much better
Just a quick question, is the password in the user object if we want to update our PAP user registration without the user changing its password ?
For now we use a temp CB field where we store the first password to be able to send it to PAP if it's needed, but it does not seem the best way.
If we could just send the password when needed to another app that would be much better
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68492
- Thanks: 9080
- Karma: 1434
7 years 3 months ago #290123
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Password retrieval and cb auto actions
On that trigger [var2] is the randomly generated plaintext password that it'll reset their password to. The user object password value will either be null or encrypted already most likely.Just a quick question, is the password in the user object if we want to update our PAP user registration without the user changing its password ?
I really hope you're not storing plain text passwords. If you are I strongly urge you to remove that usage and find a better way. A lot of people, frustratingly, use the same password for several accounts. Storing anyone's password in plaintext is a massive security vulnerability. Even temporarily is a bad idea. What is your PAP integration doing that it needs the users password?For now we use a temp CB field where we store the first password to be able to send it to PAP if it's needed, but it does not seem the best way.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- activha
- ONLINE
-
Platinum Member
- Posts: 2270
- Thanks: 113
- Karma: 13
7 years 3 months ago #290161
by activha
We did store plain text passwords to log users to PAP until we found this post that they wrote recently.
So now we only need to create a randomly generated password for registering users to PAP after their first successful registration to CB
We talked about it a couple of years ago and you suggested to store the password temporarily in a cb field [cb_passaffiliation], so we used until now :
But I think that maybe we could retrieve the CB password with var_ ? so that PAP and CB password are in sync at least at the registration process.
Replied by activha on topic Password retrieval and cb auto actions
I really hope you're not storing plain text passwords. If you are I strongly urge you to remove that usage and find a better way. A lot of people, frustratingly, use the same password for several accounts. Storing anyone's password in plaintext is a massive security vulnerability. Even temporarily is a bad idea. What is your PAP integration doing that it needs the users password?
We did store plain text passwords to log users to PAP until we found this post that they wrote recently.
So now we only need to create a randomly generated password for registering users to PAP after their first successful registration to CB
We talked about it a couple of years ago and you suggested to store the password temporarily in a cb field [cb_passaffiliation], so we used until now :
include_once('/var/www/html/affiliation/api/PapApi.class.php');
$Juser = CBuser::getUserDataInstance( '[user_id]' );
// convert the user parameters to a format for the external application
$args = array();
$args['email'] = "[EMAIL]";
$args['fname'] = "[firstname]";
$args['lname'] = "[lastname]";
$args['refid'] = "[USERNAME]";
$args['parentuserid'] ="[cb_parrain]";
$args['password'] = "[cb_passaffiliation]";
$args['data3'] = "[cb_address]";
$args['data4'] = "[city]";
$args['data6'] = "[cb_pays]";
$args['data7'] = "[zipcode]";
$args['data13'] = "[user_id]";
// params info
$pap4Username = "xxxx";
$pap4Pwd = "xxxx";
$pap4Url = str_replace( 'https', 'http', '[cb:config param="live_site" /]' ) . '/affiliation/scripts/server.php';
try {
$session = new Gpf_Api_Session($pap4Url);
if (!$session->login($pap4Username, $pap4Pwd)) {
die("Please contact affiliate manager. Error message: ".$session->getMessage());
}
//try to load referer
if("[cb_codeparrainpartenaire]") {
$PaPid = new Pap_Api_Affiliate($session);
$PaPid->setUserid("[cb_codeparrainpartenaire]");
try {
$PaPid->load();
if ($PaPid) {
//set the correct parent
$args['parentuserid'] = "[cb_codeparrainpartenaire]";
//reset PAPVisitorID cookies to erase them.
