Default Password and Redirect
- PaceOnline
- OFFLINE
-
Premium Member
- Posts: 104
- Thanks: 2
- Karma: 0
11 months 5 days ago #333853
by PaceOnline
Default Password and Redirect was created by PaceOnline
Background: I have 2 systems on 1 database, CB powered Joomla is one and the other is a PHP-MySQL web app with its own users table. When someone signs up for my subscription plan they must be added to this other users table as well. I use the SQL integration to achieve this and that works. The problem is the password - I have no way of knowing how the password is hashed on the other system so I have created a workaround. I have a number of default passwords whose hashes I got from manually signing up on the other system. I set cb to generate passwords and then I use an auto action to set the password and also set the corresponding hash to a field cb_spook during registration. This is the auto action so far;
Global
Triggers: onStartSaveUserRegistration
Type: Code
User: Automatic
Access: Everybody
Action
Mode: PHP
{
$password = '523641';
$spook = '89cfe56872b9051c68dd0e29bcb6990488047881';
$variables->set( 'password', $password);
$variables->set( 'cb_spook', $spook);
}
The result of this is that an email with the following details is sent to the user;
Name: Test Person1
Username: Test Person1
Password: $2y$10$646yaxmm.onnHWOvWOxgM.Nzl196k5SW1eqt6JAhg7xI6T/ocYU/a
I need to adjust the auto action firstly so the correct password is sent to the user and secondly so that instead of having a single default password the auto action chooses the default randomly from an array of password - hash values.
Global
Triggers: onStartSaveUserRegistration
Type: Code
User: Automatic
Access: Everybody
Action
Mode: PHP
{
$password = '523641';
$spook = '89cfe56872b9051c68dd0e29bcb6990488047881';
$variables->set( 'password', $password);
$variables->set( 'cb_spook', $spook);
}
The result of this is that an email with the following details is sent to the user;
Name: Test Person1
Username: Test Person1
Password: $2y$10$646yaxmm.onnHWOvWOxgM.Nzl196k5SW1eqt6JAhg7xI6T/ocYU/a
I need to adjust the auto action firstly so the correct password is sent to the user and secondly so that instead of having a single default password the auto action chooses the default randomly from an array of password - hash values.
Please Log in to join the conversation.
krileon
Team Member- OFFLINE
- Posts: 68492
- Thanks: 9080
- Karma: 1434
11 months 4 days ago - 11 months 3 days ago #333857
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Default Password and Redirect
I would recommend finding out what hashing method your web app is using so you can properly generate their passwords.
The onStartSaveUserRegistration trigger doesn't have any user data at this point. I suggest instead using the following triggers.
Registration
Backend: onAfterNewUser
Frontend: onAfterUserRegistration
You'll be able to get the users plaintext password during those using [password]. You can then hash it based off the web apps hashing behavior so their password is consistent across both systems. You can update the password during profile edit as well. So to cover those cases you'll need the below triggers.
Profile Edit
Backend: onAfterUpdateUser
Frontend: onAfterUserUpdate
For those you'll want to create a condition to check var1_password against var2_password to make sure the password changed. This should allow you to properly keep the systems in sync.
The better way to usually do this is extending the authentication process of your web app. So if the user tries to login and that user doesn't exist in the web app database try to login to your Joomla database with the credentials they supplied and if that was a success create them in the web app database and log them in. This is doable using the Login / Logout auto action as it can be used as an API endpoint. Example as follows.
Global
Triggers: None
Type: Login / Logout
User: Automatic
Access: Everybody
Action
Mode: Login
Method: Username
Username: [post_username]
Password: [post_password]
Force Login: Yes
Redirect: none
Output
Display: JSON
Layout:
Method: PHP
Substitutions: Yes
Your web app would just send a POST to this auto action and it'd return the JSON from the Layout. You can add as much user information as you need there. Since they've submitted a POST to the webapp with their plaintext password you'll be able to push that, hashed of course, into the web app database as well.
If you still want to just have it pick from some random passwords then simply add that to your PHP. You can call $user->getRandomPassword() for CB to generate a random password for you as well.
The onStartSaveUserRegistration trigger doesn't have any user data at this point. I suggest instead using the following triggers.
Registration
Backend: onAfterNewUser
Frontend: onAfterUserRegistration
You'll be able to get the users plaintext password during those using [password]. You can then hash it based off the web apps hashing behavior so their password is consistent across both systems. You can update the password during profile edit as well. So to cover those cases you'll need the below triggers.
