IMPLEMENTING THE EMAILONAPPROVED PLUGIN AND A MANDATORY PASSWORD CHANGE ON FIRST LOGIN - Jul 7th, 2020
|
Website Membership Plugin Required https://www.interactivetools.com/plugins/website-membership/
When a prospective member filled out the membership application, I wanted their application to be approved manually. I wanted an e-mail to be sent stating that their application had been received and that as soon as it was processed they would get a second “welcome” e-mail with their username and a temporary password.
As password encryption became the norm, it became more difficult and then impossible to retrieve a password from the database and send it to a member.
To get around this obstacle, here’s an approach to send members a generic password ands force them to change their password the first time they log in.
NOTE: Because of security measures implemented on your server, you might have to change your admin email to a valid email address on your hosting account, or use an SMTP server email account (set in the Admin > General tab) for emails to automatically be sent by CMS Builder.
1) If you don’t have it already, you’ll need to download the emailOnApproved plugin from:
http://www.thecmsbcookbook.com/downloads/emailOnApproved.zip
2) in emailOnApproved.php search for $message=<<< __TEXT__
remove the {$_REQUEST['password']} and replace it with a generic password that you’ll also enter into your user-signup form in step 6
3) You’ll also need to download and install the latest version of the Website Membership plugin.
4) Create 2 new check boxes in the ‘account’ section of your CMS, an ‘Approved’ check box and a ‘First Time Login’ check box. Change the checked value to NO and the unchecked value to YES in the First Time Login field.
5) In websiteMembership.php search for return $CURRENT_USER;
add this code just before that line:
if (@$_REQUEST['action'] == 'login') {if (@$CURRENT_USER && (@$CURRENT_USER['first_time_login'] == '0'||@$CURRENT_USER['first_time_login'] == "")){ redirectBrowserToURL("cp.php");exit;} // if first time login redirect to change password page else; }
7) In the USER_SIGNUP Email template (you’ll find the templates at the bottom of the ADMIN menu group), delete the username, password and login reference and insert the text that’s appropriate for your site.
For a membership site, it could be:
“Thanks for signing up.
We’ll review your application and email your login credentials to you as soon as your application is approved.”
6) In your user-signup form, search for: $colsToValues['password'] = $passwordHash;
Delete that code and replace it with: $colsToValues['password'] = ‘YourGenericPassword’; (replacing YourGenericPassword with the one you used in step 2. Keep the single quotes before and after YourGenericPassword.)
7) In your user-signup form, change this:
$errorsAndAlerts = "Thanks, We've created an account for you and emailed you your password.\n"; $errorsAndAlerts .= "If you don't receive an email from us within a few minutes check your spam filter for messages from {$fromEmail}\n";
to something like this:
$errorsAndAlerts = "Thanks, we've created an account for you. As soon as you're approved we'll email you your password.\n"; $errorsAndAlerts .= "If you don't receive an email from us within a reasonable time your spam filter for messages from {$fromEmail}\n"; Create a web page named cp.php with the following code and upload to your server in the website root directory:
At the top of your page:
<?php $GLOBALS['SEP_DISABLED'] = 1; ?> <?php header('Content-type: text/html; charset=utf-8'); ?> <?php // load viewer library $libraryPath = 'cmsAdmin/lib/viewer_functions.php'; $dirsToCheck = array('path_to_your_server/','','../','../../','../../../'); foreach ($dirsToCheck as $dir) { if (@include_once("$dir$libraryPath")) { break; }} if (!function_exists('getRecords')) { die("Couldn't load viewer library, check filepath in sourcecode."); } ?> <?php $GLOBALS['WEBSITE_MEMBERSHIP_PROFILE_PAGE'] = true; // prevent redirect loops for users missing fields listed in $GLOBALS['WEBSITE_LOGIN_REQUIRED_FIELDS'] ?> <?php # Developer Notes: To add "Agree to Terms of Service" checkbox (or similar checkbox field), just add it to the accounts menu in the CMS and un-comment agree_tos lines // $useUsernames = true; // Set this to false to disallow usernames, email will be used as username instead
// error checking $errorsAndAlerts = ""; if (@$_REQUEST['missing_fields']) { $errorsAndAlerts = "Please fill out all of the following fields to continue.\n"; } // if (!$CURRENT_USER) { websiteLogin_redirectToLogin(); }
