I am looking to implement django-registration for a project but am not sure if it will work out of the box for this use case. I am creating users as soon as I have their e-mail address (whether or not they actually are creating an account). At some time later those same users will try to register for an actual account and set a password, but the activation link will fail if the time ACCOUNT_ACTIVATION_DAYS has expired. Since I have separated the times at which someone actually gets a user versus when they are actually registered, I would ideally like to re-activate the user account.
I have looked through the docs and the source, but don't see any methods to re-activate the account or reset the activation key. Is there any solution to this built in?
Thanks!
Related
Currently, it is set to return to the first screen of the program when membership registration is completed in Django. However, since anyone can sign up and view information within the program, I want to make it possible to access the program's first page only after the administrator approves it when someone completes membership registration. As a result of Googling, only email verification was found, so I had to ask a question. There seems to be no admin authentication process provided by Django. Are there any similar examples or methods?
I want to make it possible to access the program's first page only after the administrator approves it when someone completes membership registration.
At first you can set the step for every registration level.
and to approve the user to authenticate the page, you can create and check status user profile.
Another way is using a django permission for an authenticated page.
you can do this, if the user completed a couple of registration and a step number, for example is 7, you can give needed permission to the user.
I am using Django allauth for authentication to my rest api. I have the whole process working as expected (login, registration, password reset) with email confirmation ..etc.
My question is when a user register the user receives an email with the link that user need to click and confirm to get access to the website. However, i want to use allauth but instead of a link I want a randomly generated activation code (example: 123456). That user can input in a form to confirm.
Allauth currently doesn't support this. You could open up an issue asking for the feature to be implemented, but considering that there's really no obvious advantage of using both systems, I doubt this would be accepted.
Is there a reason why the link method doesn't work for you, but this does? If so, maybe there's some workaround that could work?
Here's a possible workaround (albeit a very complicated one):
Write a template tag that would trim out the website part (ex example.com/confirm/ out of example.com/confirm/sdafsdagfsagfsdafasdfsafgfdsg), so that only the actual code is sent to the user in the email
Make a form that would accept this code, and, on submission, reconstruct the url back to its original state, and go to that url, effectively activating the account. You would almost definitely need to write custom javascript for this.
How do I manage users of our tikiwiki?
The tiki process on the server is ran under my name. I am the user of the tikiwiki, but I am not sure I am an admin user.
Most likely not but question one is: How do I find that out?
(my Admin Menu is empty)
Some user contacted me saying her account is "Locked". It so happened that there is no one else to restore it, but me.
Can anyone help where to look? I only used my tikiwiki account to limited extent. Just wrote couple of articles. But never administered.
There is always a built in user in Tiki called "admin" and that is in a group called "Admins" which has permission to do everything, so it sounds like your user isn't in that group.
If the admin user was set up with a valid email account (and you know it and have access to it) then you can get the password reset and a link to make a new one will be emailed to that address. If you can access the installer or the database then there are various other options on how to recover the admin login here: https://doc.tiki.org/Lost+admin+password
Once you have done this and can administer the Tiki again you should add your usual user to the Admins group.
To unlock another user's account you will need to either access the user admin list (once you have admin login again) or if you can get to the database you should be able to clear the relevant field in the database directly using phpmyadmin or similar as a last resort (ask again if you need this much detail).
I am using django-allauth to provide user login and authentication in my django project. And things were going smoothly till now, but I have come across two things which I do not know whether can be implemented in the current app. Any help is appreciated:
If we give the following setting ACCOUNT_EMAIL_VERIFICATION = True then after singing up the user account is not active until the user activates the email link. But what I want to do is to allow the user to be logged in, but keep the account active temporarily. Let us say if the user does not activate the account using the link within 7 days, the account will be blocked.
I want to allow the user to login using both the email and the username, is that possible? According to the current readme we can do only one of them.
Any kind of help is really appreciated.
Update
I have written a hack for the second problem and if you want you can check that out in my fork of django-alluth https://github.com/sachingupta006/django-allauth
As for the first problem, the Email Confirmations app stores the data the confirmation has been sent; I'd schedule a cronjob that runs every day and deactivates all accounts which haven't been confirmed for 7 days.
I'm using cfloginuser as a security mechanism in my application to secure web service calls that are being made.
One thing I would like to do is stop a second user from logging into the same account when they are already logged into another computer. Essentially what's happening, is that since both share the same username, the first one to login just gets kicked out as a logged in a user once the second login occurs.
Is there anyway I can check if a particular username is already logged in, therefore not even allowing the second login to even authenticate? (You can only be logged into one computer at a time)
The only way I can think of would be to store the user name in the application scope, and then remove it when they sign out. (and add it OnSessionEnd in your application.cfc in case they don't click the sign out link)
Then, when a user signs in, check the list of signed in users in your application scope, and don't allow them to do it a second time if the name is there.
Do keep in mind what Peter said, though. I think it is a good point.