- Forums
- Support and Presales
- Developer Members Support
- Validate Answer of Secret Question Against Existing Field Values
Validate Answer of Secret Question Against Existing Field Values
- marriage_minded_man
- OFFLINE
-
Premium Member
- Posts: 132
- Thanks: 2
- Karma: -14
2 years 9 months ago #325590
by marriage_minded_man
Validate Answer of Secret Question Against Existing Field Values was created by marriage_minded_man
I have a scenario where after logging in (and/or during a live session), a logged in user would be redirected to a page where they need to answer an identifying question, pulled randomly from a pool of ID questions, which the user has previously answered/saved on their profile (and are currently hidden from everyone's view, including the user/owner).
Example:
There are 4 questions on their profile which they've answered and saved:
What is the name of your first pet? - text field
What year were you born? - dropdown
What is your hair color? - dropdown
What city were you born in? - text field
One of these questions is pulled randomly and displayed on an independent page. If the user's answer matches the current value stored, then the user is redirected to a hidden "Success Page" which has a secret URL. If the user answers incorrectly (their answer does not match the one in the DB), then they are redirected to a "Fail Page", or a different question.
I'll need to pass on some variable to tell me which page they are originally coming from, in order to decide which "Success Page" or "Fail Page" they are redirected to.
I understand that this is not an effective security measure for logging in, since the user can simply navigate away from that page after logging in. However, in my use case, I am using it to redirect to a hidden URL, and not using it as a security measure for logging in.
These values will live on the user's profile as hidden, however, the user can delete them (reset security questions) and re-enter them if they choose to.
Please advise on the best/cleanest way to do this.
Thanks.
Example:
There are 4 questions on their profile which they've answered and saved:
What is the name of your first pet? - text field
What year were you born? - dropdown
What is your hair color? - dropdown
What city were you born in? - text field
One of these questions is pulled randomly and displayed on an independent page. If the user's answer matches the current value stored, then the user is redirected to a hidden "Success Page" which has a secret URL. If the user answers incorrectly (their answer does not match the one in the DB), then they are redirected to a "Fail Page", or a different question.
I'll need to pass on some variable to tell me which page they are originally coming from, in order to decide which "Success Page" or "Fail Page" they are redirected to.
I understand that this is not an effective security measure for logging in, since the user can simply navigate away from that page after logging in. However, in my use case, I am using it to redirect to a hidden URL, and not using it as a security measure for logging in.
These values will live on the user's profile as hidden, however, the user can delete them (reset security questions) and re-enter them if they choose to.
Please advise on the best/cleanest way to do this.
Thanks.
Please Log in to join the conversation.
beat
Team Member- OFFLINE
- Posts: 8175
- Thanks: 528
- Karma: 352
2 years 9 months ago #325593
by beat
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Replied by beat on topic Validate Answer of Secret Question Against Existing Field Values
Hi,
That is something that is outside the scope of CB's and CB's add-ons code that you would have to code yourself or ask someone to code for you. I can well imagine that you could code all of that as CB Auto Actions, but doing the coding for you is unfortunately outside the scope of this forum support. But giving you the auto-actions that you could use is in the scope:
You may need 2 actions onAfterLogin, one to memorize the return url, and one to redirect, so they may have to be called by an auto-action of type auto-action with Trigger onAfterLogin
You'll probably need a code-type auto-action to store your return url and a Redirect-type autoaction to go to your custom page, which could be an auto-action by itself (of type Content with your form, that would then post to another auto-action to evaluate the posting result). From there it's up to you to code whatever you need.
That's as far as we can help you in your coding of this custom functionality.
Maybe Kyle will complement my reply, but that's roughly the possible starting point.
That is something that is outside the scope of CB's and CB's add-ons code that you would have to code yourself or ask someone to code for you. I can well imagine that you could code all of that as CB Auto Actions, but doing the coding for you is unfortunately outside the scope of this forum support. But giving you the auto-actions that you could use is in the scope:
You may need 2 actions onAfterLogin, one to memorize the return url, and one to redirect, so they may have to be called by an auto-action of type auto-action with Trigger onAfterLogin
You'll probably need a code-type auto-action to store your return url and a Redirect-type autoaction to go to your custom page, which could be an auto-action by itself (of type Content with your form, that would then post to another auto-action to evaluate the posting result). From there it's up to you to code whatever you need.
That's as far as we can help you in your coding of this custom functionality.
Maybe Kyle will complement my reply, but that's roughly the possible starting point.
