Validate Answer of Secret Question Against Existing Field Values

2 months 1 week ago #325590 by marriage_minded_man
I have a scenario where after logging in (and/or during a live session), a logged in user would be redirected to a page where they need to answer an identifying question, pulled randomly from a pool of ID questions, which the user has previously answered/saved on their profile (and are currently hidden from everyone's view, including the user/owner).

Example:
There are 4 questions on their profile which they've answered and saved:
What is the name of your first pet? - text field
What year were you born? - dropdown
What is your hair color? - dropdown
What city were you born in? - text field


One of these questions is pulled randomly and displayed on an independent page. If the user's answer matches the current value stored, then the user is redirected to a hidden "Success Page" which has a secret URL. If the user answers incorrectly (their answer does not match the one in the DB), then they are redirected to a "Fail Page", or a different question.

I'll need to pass on some variable to tell me which page they are originally coming from, in order to decide which "Success Page" or "Fail Page" they are redirected to.

I understand that this is not an effective security measure for logging in, since the user can simply navigate away from that page after logging in. However, in my use case, I am using it to redirect to a hidden URL, and not using it as a security measure for logging in.

These values will live on the user's profile as hidden, however, the user can delete them (reset security questions) and re-enter them if they choose to.

Please advise on the best/cleanest way to do this.

Thanks.

Please Log in to join the conversation.

2 months 1 week ago #325593 by beat
Hi,
That is something that is outside the scope of CB's and CB's add-ons code that you would have to code yourself or ask someone to code for you. I can well imagine that you could code all of that as CB Auto Actions, but doing the coding for you is unfortunately outside the scope of this forum support. But giving you the auto-actions that you could use is in the scope:

You may need 2 actions onAfterLogin, one to memorize the return url, and one to redirect, so they may have to be called by an auto-action of type auto-action with Trigger onAfterLogin

You'll probably need a code-type auto-action to store your return url and a Redirect-type autoaction to go to your custom page, which could be an auto-action by itself (of type Content with your form, that would then post to another auto-action to evaluate the posting result). From there it's up to you to code whatever you need.

That's as far as we can help you in your coding of this custom functionality.

Maybe Kyle will complement my reply, but that's roughly the possible starting point.

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info

Please Log in to join the conversation.

2 months 1 week ago #325597 by krileon
What is supposed to be on the hidden URL page that it requires a secret question? There maybe just a better way to present that information to them instead of asking them a question, which will inevitable turn people away from your site.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

2 months 1 week ago - 2 months 1 week ago #325608 by marriage_minded_man
It's educational material that is presented to them sequentially, with the requirement that their identity (and attention) be verified/validated randomly throughout the process.

It doesn't need to be "redirect driven" necessarily. Another workaround is to have some sort of Javasctipt pop up the questions throughout the process, while on these specific pages, (possibly on a timer being triggered every 15 mins for example), and if they answer correctly they remain on the page, and if they answer incorrectly they are redirected to a fail page.

Maybe something client-side that renders the answers using CB Substitutions into a script, and then checks their answer against it.

Or a single CB Form for each question that pops up in a modal and on submit (onprofileupdate) if new field matches old field then do nothing, if doesn't match, then redirect.

I'll take a closer look at auto-actions. If you think of an easier solution, let me know. Thanks.

Please Log in to join the conversation.

2 months 1 week ago #325616 by krileon
Are you trying to prevent account sharing by verifying their identity?

You can try using CB AntiSpam and its Login Sharing protection in CB AntiSpam > Parameters > Login > Sharing. This will block logins if the account was logged in from too many different ip addresses. Next under the Duplicates tab you can enable blocking login from multiple devices at once. Both suggest just logging out the other sessions so as to inconvenience the user the least. This would be a significantly better experience for your users, is automated, and requires nothing on their part.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

2 months 1 week ago - 2 months 1 week ago #325621 by marriage_minded_man
Actually no, login sharing and the user experience are not really a concern here.

It’s more identity verification and forcing them to look at the material. Forcing students to study and ensuring that they are who they say they are.

Kind of like that scene in Clockwork Orange where they tie the guy up and force his eyelids open.



Any CB features similar to the picture shown?

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.202 seconds

Facebook Twitter LinkedIn