How can I retrieve an array of email addresses from MediaWiki in php?
The reason is that I want to modify the BlockAndNuke extension so that it shows the user's email address, and not just the username, at the special page Special:BlockAndNuke.
The method is called $user->getEmail();. Where you get the user object from, depends on how the extensions looks. If you intend to modify special page of the BlockAndNuke extension, you would end up with something like
/* First create a user object for this user name */
$user = User::newFromName( $name );
/* Then ask for the users email address*/
$emailAddress = $user->getEmail();
You can also create a User object from an id: $user = User::newFromId( $id )
Related
in ProcessWire admin you're only able to log in using your name (username) but as I'm using e-mail log in in front end I want to use e-mail for backend, too.
How can I change admin login form to allow e-mail-address?
Here is the solution I came up with
I placed those hooks in my site/init.php file
// change login name input label to e-mail-address
$wire->addHookAfter('ProcessLogin::buildLoginForm', function(HookEvent $event) {
// on liner as we don't change anything else
$event->return->get('login_name')->set('label', $event->_('E-Mail-Address'));
});
// hook into session::login to get user by mail
$wire->addHookBefore('Session::login', function(HookEvent $event) {
// need to get email from $input as processLogin::execute is pageName sanitizing
$email = $event->input->post->email('login_name');
// stop here if login_name not a valid email
if (!$email) return;
// new selector arrays don't seem to work on $user so using $pages here
$user = $event->pages->get([['email', $email]]);
// if valid user set login name argument
if ($user->id) $event->setArgument('name', $user->name);
});
bare in mind that e-mail is not a unique field so if you don't ensure uniqueness of e-mail addresses this won't work, you could change it a little to overcome this though..
Have a look at https://processwire.com/talk/topic/1838-login-using-e-mail-rather-than-username-and-general-login-issues/ where Ryan posts some more infos about this and possible solutions in case of duplicate e-mail addresses
and https://processwire.com/talk/topic/1716-integrating-a-member-visitor-login-form/ for more on front-end login strategies
I'm using the following code to get store name in a reminder email sent by admin.
$storeName = Mage::getModel('sales/order')->getStore()->getName();
However since the email is sent via the admin the store name is coming up as Admin and not Widgets.com.
How do I get it to insert the Store Name?
Try this:
$store = Mage::app()->getStore();
$storeName = $store->getName();
If you still have access to the quote (during order creation)
Mage::getSingleton('adminhtml/session_quote')->getStore()->getName();
To get the store name by order store id
Mage::app()->getStore($order->getStoreId())->getName());
Is checking against my table with the user's email and dedicated hash enough to verify and activate an account if a match is found against those two values?
A user is asked to register themselves with user data and their email id. They are then sent a URL to their email which they are asked to click on to confirm and activate their account.
This is my current setup:
<?php //The user-account-creation processing page
$email_id = taken from user input;
$randomnessWhateverItsCalled = "lots-of-randomness-here";
UPDATE advert SET advert_hash = SHA1(CONCAT($email_id, $randomnessWhateverItsCalled))
//For simplicity's sake I omitted the PDO stuff
INSERT INTO table_name (..., user_email, hash, account_activated, ...) VALUES (..., usersEmail, advert_hash, NO, ...)
/**
Send an email with some php code with the URL that would look like this
URL to click on attached to email body:
*/
$attachStringToEmailBody = "http://www.domainname.com/activate-user?email_id=" . $usersEmail . "&hash=" . $randomnessWhateverItsCalled;
enter code here
//Send email from this process page with a little email php code
//Redirect user to a page informing the user to activate the account by visiting their email and clicking on the url
?>
Then in the activate-user.php page I have the following:
<?ph
$user_email = $_GET['email_id'];
$hash = $_GET['hash'];
/**
search database and return a row if there is a match containing both the $user_email and the $hash
if(match){
Update database and set the `account_activated` column to `YES`
}
else{
//Tell if there was no match then activation failed
//Let the user know that we do not recognise the link they used to try and activate their account.
