Gossamer Forum
Home : Products : DBMan : Installation :

Password emailed to a new user

Quote Reply
Password emailed to a new user
Just realized that the valuable passwords and user ID's were being sent only to me, the db administrator. I found several threads on this subject but was unable to implement them. One very intellegent posting dealt with smpt - not sendmail.

Alex and JPDeni wrote these things helpful remarks which confirm that this indeed can be done:

Norm posted November 30, 1998 08:12 PM PST           
------------------------------------------------------------------------
Alex, can you get the password after someone has logged in and they have
added the info? Isn't the password encrypted?
This would prevent you from sending them a confirmation message to their
e-mail address with the username and password yes?
Alex posted November 30, 1998 08:45 PM PST           
------------------------------------------------------------------------
----------Yes the password is stored encrypted, but you still have access to it
once the user is signing up (because it is sent to the script
unencrypted).
Basically here's the process:

1. User goes to sign up form and enters userid and password.
2. sub signup is run and p/w is in $in{'pw'}.
3. encrypted password is generated and printed to password file.

We still have access to the original password though, and can mail the
user. Once we are done with this request, the password is lost forever.

Hope that helps,
Alex

---------JPDeni posted February 15, 1999 09:39 PM PST           
------------------------------------------------------------------------
Your email addresses are in your .db file, right? And you're using it in
html_add_success, right? Then you don't have to include the code to open
the file at all.
Change the line (in html_add_success)

&html_record(&get_record($in{$db_key}));

to

%rec = $get_record(in{$db_key});
&html_record(%rec);

Then just use your %rec variables to create the email.

print MAIL "To: $rec{'email'}\n";

If you're still having trouble, instead of trying to send an email
message, have the script print out the variables on the web page. You
can more easily see where you might be going wrong.

_________________ Carolynn again:

Wish I could. :-)

Still having trouble because the line I replaced in html_add_success had a print command right before and after it and I don't know how and where to replace them. Keep getting syntax errors here.

</td></tr>
<tr><td>
<p><center><$font_title><b>
New Record Created
</b></font></center><br>
<$font>
<P><Font face="Verdana, Trebuchet MS, Helvetica" Size=2>The following record was successfully added to the $db_setup database:</FONT></P>
|; %rec = $get_record(in{$db_key});
&html_record(%rec); print qq|
</font></p>
|; &html_footer; print qq|

Thanks, one more time! Hopefully others will benefit from this as well.

Carolynn
Quote Reply
Re: Password emailed to a new user In reply to
You've certainly been doing your research! Smile

Alex's post was referring to having access to the password immediately after the user creates his username. If you wanted to send the user his password, you would have to include the mailing in the signup subroutine in db.cgi. As soon as the user does anything else (including logging in), the unencrypted password information is gone.

Unless you change things to make the passwords unencrypted in the .pass file, which leads into my password lookup modification.

Regarding emailing the user after the record is added --

The part of the script that you gave us:

Quote:
</td></tr>
<tr><td>
<p><center><$font_title><b>
New Record Created
</b></font></center><br>
<$font>
<P><Font face="Verdana, Trebuchet MS, Helvetica" Size=2>The following record was
successfully added to the $db_setup database:</FONT></P>
|;
%rec = $get_record(in{$db_key});
&html_record(%rec);
print qq|
</font></p>
|;
&html_footer;
print qq|

looks fine as far as it goes. I'm assumiing that somewhere before the code you gave there is a print qq| statement and that at the end, there are things that are printed (at least </body></html> ) and it ends with |;

If you want to send an email to the user, you have to be sure that the part that actually sends the mail is not within a print qq| statement.

If you're still having problems, make your html.pl file available in an accessible web directory and rename it with a .txt extension so we can take a look at it.


------------------
JPD





Quote Reply
Re: Password emailed to a new user In reply to
I would love to disengage encryption as I am not dealing in military secrets.

Your Password Lookup is a great idea, but from experience I know that user id's are just as easily forgotten or lost.

Let's say that I get encryption disengaged according to some parts of the new "Password Lookup Modification for DBMan, written 8 March 1999".

