‘Getting back onto Facebook’-like email with Drupal 7
When you enter the correct email, but got the password wrong in Facebook’s login form, it sends you a ‘Getting back onto Facebook’ email, with a big ‘Get back on Facebook Now’ button, that auto logs you into Facebook. Here is how it looks:
Its a good retention tool. Anything that simplifies the experience for clients coming back to a site helps. A client may be frustrated from failed logins and continue with her business elsewhere, without going through the ‘forgot your password’ procedure. A proactive email arriving just before frustration looms has much better chance of retaining this customer.
Fortunately it’s easy to implement it in Drupal. Below is the approach we took; When a client fails to login due to password errors N times within an hour, a rule is triggered to send the email. The rule definition and the code to create the auto-login link are not included here.
By default Drupal 7 prevents brute force attacks on accounts. It blocks login by a user that has more than 5 failed login attempts (within six hours) or an IP address that has more than 50 failed login attempts (within one hour). Drupal maintains a ‘flood’ table for this purpose and registers the failed login events there. Drupal adds a validation function user_login_final_validate that runs last and adds this logic. We add another validation function that piggybacks on it to send the ‘Getting back’ email. We use the events added to the flood table to figure out if the email needs to be sent or not. Here is the code:
The same day this feature was uploaded to production a client used the email to get back to Swifto and scheduled some dog walks. Facebook is always right!