Problems, need help? Have a tip or advice? Post it here.
19 posts Page 2 of 2
Try this topic viewtopic.php?f=3&t=8157#p14781 - people said there it helped to export as csv..
HI ,
I have just discovered the post with the solution, same as trendoman posted, and it works, except that the downloaded file has .php ending and it seems not to fetch the password....

Is it possible to make it download with csv ending and how to fetch the password

Here is the code I used:

Code: Select all
<?php require_once('couch/cms.php'); ?>
<cms:content_type 'text/csv' />
<cms:pages masterpage='users/index.php'>
<cms:show extended_user_email />, <cms:show extended_user_password />,<cms:show extended_user_password_repeat />, <cms:show nname />,<cms:show vname />,<cms:show ntitel />

</cms:pages>
<?php COUCH::invoke(); ?>


Thanks in advance
Tanja
Sorry, if I am unaware of your use-case. I would personally try to create those absent users with a random password, and forget about this password altogether. Next, I would mail the users their login and a link to reset password to establish their privacy by
Code: Select all
<cms:show k_reset_password_link />

This way, noone apart from users themselves could possible bother with passwords. It is very standard for websites not to store passwords in recoverable form. I think CouchCMS doesn't offer any tool to recover password from its hashed record. By the way you wrote that you could see in database those hashes. Those hashes are not the same and different, very true, - but the password is the same. It means that same passwords could be encrypted with different results (a very strong security measure).
In other words, hackers can not know the original password, rather try to hash their best guess and see if it opens the sesame (brute force). I suggest, therefore, to fit the reset-password routine into the process of informing new users.

Some users are very lazy (perhaps, not your users) - and if they know their *weak* temporary password - wouldn't even bother to change it. So, if all users have same temporary password - it is a matter of a short time to discover that one could possibly steal the identity and login with this exact same password as another person (a colleague, for instance). So, even if you know that password, try not to expose it anywhere, please..
Hi trendoman,
thanks for the explanation what happens in the DB! I gave up the idea exporting anything form DB.
The same password for all was just for my test purposes, trying to figure out what is going on in DB.

Anyhow, I import users with random passwords, and I thought I should export those random passwords in order to send them via Mail Chimp, so user login in the Profile and change it.

But I totally overlooked :oops: the reset password link ! That makes everything so much easier!
THANKS for pointing that out trendoman!!!
Happy to share :)

P.S. In the process of resetting the password, users are mailed out with their new password in plain form. It might sound bad, but as long as nobody saves those emails on the admin/server side, they are fine. It is a matter of minimal trust to the website (as well as to google, which has all our emails :) ). So, once users have their right to login and change the email *and* no one saves the successful registration mail somewhere (in debug log, for instance), your users should be safe.
That won't be a problem, thanks for pointing out anyway!

But I have an issue with the
<a href="<cms:show k_reset_password_link />">

which should actually be pretty straight forward. I also do not find further information about k_reset_password_link variable on the forum. Any idea, why the link would not work? the live code shows only empty space after "href", not even the "="

Tanja
Hi, I took this variable from samples that KK provided in tutorial about extended users. There were some snippets that covered "lost-password" and other routines. Actually, you are right - there is no way to "find" this variable in the open, unless the routine has started. Fortunately, if we just use a part of it - instructing Couch to generate such link for a certain known user - we get it done.
Example for a user named 'test':
Code: Select all
<cms:process_forgot_password  send_mail='0' username='test' />
<cms:show k_reset_password_link />

There is a trade-off though - Couch sets a context of the user 'test' after executing cms:process_forgot_password tag. It means, for example, if you run cms:dump_all *after* it - you will see variables as if that user was logged in and looking at dump variables - k_user_name, in particular, would be 'test', not your username (which is normally appear in cms:dump_all if you are logged in).
So, take precautions about any calculations, involving system variables and make enough tests to make sure your variables are taken from the right context. This applies to anything that will execute *after* this tag. Above it - no trouble.
@Tanja,

If your project is still a work-in-progress, perhaps you'll find the CSV exporter discussed here useful -
viewtopic.php?f=8&t=11378
HI KK,
thank you for the link!!! I think I will solve this last issue by creating a direct link to users/lost-password.php for the purposes of resetting the initial random password after the import...And since now exporting users in a CSV file functions very well, client will just use the hard coded link to lost-password.php in a mail...

I hope you meant that, cause in this thread I had several issues, but they are all solved now , at least I think so, I am still not finished with the site..

Tanja
19 posts Page 2 of 2