CBCookie::setcookie( 'PAPVisitorId', '' , time(), '/', '.activ-ha.com');
CBCookie::setcookie( 'PAPVisitorId', '' , time(), '/', 'activ-ha.com');
// register click to the right referer
$referer = $PaPid->getRefid();
$clickTracker = new Pap_Api_ClickTracker($session);
$clickTracker->setAccountId('default1');
try {
$clickTracker->setAffiliateId($referer);
$clickTracker->track();
$clickTracker->saveCookies();
} catch (Exception $e) {
die("Erreur sur le tracking. Erreur message: ".$e->getMessage());
}
}
}
catch (Exception $e) {
$args['parentuserid'] = "[cb_parrain]";
//erase wrong code for not giving wrong commissions on autoaction following
$Juser->cb_codeparrainpartenaire = "[cb_parrain]";
//$Juser->storeDatabaseValue( 'cb_codeparrainpartenaire', '' );
$Juser->store();
}
}
// create new affiliate
$affiliate = new Pap_Api_Affiliate($session);
$affiliate->setUsername($args["email"]);
$affiliate->setPassword($args["password"]);
$affiliate->setFirstname($args["fname"]);
$affiliate->setLastname($args["lname"]);
$affiliate->setRefid($args["refid"]);
$affiliate->setParentUserId($args['parentuserid']);
$affiliate->setData(3,$args["data3"],Pap_Api_Affiliate::OPERATOR_EQUALS );
$affiliate->setData(4,$args["data4"],Pap_Api_Affiliate::OPERATOR_EQUALS );
$affiliate->setData(6,$args["data6"],Pap_Api_Affiliate::OPERATOR_EQUALS );
$affiliate->setData(7,$args["data7"],Pap_Api_Affiliate::OPERATOR_EQUALS );
$affiliate->setData(13,$args["data13"],Pap_Api_Affiliate::OPERATOR_EQUALS );
if(!$affiliate->add()) {
die("Erreur sur le parrainage, merci de contacter votre affiliate manager. Erreur message: ".$affiliate->getMessage());
}
else {
// echo("Affiliate successfully added");
$referer = htmlspecialchars($affiliate->getUserid());
$Juser->cb_refid = $referer;
//$Juser->storeDatabaseValue( 'cb_refid', $referer );
}
}
catch(Exception $e) {
die("PAP4 API call error, merci de contacter votre affiliate manager. Erreur message: ".$e->getMessage());
}But I think that maybe we could retrieve the CB password with var_ ? so that PAP and CB password are in sync at least at the registration process.
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68492
- Thanks: 9080
- Karma: 1434
7 years 3 months ago #290210
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Password retrieval and cb auto actions
If the password is just for the sake of creating the user then just give the plaintext password to PAP when needed so it can update their affiliate profile with the appropriate password. I assume the API wants plaintext which it will then encode into whatever encoding PAP uses. In this case you do not and should not be storing the password to a plaintext field (please.. for the sake of your users and your legal liability remove that now).
"Note: Do NOT use method setPassword as one of the parameters when loading affiliate. Loading affiliate by his password is not permitted (reasonable)."
According to their API you don't need password at all for the sake of loading affiliates or interacting with them in any way. The password is set to allow them to manually login to their PAP affiliate account. This means you can set the password to [password] on the after registration trigger, the after profile update trigger (only if [var1_password] is not equal to [var3_password]), and onBeforeNewPassword (use [var2] instead of [password]).
The alternative is to send them a password reminder using PAP API after creating them as per the following documentation and keeping the two password separate.
support.qualityunit.com/505211-Send-password-reset-email-to-affiliate
"Note: Do NOT use method setPassword as one of the parameters when loading affiliate. Loading affiliate by his password is not permitted (reasonable)."
According to their API you don't need password at all for the sake of loading affiliates or interacting with them in any way. The password is set to allow them to manually login to their PAP affiliate account. This means you can set the password to [password] on the after registration trigger, the after profile update trigger (only if [var1_password] is not equal to [var3_password]), and onBeforeNewPassword (use [var2] instead of [password]).
The alternative is to send them a password reminder using PAP API after creating them as per the following documentation and keeping the two password separate.
support.qualityunit.com/505211-Send-password-reset-email-to-affiliate
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
The following user(s) said Thank You: activha
Please Log in to join the conversation.
Moderators: beat, nant, krileon
- Forums
- Support and Presales
- Developer Members Support
- [SOLVED] Password retrieval and cb auto actions
Time to create page: 1.959 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Developer Members Support
- [SOLVED] Password retrieval and cb auto actions