Page History

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

Status
subtletrue
colourGreen
titleNEW V2.9
 In order to increase the security, a new reset password procedure allows the end user to change the password without sending a password unencrypted by email. The end user receives a link in order to change his password.

Solution

On-line procedure

1. As in the current solution, the user enters the Ticket Shop, displays the Sign In page, and clicks on FORGOTTEN YOUR PASSWORD? Then, he enters his email address and clicks on button RESET PASSWORD. Request is completed with success message Your request has been registered. You will receive an e-mail including a link that will allow you to reset the password. If you don't receive the email, it means your account has not been created. Please repeat your request.

2. The user receives an email that contains the URL to open the Reset password page, he clicks on the URL

3. The user is prompted to new Ticket Shop page Reset password, with the option to enter and re-enter new password, password should be input followed valid format, otherwise require user to input other one.

Image Added


If the password is changed correctly, user is logged in the Ticket Shop and is prompted to Account homepage with new message Your password has been changed successfully.

Image Added


Info
titleCharacteristics of the reset password link

Following measures have been taken to ensure a very high level of security:

  • The link is valid during 48 hours. Once the link is expired, the internet user will have to click again on FORGOTTEN YOUR PASSWORD? in order to get a new link.
  • A link can only be used once
  • The link is protected against forgery by means of a digital signature. In other words, a dishonest internet user has no chance to reset the password of another contact by modifying the link.

Box office procedure

The box office operator can trigger the new reset password procedure from the list of contacts screen (button RESET PASSWORD).

Image Added


The new reset password procedure can also be triggered from the contact detail screen by clicking on the reset password button.

Image Added

After having clicked on the reset password button, the pop-up below will be displayed:

Image Added

The operator has to select the document type matching the reset password email (it will be selected by default if there is only one) and the point of sale on which the reset password link will be based.

An email containing the reset password link is also sent to the contact in following cases

  • The operator creates a new contact with an internet account
  • The operator creates an internet account for an existing contact

Getting started

  • The feature is available automatically.
  • You can customise the email sent to the end customer and containing the reset password link by updating the document template of the document belonging to document class Reset password (menu institution context > initialisation > Document types, search document of class Reset password)

The document STX_PASSWORD_RESET_en.docx provides you an example of a template. The same document template is used in case of reset password or creation of a new internet account. If you want to change the subject of the email or translate it in other languages, please make sure to change only the subject displayed in bold in provided template.

Warning
titleLimitation

You cannot use the new reset password procedure, neither on the Ticket Shop nor on the box office, if you haven't set-up any internet point of sale.

Context

The payment with the ESR payment slip is very common in Switzerland and is already provided by SecuTix. However, the ESR is intended to be replaced by the new Swiss QR invoice that is being introduced progressively since the 30th of June 2020. From now on, you can migrate to the Swiss QR invoice and benefit from following advantages:

  • Get more detailed payment information in electronic form, since the QR code contains more information than the coding line of the ESR slip
  • QR codes are easier to scan, thus reducing the error rate
  • QR invoices may be printed on standard blank paper

From the SecuTix point of view, you can decide when you want to migrate, but you have to take into account possible constraints defined by your financial institution.

Solution

If a tracking number is provided, the internet user will receive an email like this:

Image Removed

The email received in the absence of tracking number is quite similar:

Image Removed

The internet user may also follow his tickets from his user account:

Getting started

  • If relevant, customise the email to be sent to the end customer by modifying the template of document class "Follow shipment"

Image Removed

  • If tracking numbers are used, create a distributing partner interface and specify the format of the tracking URL You don't have to create schedules

Image Removed

  • Run the function to export the colour tickets (unchanged). This function belongs to the printer interface (not to the distributing partner interface).
  • Import the printing status file received from your printing company. The file format is unchanged. Click the new check box highlighted in green in screen below

...