Then, in the db.cgi, under sub add_record, can I then call (and mail) the password like this?

if ($in{'Email'}) {

open (MAIL, "|/usr/lib/sendmail -t") or &cgierr("Can't open sendmail:
$!");
print MAIL "To: where2or3\@aol.com\n";
____snip__
print MAIL "$in{'Date'}|";
print MAIL "$in{'record'}|";
print MAIL "$in{'Userid'}";
print MAIL " \n";
print MAIL "$in{'pw'}"; #???
print MAIL "$db_setup";

close MAIL;
}

}
else {
&html_add_failure($status);
}
}

Thanks again for the all the help. Don't give up on me yet, JPDeni. OK? All my self confidence is riding on this.

Carolynn
Quote Reply
Re: Password emailed to a new user In reply to
I'll never give up on you, Carolynn! Smile

The password lookup mod sends both the username and the password to the user. They have to enter their email address with the username and password, which is kept in the password file. Then, if they forget their password, they enter their email address and the username and password is sent to them.

If you'd like to see how it works, you can go to my demo at
http://www.drizzle.com/~hall/cgi-bin/dbmod/db.cgi
Sign up for a password and then go back to the original login screen and ask for it to be mailed to you.

You could put the sending mail part in sub add_record. I prefer, if at all possible, to put things in html.pl, though. Every time you add something to db.cgi that is specific to the database you're running, you make it less likely that you can use it for something else if you should want to. (Believe me, you'll find all sorts of uses for DBMan once you get the first database up and running! Smile )

In order to send the password, you'll also have to do a lookup in the password file. How that will work will depend on how you set up your password file, so I'll wait to see what you want to do before I give any more directions.

But I'm here with you!

------------------
JPD





Quote Reply
Re: Password emailed to a new user In reply to
This modification looks straightforward enough. Now that you have put it into "baby talk" for me :-)

Two other things: 1.) How do you get the new email value from the Log In box to appear in the Add Record screen?

2) I would still like to email new users a friendly note from "html add success" (?) sending them their user ID and password and explaining that the script will only recognize the email address to which the confirmation is sent. (More and more people are using multiple addresses these days, you know.) What is the code for these two values?

Thank you is an understatement, JPDeni.
Quote Reply
Re: Password emailed to a new user In reply to
  
Code:
open (PASSWD, "<$auth_pw_file") | | &cgierr("unable to open password file. Reason: $!\n");
@passwds = <PASSWD>;
close PASSWD;
PASS: foreach $pass (@passwds) { # Go through each pass and see if we match..
next PASS if ($pass =~ /^$/); # Skip blank lines.
next PASS if ($pass =~ /^#/); # Skip Comment lines.
if ($pass =~ /^$db_userid/)
chomp ($pass);
($userid, $pw, $view, $add, $del, $mod, $admin, $email) = split (/:/, $pass);
last PASS;
}
}

You can put this at the top of the page, before &html_print_headers.

The password will be in the $pw variable and the email address will be in the $email variable. The userid will be in both the $userid variable and the $db_userid variable. Pick whichever one you want to use. Smile

If you want to include any of the information from the record in the email, you can use the $in{'fieldname'} variables.

You might want to send the email before the record is printed out, too. If you do, just put your

open MAIL ....
print MAIL...
close MAIL...

routine right after you look up the password -- before &html_print_headers.

Glad to help! Smile

------------------
JPD







[This message has been edited by JPDeni (edited March 14, 1999).]
Quote Reply
Re: Password emailed to a new user In reply to
Thanks for wading through all this with me, your unseen friend in Tennessee. Just about to make it to the shore. Yippee.

Got your ingenious mod installed and working. Therefore email notification isn't really an issue anymore, is it?

I'm still studying your last reply. Did you understand that I was trying to make the email address in the "new email box" from the Login screen automatically appear in the Add New Record screen. This would save new users (default) from re-typing their address. (Kinda like how the ID number or key automatically shows up.) Is this possible?

Sorry I wasn't more clear. And thanks for all!

sincerely,
Carolynn
Quote Reply
Re: Password emailed to a new user In reply to
No, I didn't understand that was what you wanted. It's okay, though. You can do that, too. (I suppose if I'd really read your previous post, I would have understood. Smile)

Okay. Take the whole "looking up password" thing that I gave you before and schlep it all up to html_add_form. Again, you might as well just put it before &html_print_headers. That way you don't have to worry about getting it tangled up in a print statement.

Then just below that, add

%rec = &get_defaults;
$rec{'Email'} = $email;

(assuming your email field is called "Email")

and change the line

&html_record_form (&get_defaults);

to

&html_record_form (%rec);


There might be another way to do this that would be a little slicker, but I'm having a heck of a time getting it to work myself. If I get it to working, I'll post it here.