Profile Edit
Backend: onAfterUpdateUser
Frontend: onAfterUserUpdate
For those you'll want to create a condition to check var1_password against var2_password to make sure the password changed. This should allow you to properly keep the systems in sync.
The better way to usually do this is extending the authentication process of your web app. So if the user tries to login and that user doesn't exist in the web app database try to login to your Joomla database with the credentials they supplied and if that was a success create them in the web app database and log them in. This is doable using the Login / Logout auto action as it can be used as an API endpoint. Example as follows.
Global
Triggers: None
Type: Login / Logout
User: Automatic
Access: Everybody
Action
Mode: Login
Method: Username
Username: [post_username]
Password: [post_password]
Force Login: Yes
Redirect: none
Output
Display: JSON
Layout:
return json_encode( [ 'logged_in' => ( (int) '[data1_user_id]' > 0 ), 'user_id' => (int) '[data1_user_id]' ] );Method: PHP
Substitutions: Yes
Your web app would just send a POST to this auto action and it'd return the JSON from the Layout. You can add as much user information as you need there. Since they've submitted a POST to the webapp with their plaintext password you'll be able to push that, hashed of course, into the web app database as well.
If you still want to just have it pick from some random passwords then simply add that to your PHP. You can call $user->getRandomPassword() for CB to generate a random password for you as well.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 11 months 3 days ago by krileon.
Please Log in to join the conversation.
- PaceOnline
- OFFLINE
-
Premium Member
- Posts: 104
- Thanks: 2
- Karma: 0
11 months 3 days ago #333866
by PaceOnline
Replied by PaceOnline on topic Default Password and Redirect
I have disabled all auto actions I have just cb subs running with the random password generation on but I am still getting passwords like this $2y$10$clTH7exBsXxWD8pPDdQXt.MkxGeHqcCrBLSO.FHjETyDCnLR4PDMu
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68492
- Thanks: 9080
- Karma: 1434
11 months 3 days ago #333868
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Default Password and Redirect
Passwords are encrypted. You can't get plaintext passwords except at very specific times in CB. That would be right when they're logging in, right after registration (see registration triggers in my above reply), and right after profile edit if their password was changed (see profile edit triggers in my above reply).
This is why you'd need to synchronize them specifically at those times to your web app so you can send the plaintext password for encryption to your web app. I assume your web app has an API endpoint to deal with registrations and you'd just use that.
It's unclear to me what you're even doing in your code action for me to really suggest anything further.
This is why you'd need to synchronize them specifically at those times to your web app so you can send the plaintext password for encryption to your web app. I assume your web app has an API endpoint to deal with registrations and you'd just use that.
It's unclear to me what you're even doing in your code action for me to really suggest anything further.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- PaceOnline
- OFFLINE
-
Premium Member
- Posts: 104
- Thanks: 2
- Karma: 0
11 months 3 days ago #333871
by PaceOnline
Replied by PaceOnline on topic Default Password and Redirect
To clarify I am getting these passwords in the registration email sent after sign up;
Your account with the following details:
Email: CENSORED
Name: Test Person1
Username: Test Person1
Password: $2y$10$clTH7exBsXxWD8pPDdQXt.MkxGeHqcCrBLSO.FHjETyDCnLR4PDMu
has been activated.
We welcome you to our online community and trust that together
we will grow.
Enjoy the experience!
Kind Regards,
Website Administration Team
I have deleted all auto actions. I have only set CB to generate passwords and I am signing up on CB Subs plans.
Your account with the following details:
Email: CENSORED
Name: Test Person1
Username: Test Person1
Password: $2y$10$clTH7exBsXxWD8pPDdQXt.MkxGeHqcCrBLSO.FHjETyDCnLR4PDMu
has been activated.
We welcome you to our online community and trust that together
we will grow.
Enjoy the experience!
Kind Regards,
Website Administration Team
I have deleted all auto actions. I have only set CB to generate passwords and I am signing up on CB Subs plans.
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68492
- Thanks: 9080
- Karma: 1434
11 months 3 days ago #333872
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Default Password and Redirect
Is that your Welcome or Pending email in CB > Configuration > Registration? Do you have email confirmation or registration approval enabled?
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
Time to create page: 0.401 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Developer Members Support
- Default Password and Redirect