In one application where i am using backpack for admin dashboard. I am sending data(such as 'name', 'email') as encrypting AES256 to stored in the database. Now, I want to retrieve those data and show in the admin dashboard. But the problem is how will I decrypt those data values before showing in the dashboard ?
If you wanna decrypt your data from the database, you can use accessors in your models to modify the shown data.
So, in your users model add this function:
public function getNameAttribute($value) {
// Add decrypt methond in this function
// $name = decrypt($value, 'password');
return $name;
}
public function getEmailAttribute($value) {
// Add decrypt methond in this function
// $email = decrypt($value, 'password');
return $email;
}
I found the decrypt example here https://stackoverflow.com/a/46872528/8653054
Related
I stored a password in database using an encryption key, but now, when the user wants to login in the system, how can I compare both passwords? Each time it gives a different encrypted password..
$first_password = $this->input->post('password');
$password=$this->encrypt->encode($first_password);
Here is my model code
public function validate_login($username,$password){
$q = $this->db->where(['username'=>$username,'password'=>$password])
->get('oss_user');
if($q->num_rows()){
return $q->row()->user_id;
}
else{
return FALSE;
}
My question is: how can I compare the user entered password with the password stored in database?
You can not compare encrypted password this way. First you have get record from database using email id, once you find row of same email id then you have to pass encrypted password which is store in database on this function "$this->encrypt->decode($encrypted_password);", so you get back original password from encryption form and then compare it with password given during login session, please see follow code.
public function validate_login($username,$password){
$q = $this->db->where(['username'=>$username])
->get('oss_user');
if($q->num_rows()){
$desc_password = $this->encrypt->decode($q->row()->password);
if($desc_password == $password){
return $q->row()->user_id;
}
else
return FALSE;
}
else{
return FALSE;
}
I have a update user form with fields such as username, email, password, etc. I need the password field to be empty and to update the users.password field in the MySQL database only when the user has filled in the password field. Is it possible? I use the ActiveForm widget of Yii2.
First of all, it's not an Yii2 ActiveForm issue. It can be possible by following some simple steps.
Create two variables in your model, one for storing password, and another is for repeat password field.
public $REPEAT_PASSWORD;
public $INIT_PASSWORD;
then add afterFind function to set null value to your password field, so it wont be shown to user
public function afterFind()
{
//reset the password to null because we don't want password to be shown.
$this->INIT_PASSWORD = $this->PASSWORD;
$this->PASSWORD = null;
parent::afterFind();
}
and now, write beforeSave function to save user password if user has entered on
public function beforeSave()
{
// in this case, we will use the old hashed password.
if(empty($this->PASSWORD) && empty($this->REPEAT_PASSWORD) && !empty($this->INIT_PASSWORD)) {
$this->PASSWORD=$this->REPEAT_PASSWORD=$this->INIT_PASSWORD;
} elseif(!empty($this->PASSWORD) && !empty($this->REPEAT_PASSWORD) && ($this->PASSWORD == $this->REPEAT_PASSWORD)) {
$this->PASSWORD = md5($this->PASSWORD);
$this->REPEAT_PASSWORD = md5($this->REPEAT_PASSWORD);
}
return parent::beforeSave();
}
I have a Drupal site and a Zend application. The main thing is the Drupal site, where the users are stored & everything.
I want my users to be automatically logged in to the Zend app when they log in on Drupal. The problem is that Drupal changes the session cookie to SESS* where * is some random (EDIT: not random, but based on protocol and domain) string.
Is there any way I can tell Zend to use this cookie as a session identifier and to log the user automatically?
You have to write your own authentication adapter:
class YourApp_Auth_Adapter_DrupalBridge implements Zend_Auth_Adapter_Interface
{
/**
* #return Zend_Auth_Result
*/
public function authenticate()
{
// Check if the Drupal session is set by reading the cookie.
// ...
// Read the current user's login into $username.
// ...
// Create the authentication result object.
// Failure
if (null === $username) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, null);
}
// Success
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $username);
}
}
Then process your authentication:
$adapter = new YourApp_Auth_Adapter_DrupalBridge();
$result = Zend_Auth::getInstance()->authenticate($adapter);
if ($result->isValid()) {
// User is logged in
}
I have search and search but no answer I am using Zend Framework to create a user and on success store the record in zend auth so they are automatically logged in.
I have the create user working perfect but after the success I need to start the _getAuthAdpater() and sign the user in.
I have implemented the below code but it will not store the users data in the session. Here is my function.
public function registerAction()
$proUser = new Application_Model_DbTable_ProUser;
$userId = $proUser->addProUser($data['email'], $data['name'], $data['password']);if($userId){
// add new row into proBasic
$proBasic = new Application_Model_DbTable_proBasic;
$proBasic->addProBasic($userId);
// add new row into proService
$proService = new Application_Model_DbTable_proService;
$proService->addProService($userId);
// Create auth session for proUser
$adapter = $this->_getAuthAdapter();
$adapter->setIdentity($data['email']);
$adapter->setCredential($data['password']);
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($adapter);
if ($result->isValid()) {
$user = $adapter->getResultRowObject(array(
'proId',
'proName',
'proEmail',
));
$auth->getStorage()->write($user);
return true;
}
return $this->_redirect('/auth/probasic/');
}
Here is the _getAuthAdapter() function:
private function _getAuthAdapter()
{
$authAdapter = new Zend_Auth_Adapter_DbTable(Zend_Db_Table::getDefaultAdapter());
$authAdapter->setTableName('proUser')
->setIdentityColumn('proEmail')
->setCredentialColumn('proPassword');
return $authAdapter;
}
I am getting no errors for this code but it isnt store the users details in the Auth. I have found 100's of example of how to create a login/sign up system in Zend and none of them automatically login the user, so I am wondering if I am trying to do something different.
Cheers
J.
You don't really need to authenticate them if you're creating the session immediately after registration. What happens if you replace all your code after $proService->addProService($userId) with just this:
$auth = Zend_Auth::getInstance();
$auth->getStorage()->write($data['email']);
I am attempting to make an authentication plugin. JUser::getInstance() takes one input, and it is supposed to be the id. Is there any way to get an instance of a User using some other indentifier? such as username, email etc.
Probably there isnt any such method. But yes if you are sure that username or email are unique then you can modify your file user.php in libraries/joomla/user/ and add a method there.
getInstanceByEmail($email)
{
$query = "select id from jos_users where email=".email;
// use the code to get the id;
return getInstance($id);
} // this is just a sample code of how it can be achieved
Since Joomla's own authentication is done by checking the user's username (and password of course), it has to be unique. And yes you can do something like what #Rixius suggested.
Here's my version:
// Get a database object
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->select('id, password');
$query->from('#__users');
$query->where('username=' . $db->Quote($credentials['username']));
$db->setQuery($query);
$result = $db->loadObject();
$user = JFactory::getUser();
if ($result)
{
$user = JUser::getInstance($result->id);
}