Think this is kind of a hard question to phrase correctly. Once the user downloads the app, i want to create a password for them to have to input a password on first time startup. When this password in input correctly, the user never has to input it again and has full access to the app from then on. Can anyone point me in the right direction of a tutorial or guide me in how this can be done? Thanks in advance!
For the easiest implementation, you can use SharedPreference. Store some value named "isFirstTime" or something with a value true. On your launcher activity, check whether this value is false or true. When user will first launch the app, this will be false. Display your password or call any service from which you will send password to user. Store that password in SharedPreference, too. Once the user enters the correct password compare it with the stored value and if the password matches, change the value of "isFirstTime" to false. Now next time the activity is started, according to your condition the user will bypass the authentication and get started with the app.
Related
How to find out that the user has changed the password or not via mail.
I am registering user with email
mAuth.createUserWithEmailAndPassword(id, pass);
and if user asks for forgot password
i send forgot email by
mAuth.sendPasswordResetEmail(email);
But I cannot say or figure it out that the user has changed it via email or not?
How is it possible to figure out that the password is changed or not via email?
I faced the same case few days ago when I required to save user's password in my Database too. But when user change his password via Link it was difficult for me to get user's new changed password. So I did it in the following way
While signing in through App save user's password in SharedPreferences after successful Firebase authentication. So you will always have latest user's password in your SharedPreferences. And now in your case to check user really changed his password or not, you can check if the password which is going to be saved on signin in SharedPreferences is different from the previous one, Its mean it was changed.
If you want to detect whether the user clicked the link in the password reset email, consider setting up your own handler for the email actions. Have a look at the document for inspiration, or at the default page that is used when you don't provide a custom one.
You can attach a complete listener to sendPasswordResetEmail(), and if the email has been sent, you can write in your database inside that user ID a value that will tell you that the password has been reset.
If you need to check that the user has changed the password, you can check at your database whether the user did or not.
For example, a basic structure to check that the user has changed passwords could be this
- UserID
|__ passwordReset
|_____ passwordResetPushID
|___ changed : TIMESTAMP
...
Remember that FirebaseAuth getCurrentUser() could be null at the time of changing the password if you are doing it from the login flow, but it's not going to be any problem if you do it inside your app after the user is logged in.
For the first case, you will need a little workaround, maybe storing into sharedPrefs the latest user logged in ID.
Edit
As Frank's comments, you will need a sort of function that is triggered after the user has reset the password in the browser, this solution will only let you know whenever the sendPasswordResetEmail() has been triggered but not a confirmation that the user has completed the password change, to do that, follow Frank's answer.
As I want to implement the login function same as whatsapp . If the user login in one device using (email and password) .The same login should not happen in another device.How to implement this functionality in android
In my application whenever the user login ,the status value will be change as 1 in database, when the same user if login in another device means it will show popup, already exist,If the previous user logout means value changed as 0.
But my doubt suppose if the user as logged in and uninstall the app means again he cant able to login again because the value changed as 1.
For the above situation how to handle.Please someone help me.
I am not sure, but the following idea may work.
As also mentioned here, save every users' phone ID to your DB as well. (I am also adding the code for helping you, but as I mentioned code was written by someone else in the link above)
import android.provider.Settings.Secure;
private String android_id = Secure.getString(getContext().getContentResolver(),
Secure.ANDROID_ID);
Then, check if the user is trying to log in by using that device which has its ID stored in your DB. If this is the case, directly log in the user. This shows that user deleted the application without logging out.
If the user uninstalled the program in the other device and then enters the application from another device, ask the user to log in again. After user logs in, save the current device's ID in your DB. For security issues, maybe you can store the old logged in device's ID and model and more.
I hope I clearly explained to you the idea. Let me know if that helped or not.
Have a nice week!
You need to maintain session for this. when user logins create and return one sessionId for that user. for all request there after need to pass that sessionId. if same user login from another device overwrite previous sessionId with new one. so that based on that first users request will be invalid. and one user is login on one device only
I have an app which allows to remotely lock other phones named "Parental Lock".
In the app, users can put a password for a time to their "children"s phone.
The problem is when the time specified by the "parent" ends, I want to remove the password given by the "parent" and restore the original one if there was.
For now, when the time ends, I am removing the password via device manager from the phone but to restore the old password put by the user itself long before, I must get the password info.
The get the password, the password itself had to be encrypted in first place (with yet another password, brr).
And the rule #1 says: never ever encrypt passwords, use hashing algorithms with a salt to store them.
I was working on an android app and trying to create a login activity and I asked myself one thing. Of course it is possible create a login activity with the possibility of storing the username/password with all the security problems concerned, but is it possible create an activity in which a user can put his login name and automatically the app retrieves the password? It would be great!
well, Macho its not good stuff because anyone can sniff your username since it is not type of password. But as you ask, it can be possible as user enters username and unfoccussed the edittext you can fetch password from sharedpreferences or may be from sqlite database and show in password edittext.
Yes that is possible. You should be aware however that if the phone is lost or stolen, the new "owner" of that phone could be automatically logged on.
I'm loading a webpage (for example mail.yahoo.com) in a webview. After entering username and password an AlertDialog shows asking me if I wanna remember the password which I do.
The thing is that after logging out, if another user wants to login, after he enters his own username and password, the AlertDialog asking whether to remember the password does NOT show anymore and so the old username and password are remembered.
What I want is a way to set the webview to remember the latest username and passwords that were entered. Cause (for example) if the users enters wrong username or password for the first time (after app is installed) and checks them to be remembered he wont't be able to modify the wrong entered ones and save the correct ones instead.
That is correct, the only way to do it. If you change a password you will need to reset everything with the stock app.
Try to clear user and password first in WebView Database with this code:
WebViewDatabase.getInstance(this).clearUsernamePassword();