I want to create a unique user name for my users, but this will be not system generated. Users can choose his/her user name.
DB
MongoDB
Ex
Github user name
Current process
sign-up
get a verification link on the email
go to the link, like example.com/verify?token=xyz...
On verify page user can enter a user name, that user name must be unique across the DB.I don't want to keep duplicate user names.
Many websites have implemented this feature, like Github, GitLab, etc. But, I have explored some web about implementing this feature and I didn't get the desired result.
After entering the user name in step 3, the browser will make a POST request to the server.
Server will then check the DB that if this user name already exists or not, if this already exists then throw an error or process the user name otherwise.
This is working on my local PC, but I am not sure whether this will work when multiple users make a request with the same username within a time interval. Then, in this case, there may be some duplicates in DB.
case
There are two users A and B wants to create their user name on the system at the same time.
both are requesting the same user name
A: make the request for the user name u1
Server: check for A's user name is present or not in DB
B: make the request for user name u1
Server: A's user name is not present, save u1 as A's user name
Server: B's user name is not present, save u1 as B's user name
You can see, in the end, both users's haveing the same user name.
Is there any way to avoid this??
The solution depends on your Database. If you are using SQL database, you can just add UNIQUE constrain to the field, so the database will enforce the uniqueness of an attribute value in the table. The first row will be inserted while another row will fail to insert with an error that the field is not unique.
Speaking of MongoDB, you also have a unique index.
-> As the above answer suggested have a unique constraint on DB for user name and if the insert didn't happen send an error response stating username already taken also
-> We do not need to wait until the user submits the request, as the user types in the user name, call an API to check if the username already exists, and while calling this cancel the previous request which we haven't got a response back. For example when the user types vi you send a request and it is still in progress but the user has typed vig now before sending the new request with 'vig' data, cancel the previous request. ( Ans simultaneously show the status whether taken or not as you get the responses )
This improves the user experience.
-> The cancelling of the requests can be done using cancel tokens in Axios, if you are going with Axios.
For MongoDB:
If you can create an additional unique index based on a combination of fields, can't you use an additional dummy field ( which has the same data for all users), so now your username would stay unique? (I haven't used MongoDB a lot to be sure of this. )
OR this is mentioned in the Mongo DB documentation , create a proxy collection to maintain this username as a unique key, following the first segment in the below document
https://docs.mongodb.com/manual/tutorial/unique-constraints-on-arbitrary-fields/
Related
I am trying to create a customer feedback management program in which a link to a page is sent to customer. The link sent to each customer is different(but each customer should land on the same page as it clicks the link) so that no non customer can use the link and each link expires as soon as the customer uses that link( same case as when you try to change Oracle Corporation password).The url(link) should be so that each customer's social security number e.g "35202-6641939-8" and customer's tracking id e.g "10901540381" are combined and then encrypted and then appended to the url(link) which is e-mailed to the customer. But even though the url of each customer is different , even then each customer should land on the same page. My priority is that a Java component(servlet) which handles the above mentioned scenario be created. But don't know how to implement the above mentioned scenario.
Regards!.
Here's an idea:
When you create the link, generate some UUID (see UUID.randomUUID()) and put the uuid, the SSN and the tracking ID in some DB (a file could do the job if you really can't use a DB). => The link for the customer http://www.foo.com/somepath/<UUID> (the servlet is mapped to /somepath/* in this example)
Now the customer click the link, you get the DB record using the UUID, and you then have the SSN and tracking ID. Do something then purge the DB record (side note, you probably want some "batch" to purge old, non used links)
No encryption required.
I am working on project which used Maximo Asset Management program. Our customer wants to know client IP when any person create new service request. I have searched on the internet but I can't find any topics about that. I 'm working with Java on businessobjects , I have took IP but this IP was Server's IP , as you know that Maximo run on server therefore it shows server ip , but I want to take which user/client create new service request.
In Maximo
Go to->Security->Users
Select Action -> Manage Sessions
Click on arrow to expand info on any logged in user
Here you can see Name and Client Host (ip address of user)
Click on the client host field and hold down alt+i to see the database table and field for this. The result MAXSESSION.CLIENTHOST is the table MAXSESSION and the field is CLIENTHOST.
If I can take #davejal's answer a step further, you could try the following:
Create a relationship called MAXSESSION from PERSON to MAXSESSION where userid = :personid. Note that if MAXUSER.USERID != MAXUSER.PERSONID in your system then your relationship will have to be "upgraded" to userid = (select userid from maxuser where personid = :personid).
