How to create a feature that resets a user’s password via email

EasyBuilder Pro Q&A
How to create a feature that resets a user’s password via email
none 0.0 0
1
  • HMI Model: cMT3108XT
  • EasyBuilder Pro Version: v6.08.02.515
  • Serial Number or supplier: MSI Tec

We have probably all done this before, you forget the password to your account so you enter a valid email address and you get a verification code emailed to you that lets you change the password to hopefully something more memorable.

A customer would like to implement such a system to change the local user credentials on their HMI’s, I can think of a few ways to potentially implement a system like this, is there any precedented applications or documents that could give me a head start on implementing this feature?

There would have to be a connection to an outside server that could provide a randomly generated access code that the user would have to enter to gain access to setting a new user password.

any additional insight would be appreciated. Thanks!

2

Hi @Cstarr,

Did this customer request that the HMI connect to an external server? I only ask because after reading through the items needed to implement this feature, I believe that all tasks can be handled on the HMI without a separate server.

To summarize, our HMIs can send emails to users via SMTP. In addition, the HMI can generate and manipulate random integers which can be made to consist of a set number of digits. This and other user defined data can be sent to an email address associated with a user-account. If the HMI retains this code without disclosing it, it can be used to verify the user entered code via logic and grant the user permission to change the password.

1 Like
3

The customer didn’t explicitly ask for an external server for the code. I had suggested this while being ignorant to the SMTP capabilities. If everything can be self-contained as you are describing, I think that would be preferable to what I had in mind.

5

How I foresee this working, is that the HMI be configured with an SMTP server as in this tutorial: Link. When a user account is created, they will need to add their email to an unused “Group” using the “Contact editor” object:

Note: The “Contact editor” object supports up to 16 groups, but precautions must be taken to ensure users only have access to this object during initial account creation or while overseen by an admin user.

image
image1103×604 29.4 KB

A separate field should be made such that the user can associate the “Group” with their account. I would recommend storing both the username and “group” within a recipe database: Link
image

When the user needs to change their password, the only stipulation is that they will need to enter their username and group id [optional] to validate their account:

image
image781×309 11.5 KB

After validation a macro may be used to generate a random verification code, here is an example of a macro that will generate a random 5-digit integer:

macro_command main()
int verify = 0

RAND(verify)
while verify < 10000
	RAND(verify)
	DELAY(10)
wend
SetData(verify, "Local HMI", LW, 0, 1)
end macro_command

That code may be read by an “Alarm” using the “Multi-watch” function. This means that 16-alarms will need to be created, 1 for each potential “group” as the alarms send emails via group ID. The alarm triggered (e.g., email sent) should be dependent on the selected group which can be accomplished via Macro:

macro_command main()
char symbal[1]="%"
char Apostrophe[1]="'"
int verify = 0
short group = 0
char name[15]

GetData(name[0], "Local HMI", LW, 0, 15) 
char sql[100] = "SELECT * FROM Accounts WHERE Name LIKE " // form a SQL query
// to search the recipe called "Accounts" for the user's "Name" where "Name" 
// is an item or column in the recipe

// This forms the query via concatenation
StringCat(Apostrophe[0], sql[0])
StringCat(symbal[0], sql[0])
StringCat(name[0], sql[0])
StringCat(symbal[0], sql[0])
StringCat(Apostrophe[0], sql[0])

RecipeQuery(sql[0], n_records) // This sends the query

if n_records > 0 then // if an account actually exists n_records = 1
	RecipeQueryGetRecordID(recordID, 0) // get the record id of that account
	RecipeGetData(group, "Accounts.group", recordID) // get the group id of the account
	
	RAND(verify) // generate verification code
	while verify < 10000
		RAND(verify)
		DELAY(10)
	wend
	SetData(verify, "Local HMI", LW, 0, 1) // set verification code
	DELAY(50)
	SetData(group, "Local HMI", LW, 99, 1) // trigger alarm according to group id
end if

end macro_command

Note: An alarm that checks for a user “group” ID of ‘1’ or “B” may be configured as shown.

image
image483×772 11.4 KB

6

Wow, thanks so much for the super detailed layout. I really appreciate it. This will make implementation much faster.

1 Like
7

@Cstarr,

You’re so welcome! Thank you for posting such a thought-provoking request and please let me know if you have any questions down the road.