I had imported users from my old database, while importing users i had specified a default password for all users.
Now I want to notify users about their login details and want to reset password to a random password.
I want to reset password only for those users, which I created on that date.
How do i do this?
I'm not sure if you can do that with DNN out of the box. I've seen a few options for what you are trying to do:
Create your own DNN Module that could cycle through selected users and reset their password. I actually did this a while ago for a previous company.
Their is a bulk user management Module on the DNN Store which does what you are asking: http://store.dnnsoftware.com/home/product-details/dnnmasters-user-manager-suite-42
Related
I have a website for university timetable connected to microsoft sql server, there I have django table auth_user. Users can't register by themselves, university provides them with username and password. So in the table auth_user I have to fill data manually, but how can I fill the field which is responsible for password since it has to be hashed? I found only way to set password is to log in as admin, and change passwords in admin site, but that is not quite correct in terms of working with database as if I had to fill more than 100 students, it would be tiresome to do so. Maybe there is another approach to fill passwords directly in the database?
You can set the password for a user in Django by using the set_password method
from django.contrib.auth.models import User
u = User.objects.get(username='john')
u.set_password('new password')
u.save()
I have application where administrators have to create accounts for the new users. Basically there is no option for random user to create account and access this app. The admin would have to enter some basic info like First, Last name, Email address, User name and then comes to the password. I have algorithm that generates unique passwords. I'm looking for the better option to handle this situation.
The old application worked this way: admin enters info, generates password and there is an option either to automatically notify users via email or admin will contact directly that user and provide login info. This method seems very inefficient and insecure at the same time. Sending info like user name and password in the email is definitely not recommended nowadays. I was wondering what would be a good approach?
Should I generate unique link with expiration date where user can enter the password? Or there is better way to handle this situation? I use JavaScript, JQuery and ColdFusion 2016 for this project.
I have a unique user creation flow which is as follows:
User comes to my site for the first time and they click a button.
I create a User in the DB for them and set a localStorage key with the UID.
Use goes about creating data and I save the data in the DB and associate it with the UID.
User comes back, and if they have UID set in localStorage, I show them the data they previously created.
User can click Register to create a "real" account from which point they will have to login with username and password or another service (e.g. Facebook).
So, how would I accomplish this with Meteor Accounts and the User model?
In a nutshell:
I need to create User mongo document with no information (about the user).
I need to authenticate a user by just having a UID (acting as a "password").
Register onCreateUser to add an "anonymous" field ({anonymous:1})
when a random password is used, maybe generated with Meteor.uuid().
Add a timestamp field
({created:new Date()}) to clean out old, anonymous accounts.
Perform old anonymous user maintenance, like deleting anonymous users more
than one hour old:
Meteor.autorun(function()
{Meteor.users.find({anonymous:1,$where:"new Date() - this.created >
360000"}).forEach(function (user) {
Meteor.users.remove({_id:user._id})}});
On the client:
Always prompt
for a "nickname." This will become the official username, or will
sit in the system forever used.
Check if client is logged in. If
not, create a user with nickname and a "magic number" password,
which logs you in. When they click register, write "Register" at the
top, but actually just change their password and $set:{anonymous:0}
Don't use localStorage, and don't use UIDs. The session cookie IS your UID.
I don't know how to help with the authentication, but as for creating a blank User object, I've successfully done the following on the server-side (with a different name...):
Meteor.users.insert({profile: {name: 'Oompa Loompa'}, foo: 'bar'});
I am building an MVC4 app in which users will be registered by a site admin. The site admin will enter everything but the password of course. I then generate a token and send via email for them to set their password. However, I don't see a way to create a user without a password. I can either randomly generate one or assign one in the code. What is the best way to handle not having a password at account creation?
EDIT:
I used Membership.GeneratePassword for generate the password when I created the account.
Create a random password and allow them to change once the account is confirmed. Solves a number of problems.
I have been looking for the past few hours on how to user the phpBB login script on a custom site. I think I'm just not searching for the right things.
A while ago, I created a phpBB site and have over 900 members registered through phpBB. I am currently face-lifting this site and redoing the user registration along with all of the other custom code I have.
My problem is, I want the users to be able to log in as usual, though I want to input them into my new database so everything can run smoothly. I mainly need their username, password and old ID#, but I don't know how to use phpBB's password authentication or where to find it
The statement needs to look something like this:
On Login, grab username and password variables:
if the username is not in MY database, check phpBB database.
If the username is in phpBB database, check to see if the password is correct **(This is the part I don't know how to do)**
If the password is correct, input the username, user ID and the password (encrypted my way) into MY database
Login
If the password is incorrect - error
if the username is NOT in phpBB database - continue
if the username is not in MY database - input username and encrypted pass into my DB
login
Where can I find a script to authenticate the phpBB user's passwords? I don't care how the script is done, I know that's a secret, I just need to be able to authenticate passwords so that I can make sure it's the same user
I do have access to the phpBB database, I just need a way to authenticate their password
I would rather delete the quesion, but here's the answer:
Check here: http://sunnyis.me/blog/secure-passwords/
and when you download the PasswordHash.php, change all of the $P$ to $H$. It will work. Strange how it creates a password, every time it creates, it's different. But the CHECK part of it makes sure it checks it correctly, no matter what hashed pass it creates.