Create an attribute on TICKET called REPORTEDBYIP same-as MAXSESSION.CLIENTHOST.
Create a crossover domain called TKREPORTEDBY against PERSON.
The Validation Where Clause should be personid = :reportedbyid.
Have a row in your Crossover Fields table where Source Field is MAXSESSION.CLIENTHOST and Target Field is REPORTEDBYIP.
Apply the TKREPORTEDBY domain to the TICKET.REPORTEDBYID attribute.
A known problem with the above is that if the user is logged in twice from different IPs, it is unknown which one will get crossed over onto the ticket / SR. You could upgrade the where clause in the relationship to always get the alphanumerically lower or higher one, using max() or min(). Or you could change the relationship to find the latest LOGINTRACKING record and use that. But again, there's no sure way, in such a situation, to guarantee that the IP you record will be the one they created the ticket from. But still, this solution is a step in the desired direction.
I am developing a web application that needs to prevent multiple login using the same user name and password concurrently.
If it happens on the same machine then we need to do something with the user session, but it should also prevent if they are login on different machines using the same user name and password.
What can be the best approach :-
1) should i store the user session,credentials,and IPAddress of the machine in the DB.
2) should we use the session tracking mechanism in the application itself.If so what is the best approach?
Also , We have to keep following things in mind:
1) If user close the browser without logout.
2) If session times out.
Hope it clears the question.
Besdies data base hits (which could fail if your server is broguth down without updating db) : A data base friendly way is not to hit the data base for every re login or you could get denial of service attacks that brig you dowm. Instead implement a session listener in J2EE and check if same user is logged in by looking up the user id in a cache.
If you have more than one app node then need a distributed cache with a time out same as session time out in web.xml.
Simply have a field in your database that has text that says online or offline for each user, according to whether they are logged in or not. So when someone tries to log in with that username, check the database if the field says online for that given user on submit. If the field says online, don't allow log in. Otherwise permit it.
without using a database
you can store if a user is online in a text file
$check= "onlineCheck.txt";
$fh = fopen($check, 'a') or die("can't open file");
$nowOnline= "USER678 \n";
fwrite($fh, $nowOnline);
I'm developing a website with using struts2 and hibernate as back end. In many sites after you sign-up, a link will be sent to your email and after clicking on that the registration is complete. I want this feature on my webstie, but I don't have any idea how to do this and how is this working? i needsome example to do this....
I have never messed around with struts, but basically what you could do would be to send an email with a link which directs to a specific page. When a user signs up to your website you could save, amongst other things, the email address of the user, the time stamp of the registration and also a key (could be the hash of the email and password, for instance).
You then construct the link and include the email and key in the query string. Once that the user clicks the link, in your page you make a check to see that the user is still within some time frame (optional) and that the email given matches the given key (which you have stored in the database).
If the email and key match, then activate the account.
This is broad question but I am answering based on verification
1. You need a signup page with form example /signup.jsp
2. After basic fields and email validation, generate a code xyzcode for this email,
3. Send email to user email, using a mail server with a link to your link validation page like
/validate.jsp?code=xyzcode (mail server setup and sending email is beyond the scope of the answer)
4. On validate.jsp check code and validate any email with this code otherwise give respective error message.
There are multiple approaches but I am suggesting one which will be easy and as per standard..
In user table add extra column as Status [which can take two values either inactive or Active]
create one more table(emailauthentication) where columns will be (key,emaiId)..
Now what u have to do is after user click submit with registration data...gnerate a dynamic key..could be timestamp+emailId(or anything dynamic and unique) and create record in user table with status as inactive and create record in emailauthentication table with this generated key and emaiId..now after record is created generate a URL which could be like
<a href="doAuthenticationForUser?authenticationId='dynamicKey'"/>Click to authenticate</a>
Now when user clicks this URL then in the action class or Service for this authenticationId find the emailId and make the column status as active..
It is true it is quite big to answer the question.
I knew one link which has the best answer given by BalusC
Here is link:better answer.
I have implemented in my project. I hope this link will help others.
Thanks for reading.
I am making a School management system. In this system, first we have to create a user which gets stored in MySQL Database of Usernames and Passwords. But I am stuck at that step where we have to verify the user. How can I do that? I just need a rough idea guys..:)
I am not sure what you mean by "verify the user" but if you mean by checking if the user is actually in the database, use SQL syntax similar to this:
select username from usertable where username = 'username';
If you have a row returned, then you know that the user is in the database.
Verifying could imply several things among :
- checking if the user exists
- checking if the combination username/password is valid for authentication
- checking if the user profile is valid to interact in your application
This list is most probably not complete