------------------
JPD





Quote Reply
Re: Password emailed to a new user In reply to
JP - I just took a look at your script at "http://www.drizzle.com/~hall/cgi-bin/dbmod/db.cgi" How can one get a dbman script setup like the one you have?

I currently have the dbman script up and running on our site but like the added features that you have such as userID/password lookup and the nice little welcome to the userID after logging in. I would also like to have these features.
Quote Reply
Re: Password emailed to a new user In reply to
The modifications you need to make are listed in a text file you can pick up at
http://www.drizzle.com/~hall/dbmod/lookup.txt

The "Welcome, username" is just

if ( $db_userid ne "default" ) { print qq|Welcome, $db_userid!<BR>|; }

This is in sub html_home in html.pl. Make sure you don't put it within a print qq| statement. (The first part of it -- if ( $db_userid ne "default" ) -- is because I didn't want it to say "Welcome, default!"



------------------
JPD





Quote Reply
Re: Password emailed to a new user In reply to
I tried the addition for the "Welcome" I can't seem to get it to work..... maybe I am just not putting it in the right place?

I added the password lookup and everything seems to be working properly - thanks a bunch for that !!
Quote Reply
Re: Password emailed to a new user In reply to
Glad the lookup thing is working for you.

When you say the "Welcome" thing doesn't work, what do you mean? Does your script crash? Do you get nothing? Do you get garbage?


------------------
JPD





Quote Reply
Re: Password emailed to a new user In reply to
What I mean is I get nothing. Must be because I just don't know exactly where to place it within the code?
Quote Reply
Re: Password emailed to a new user In reply to
Carol - I figured it out, all I need was the $db_userid after "Welcome".

You are a probably thinking "Why, does this guy keep posting his questions if he is going to figure them out by himself?"

Well, Just call me impatient but I like to keep trying to figure things out on my own - but your help has been great in getting me going and I appreciate it alot.

Thanks!
Quote Reply
Re: Password emailed to a new user In reply to
Hi,

I found this thread on a search and it covers everything I needed to know. I have been going through it all evening. I am new to modifying cgi scripts so I am a little slow on this.

I have managed to do everything but set uo the welcome email message to be sent to users on sign up.

I saw that Carolynn showed what the code was but I don't know where to put it -- forgive me if that's a really stupid thing to say :-)

Is this the code?

if ($in{'Email'}) {
open (MAIL, "|/usr/lib/sendmail -t") or &cgierr("Can't open sendmail:
$!");
print MAIL "To: where2or3\@aol.com\n";
____snip__
print MAIL "$in{'Date'}|";
print MAIL "$in{'record'}|";
print MAIL "$in{'Userid'}";
print MAIL " \n";
print MAIL "$in{'pw'}"; #???
print MAIL "$db_setup";

close MAIL;
}

}
else {
&html_add_failure($status);
}
}

And if so, where fo I put it?

Thanks so much for this thread, it's been wonderful to have learned so much in one night!

Kylie


------------------
info@spiltmilk.net
Quote Reply
Re: Password emailed to a new user In reply to
Welcome, Kylie! Smile

If you want to send the welcome message when users sign up, you can put it in html.pl, sub html_signup_success. (You could also put it in db.cgi, but I prefer not editing that script unless absolutely necessary.)

You will have to use at least part of my "lookup" modification in order to do this, though, since the default DBMan doesn't have the user enter an email address when they sign up for an account. You can pick up the modification instructions at

http://www.drizzle.com/~hall/dbmod/lookup.txt

Once you have made the modification, all of the information you'll need for your welcome email will be available.

In sub html_signup_success, before

&html_print_headers;

add

Code:
open (MAIL, "$mailprog") or &cgierr("Can't open sendmail: $!");
print MAIL "To: $in{'email'}\n";
print MAIL "From: $admin_email\n";
print MAIL "Subject: $db_name Account Information\n\n";
# or whatever you want for your subject line

print MAIL "User ID: $in{'userid'}\n";
print MAIL "Password: $in{'pw'}";
print MAIL "Whatever else you want to say";
close MAIL;



------------------
JPD





Quote Reply
Re: Password emailed to a new user In reply to
Thank you JPD, that is working fine now.

I got it set up and have another problem but I posted that message in the appropriate dscussion thread.

Thanks so much for your help

Kylie