### Update User Profile if (@$_POST['save']) { // update user if (!$errorsAndAlerts) { $colsToValues = array(); // ... add more form fields here by copying the above line! $colsToValues['first_time_login'] = '1'; $colsToValues['updatedByUserNum'] = $CURRENT_USER['num']; $colsToValues['updatedDate='] = 'NOW()'; mysql_update(accountsTable(), $CURRENT_USER['num'], null, $colsToValues);
// on success websiteLogin_setLoginTo( $colsToValues['username'], $CURRENT_USER['password'] ); // update login session username in case use has changed it. $errorsAndAlerts = "Thanks, we've updated your password.\n"; } }
### Change Password if (@$_POST['changePassword']) { //update fields $colsToValues = array(); $colsToValues['first_time_login'] = '1'; $colsToValues['updatedByUserNum'] = $CURRENT_USER['num']; $colsToValues['updatedDate='] = 'NOW()'; mysql_update(accountsTable(), $CURRENT_USER['num'], null, $colsToValues); // change passwords $encryptPasswords = @$SETTINGS['advanced']['encryptPasswords'];
// error checking $_REQUEST['oldPassword'] = preg_replace("/^\s+|\s+$/s", '', @$_REQUEST['oldPassword']); // v1.10 remove leading and trailing whitespace $oldPasswordHash = $encryptPasswords ? getPasswordDigest(@$_REQUEST['oldPassword']) : @$_REQUEST['oldPassword']; if (!@$_REQUEST['oldPassword']) { $errorsAndAlerts .= "Please enter your current password\n"; } elseif ($oldPasswordHash != $CURRENT_USER['password']) { $errorsAndAlerts .= "Current password isn't correct!\n"; } $newPasswordErrors = getNewPasswordErrors(@$_REQUEST['newPassword1'], @$_REQUEST['newPassword2'], $CURRENT_USER['username']); // v2.52 $errorsAndAlerts .= nl2br(htmlencode($newPasswordErrors));
// change password if (!$errorsAndAlerts) { $passwordHash = $encryptPasswords ? getPasswordDigest($_REQUEST['newPassword2']) : $_REQUEST['newPassword2']; mysql_update( accountsTable(), $CURRENT_USER['num'], null, array('password' => $passwordHash)); // update password websiteLogin_setLoginTo( $CURRENT_USER['username'], $_REQUEST['newPassword2'] ); // update current login session unset($_REQUEST['oldPassword'], $_REQUEST['newPassword1'], $_REQUEST['newPassword2']); // clear form password fields $errorsAndAlerts = "Thanks, we've updated your password!\n"; redirectBrowserToURL("members-only.php"); } } ### END: Change Password
// prepopulate form with current user values //foreach ($CURRENT_USER as $name => $value) { // if (array_key_exists($name, $_REQUEST)) { continue; } // $_REQUEST[$name] = $value; // }
?>
And in the body (NOTE: You can style your page to match your site design):
<?php if (@$errorsAndAlerts): ?> <div align="left" class="your_class" style="color:#F00"> <?php echo $errorsAndAlerts; ?> </div> <?php endif ?> <div style="width:90%" align="left"> <div class="your_class" align="center">PLEASE CHANGE YOUR PASSWORD</div> <span class="your_class"><b>Welcome <?php echo $CURRENT_USER['first_name'] ?>, Since this is the first time you've logged in, we ask that you change your password to protect your privacy. NOTE: Once you've changed your password, you'll no longer be logged in, and you'll have to </b> </span><a class="your_class" href="member_login.php">LOGIN AGAIN</a> <span class="your_class"><b>with your new credentials.</b> <!-- CHANGE PASSWORD FORM --> <div > <b>Change your Login Password - (Don't forget to write down the new one!)</b> <form method="post" action="?"> <input type="hidden" name="changePassword" value="1" /> <p> <table border="0" cellspacing="0" cellpadding="1"> <tr> <td>Enter Your Current Password</td> <td><input type="password" name="oldPassword" value="<?php echo htmlencode(@$_REQUEST['oldPassword']); ?>" size="40" /></td> </tr> <tr> <td> Enter Your New Password</td> <td><input type="password" name="newPassword1" value="<?php echo htmlencode(@$_REQUEST['newPassword1']); ?>" size="40" /></td> </tr> <tr> <td> Enter Your New Password (again)</td> <td><input type="password" name="newPassword2" value="<?php echo htmlencode(@$_REQUEST['newPassword2']); ?>" size="40" /></td> </tr> <tr> <td > </td> <td align="center"> <input class="button" type="submit" name="submit" value="Change Password >>" /></td> </tr> </table> </form> </div> <!-- /CHANGE PASSWORD --> <?php if (@$errorsAndAlerts): ?> <div class="your_class" style="color:#F00"> <?php echo $errorsAndAlerts; ?> </div> <?php endif ?>
7) If you're implementing the mandatory password change on an existing site, you might want to change all the First Time Login check boxes to checked so that existing users won't get a reset your password message the next time they log in. To change all the check boxes with one click, you can use the Field Resetter Plugin that you can download from http://www.thecmsbcookbook.com/downloads/fieldResetter.zip
8) TEST TO MAKE SURE EVERYTHING WORKS AS PLANNED!!!
__________________________________________________________________________________________________
NOTE: THE STEPS OUTLINED IN THE (LEGACY) RECIPE BELOW WILL ALLOW THIS PLUGIN TO WORK CORRECTLY WITH ENCRYPTED PASSWORDS (CMSB VERSION 2.08+ AND THE WEBSITE MEMBERSHIP PLUGIN V1.05+ (BUT NOT WITH V1.09 or later (SEE ABOVE).