Beat - Community Builder Team Member
Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info
Please Log in to join the conversation.
- krileon
Team Member- OFFLINE
- Posts: 68491
- Thanks: 9079
- Karma: 1434
2 years 9 months ago #325597
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Validate Answer of Secret Question Against Existing Field Values
What is supposed to be on the hidden URL page that it requires a secret question? There maybe just a better way to present that information to them instead of asking them a question, which will inevitable turn people away from your site.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- marriage_minded_man
- OFFLINE
-
Premium Member
- Posts: 132
- Thanks: 2
- Karma: -14
2 years 9 months ago - 2 years 9 months ago #325608
by marriage_minded_man
Replied by marriage_minded_man on topic Validate Answer of Secret Question Against Existing Field Values
It's educational material that is presented to them sequentially, with the requirement that their identity (and attention) be verified/validated randomly throughout the process.
It doesn't need to be "redirect driven" necessarily. Another workaround is to have some sort of Javasctipt pop up the questions throughout the process, while on these specific pages, (possibly on a timer being triggered every 15 mins for example), and if they answer correctly they remain on the page, and if they answer incorrectly they are redirected to a fail page.
Maybe something client-side that renders the answers using CB Substitutions into a script, and then checks their answer against it.
Or a single CB Form for each question that pops up in a modal and on submit (onprofileupdate) if new field matches old field then do nothing, if doesn't match, then redirect.
I'll take a closer look at auto-actions. If you think of an easier solution, let me know. Thanks.
It doesn't need to be "redirect driven" necessarily. Another workaround is to have some sort of Javasctipt pop up the questions throughout the process, while on these specific pages, (possibly on a timer being triggered every 15 mins for example), and if they answer correctly they remain on the page, and if they answer incorrectly they are redirected to a fail page.
Maybe something client-side that renders the answers using CB Substitutions into a script, and then checks their answer against it.
Or a single CB Form for each question that pops up in a modal and on submit (onprofileupdate) if new field matches old field then do nothing, if doesn't match, then redirect.
I'll take a closer look at auto-actions. If you think of an easier solution, let me know. Thanks.
Last edit: 2 years 9 months ago by marriage_minded_man.
Please Log in to join the conversation.
- krileon
- Team Member
- OFFLINE
- Posts: 68491
- Thanks: 9079
- Karma: 1434
2 years 9 months ago #325616
by krileon
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Replied by krileon on topic Validate Answer of Secret Question Against Existing Field Values
Are you trying to prevent account sharing by verifying their identity?
You can try using CB AntiSpam and its Login Sharing protection in CB AntiSpam > Parameters > Login > Sharing. This will block logins if the account was logged in from too many different ip addresses. Next under the Duplicates tab you can enable blocking login from multiple devices at once. Both suggest just logging out the other sessions so as to inconvenience the user the least. This would be a significantly better experience for your users, is automated, and requires nothing on their part.
You can try using CB AntiSpam and its Login Sharing protection in CB AntiSpam > Parameters > Login > Sharing. This will block logins if the account was logged in from too many different ip addresses. Next under the Duplicates tab you can enable blocking login from multiple devices at once. Both suggest just logging out the other sessions so as to inconvenience the user the least. This would be a significantly better experience for your users, is automated, and requires nothing on their part.
Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Please Log in to join the conversation.
- marriage_minded_man
- OFFLINE
-
Premium Member
- Posts: 132
- Thanks: 2
- Karma: -14
2 years 9 months ago - 2 years 9 months ago #325621
by marriage_minded_man
Replied by marriage_minded_man on topic Validate Answer of Secret Question Against Existing Field Values
Actually no, login sharing and the user experience are not really a concern here.
It’s more identity verification and forcing them to look at the material. Forcing students to study and ensuring that they are who they say they are.
Kind of like that scene in Clockwork Orange where they tie the guy up and force his eyelids open.
Any CB features similar to the picture shown?
It’s more identity verification and forcing them to look at the material. Forcing students to study and ensuring that they are who they say they are.
Kind of like that scene in Clockwork Orange where they tie the guy up and force his eyelids open.
Any CB features similar to the picture shown?
Last edit: 2 years 9 months ago by marriage_minded_man.
Please Log in to join the conversation.
Moderators: beat, nant, krileon
- Forums
- Support and Presales
- Developer Members Support
- Validate Answer of Secret Question Against Existing Field Values
Time to create page: 0.208 seconds
-
You are here:
- Home
- Forums
- Support and Presales
- Developer Members Support
- Validate Answer of Secret Question Against Existing Field Values