}
*/
?>
It seems secure enough, as long as you made the "randomness" part hard to guess. You can put there the email, username, password, etc. and mix them up with another key - all encrypted - that's what I usually do.
But I would advise you to use 0/1 for active/inactive - why using strings, when you can do the same with smallint (1) - and save some space, thus making the database a bit lighter ?
I want to delete mysql table row from mail inbox , Is it possible !, If yes how can i delete the table row in my server database from any mail inbox account, please tell me the solution
Table Structure:
id usrname password status usercat
1 xxxxxxx xxxxxxx new 1
2 uuuuuuu uuuuuuu new 5
$del_qry= mysql_query("DELETE FROM table_name WHERE some_column=some_value")
In my site after Registration, the registered person get alert mail and also site admin get registered user detail's mail. So if the admin want to delete the second user(username - uuuuuu) from his mail account.
How can i do this, Please tell me i am new here...
The email you send to the admin will have to contain a link like this:
http://www.example.org/admin/remove_account.php?id=123
Where 123 is the user that was registered and remove_account.php is the script that will be loaded when the link is clicked.
Within the script you would have something like this:
mysql_query("DELETE FROM table_name WHERE id=" . mysql_real_escape_string($_GET['id']));
CAUTION
A few words of caution. The above link should be protected by one of the following:
User & password protection (either using Apache or PHP)
Signature protection (example below)
The signature protection prevents tampering / forging link parameters by adding a signature. Works like this:
$secret = "some reasonably long string of random data";
$id = "123"; // like above, the user id
$sig = hash_hmac('sha1', $id, $secret);
$link = 'http://www.example.org/admin/remove_account.php?' . http_build_query(array(
'id' => $id,
'sig' => $sig,
));
To verify the signature:
$secret = "some reasonably long string of random data";
if (isset($_GET['id'], $_GET['sig'])) {
$calc_sig = hash_hmac('sha1', $_GET['id'], $secret);
if ($calc_sig === $_GET['sig']) {
// your delete query here
}
}
Please note that, although the link protects against someone trying to access your administrative script, if it falls in the wrong hands you're still pretty much screwed. Don't underestimate security :)
I think you must add a link of a page of your site in email of delete with respect of user list. and when user click on link it will redirect to particular page where it will get that user id from url of link and then you can perform delete action. It is necessary to redirect to site page from mail because in mail you can not direct connect with database.
thanks
I'm using joomla 1.7 and I want for some users to not have the option to insert a username.
I'm trying to set that on registration (for said users) the system will save the inputted email in the username field and the email field, and remove the username textbox from the form.
I know i need to insert $data['username'] = $data['email'] somewhere but I cant find the right place.
I tried to put it like this in the registration model under public function register($temp) with no success. I can't find another logical place to put it.
// Prepare the data for the user object.
$data['my_teacher'] = $data['my_teacher'];
$data['email'] = $data['email1'];
$data['username'] = $data['email1'];
$data['password'] = $data['password1'];
$useractivation = $params->get('useractivation');
i found a way to do this
just add
if(isset($temp['email1'])){
$temp['username'] = $temp['email1'];
}
right under
$temp = (array)$app->getUserState('com_users.registration.data', array());
in the module file and then remove the "username" fiels from the .xml and add a hidden field named:jform[username] and id:jform_username in the default.php file in the views/registration/tmpl
the line looks like this
<input type="text" name="jform[username]" id="jform_username" value="<?php echo 'something.random.that.will.be.replaced.with.the.email'; ?>" style="visibility:hidden;">
all the files that i am talking about are under /components/com_users/
it should work...
http://extensions.joomla.org/extensions/access-a-security/authentication/10343
The above extension will remove the need for users to enter a username on registration. However it generates a username based on the name field. It uses the email address as the username only as a last resort, because this can cause problems with certain extensions in Joomla. It also allows users to login with their email address.
Dylan