***V 1.10 OF THE MEMBERSHIP PLUGIN IS HIGHLY RECOMMENDED***
NOTE: Thanks to Steve from MustBeOnLine.com for discovering a coding error in the zipped plugin (now fixed). He discovered that there was a double $errors = in the line of code:
$errors = $errors=mail($_REQUEST['email'],"Your membership has been approve!",$message,$headers);,
It should be:
$errors = mail($_REQUEST['email'],"Your membership has been approve!",$message,$headers);,
Download and install the emailOnApproved plugin. Do a search on the forum for the latest version, or you can download my modified (and corrected) version from here:
http://www.thecmsbcookbook.com/downloads/emailOnApproved.zip
This modified plugin will allow you to set up a manual approval process and send an e-mail to your new members when they are approved.
Before encrypted passwords it was easier to email login credentials to a member after their account had been manually approved. (Their application was approved, their payment had been verified, etc.)
Since the implementation of encrypted passwords, the process became a bit more involved.
Here’s are the steps necessary:
First, create a visible password text field in the “Accounts” section (I call it visible_password in this recipe) and an "approved" check box
Then have your signup form automatically fill the visible_password field with the automatically generated password before it’s encrypted.
You’ll need to comment out (or remove) the send email instructions in the signup form
You’ll also want to change the “show thanks” message that is presented on a successful signup.
Then in the emailOnApproved plugin, you’ll want to change the ‘password’ field to ‘visible_password’
Here are the specifics:
First add a text field called "visible_password" to your “accounts” section. (You can call it anything you want to, but be consistent)
Next add a check box field called "approved"
Then open your signup form and somewhere in the mysql_query("INSERT INTO `{$TABLE_PREFIX}accounts` SET code insert the following code as a separate line:
visible_password = '$password',
it doesn’t matter where in the series you insert the line, as long as it’s a separate line.
Next search for // send message and comment out the entire section with a after the section:
Just under that section of code you should find the section called // show thanks
You’ll want to modify that message to something like:
// show thanks $errorsAndAlerts = "Thanks, We've created an account for you. As soon as you're approved we'll email you your password.\n"; $errorsAndAlerts .= "If you don't receive an email from us within a few minutes check your spam filter for messages from {$SETTINGS['adminEmail']}.\n"; // $errorsAndAlerts .= "<a href='{$GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL']}'>Click here to login</a>.";
Notice that I’ve removed the reference to {$emailHeaders['from']} in the “spam filter” text and replaced it with {$SETTINGS['adminEmail']} (you’ll get an error if you don’t because you removed the original variable in the previous step) , and commented out the login URL line with a double forward slash (you can remove this line if you’d prefer).
Now save your signup form and open the emailOn Approved plugin.
The instructions on how to implement this plugin are below.
Search for ‘password’ and replace this with ‘visible_password’ (unless you called your field something else)
That’s it.
LEGACY INFORMATION
BACKGROUND When I first activated the original emailOnApproved plugin, I was getting Undefined index errors reported on saving a record until I added this line suggested by Dave Edis to the error checking section of the code:
if ($Table name != 'accounts') { return; }
So now the error checking section looks like
// error checking if ($tableName != 'accounts') { return; } if (!array_key_exists($fieldname, $CURRENT_USER)) { die(__FUNCTION__ .": You must create an accounts fields called '$fieldname'!"); }
And there are no more Undefined index errors.
I decided that it would make more sense to include the new member’s username, temporary password and a login URL in this email, so I modified the original:
// send email $wasChecked = intval(!$oldRecord[$fieldname] && $_REQUEST[$fieldname]); $wasUnchecked = intval($oldRecord[$fieldname] && !$_REQUEST[$fieldname]);
if ($wasChecked) { $errors = sendMessage(array( 'from' => $SETTINGS['adminEmail'], 'to' => $_REQUEST['email'], 'subject' => "You have been approved!", 'text' => "Congradulations!
You have been approved for our website. Your password is: {$_REQUEST['password']}
See you soon! ", )); if ($errors) { die($errors); } }
}
?>
To this:
NOTE: Make sure that there are no spaces after the $message=<<< __TEXT__ and that the __TEXT__; is flush against the left margin or you’ll generate errors.
// send email $wasChecked = intval(!$oldRecord[$fieldname] && $_REQUEST[$fieldname]); $wasUnchecked = intval($oldRecord[$fieldname] && !$_REQUEST[$fieldname]);
$message=<<< __TEXT__ Congratulations! Your subscription has been processed successfully and you now have access to the "Members Only" area of our web site. Your user name is: {$_REQUEST['username']} and your temporary password is: {$_REQUEST['password']}. Once you have successfully logged in, you can change your password and update your profile information. <a href="http://www.your_web_site_URL.com{$GLOBALS['WEBSITE_LOGIN_LOGIN_FORM_URL']}">Click here to login</a> Best, The Subscription Committee __TEXT__;
$headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .="FROM:". $SETTINGS['adminEmail']; if ($wasChecked) { $errors = $errors=mail($_REQUEST['email'],"Your membership has been processed!",$message,$headers); if ($errors!=1) { die("Mail Error: $php_errormsg"); } } } ?>
|
The materials on this web site have been created for use with CMS Builder content management software. CMS Builder software is published and licensed for use by InteractiveTools.com. Please contact Interactive Tools for information on the downloading of the software or the purchasing of licenses.
Terms of Service
|