I stored a password in database using an encryption key, but now, when the user wants to login in the system, how can I compare both passwords? Each time it gives a different encrypted password..
$first_password = $this->input->post('password');
$password=$this->encrypt->encode($first_password);
Here is my model code
public function validate_login($username,$password){
$q = $this->db->where(['username'=>$username,'password'=>$password])
->get('oss_user');
if($q->num_rows()){
return $q->row()->user_id;
}
else{
return FALSE;
}
My question is: how can I compare the user entered password with the password stored in database?
You can not compare encrypted password this way. First you have get record from database using email id, once you find row of same email id then you have to pass encrypted password which is store in database on this function "$this->encrypt->decode($encrypted_password);", so you get back original password from encryption form and then compare it with password given during login session, please see follow code.
public function validate_login($username,$password){
$q = $this->db->where(['username'=>$username])
->get('oss_user');
if($q->num_rows()){
$desc_password = $this->encrypt->decode($q->row()->password);
if($desc_password == $password){
return $q->row()->user_id;
}
else
return FALSE;
}
else{
return FALSE;
}
Related
In one application where i am using backpack for admin dashboard. I am sending data(such as 'name', 'email') as encrypting AES256 to stored in the database. Now, I want to retrieve those data and show in the admin dashboard. But the problem is how will I decrypt those data values before showing in the dashboard ?
If you wanna decrypt your data from the database, you can use accessors in your models to modify the shown data.
So, in your users model add this function:
public function getNameAttribute($value) {
// Add decrypt methond in this function
// $name = decrypt($value, 'password');
return $name;
}
public function getEmailAttribute($value) {
// Add decrypt methond in this function
// $email = decrypt($value, 'password');
return $email;
}
I found the decrypt example here https://stackoverflow.com/a/46872528/8653054
i am using php mysqli coding,i create sign up form and login form both are working separately but now i want to provide login after sign up successfully.
this is my sign up code:
{
# insert data into mysql database
$sql = "INSERT INTO `users` (`id`, `username`, `password`, `phone`, `email`)
VALUES (NULL, '{$name}', '{$password}', '{$phone}', '{$email}')";
$query="SELECT * FROM users WHERE email= '$email'";
if ($mysqli->query($sql)) {
$reslt=$mysqli->query($query);
$usr=$reslt->fetch_array();
$_SESSION[user_email]=$usr['email'];
redirect_to("profile.php?email={$_SESSION['user_email']}");
} else {
echo "<p>MySQL error no {$mysqli->errno} : {$mysqli->error}</p>";
exit();
}
}
I tried this way but insertion operation is doing properly but page is refreshing and not redirecting to "profile.php" which is i mentioned in code
first of all, I would suggest that for for a login you check both email and password. Your query should look like:
$query="SELECT * FROM users WHERE email= '$email' and password = '$password'";
Next, if ($mysqli->query($sql)) { just verifies if the sql operation has succeeded. If the user and password are wrong, the sql will succeed but you will have no rows returned.
What you have to do is to verify that you have only 1 row returned by the query. In fact your code should more look like:
...
// check how many users correspond to the query
// ! the result will be an arry
$users = $reslt->fetch_array();
// if I have only one user, login is successfull
if(count($users) === 1) {
$_SESSION['user_email'] = $users[0]['email'];
} else {
// login failed
}
...
I have a update user form with fields such as username, email, password, etc. I need the password field to be empty and to update the users.password field in the MySQL database only when the user has filled in the password field. Is it possible? I use the ActiveForm widget of Yii2.
First of all, it's not an Yii2 ActiveForm issue. It can be possible by following some simple steps.
Create two variables in your model, one for storing password, and another is for repeat password field.
public $REPEAT_PASSWORD;
public $INIT_PASSWORD;
then add afterFind function to set null value to your password field, so it wont be shown to user
public function afterFind()
{
//reset the password to null because we don't want password to be shown.
$this->INIT_PASSWORD = $this->PASSWORD;
$this->PASSWORD = null;
parent::afterFind();
}
and now, write beforeSave function to save user password if user has entered on
public function beforeSave()
{
// in this case, we will use the old hashed password.
if(empty($this->PASSWORD) && empty($this->REPEAT_PASSWORD) && !empty($this->INIT_PASSWORD)) {
$this->PASSWORD=$this->REPEAT_PASSWORD=$this->INIT_PASSWORD;
} elseif(!empty($this->PASSWORD) && !empty($this->REPEAT_PASSWORD) && ($this->PASSWORD == $this->REPEAT_PASSWORD)) {
$this->PASSWORD = md5($this->PASSWORD);
$this->REPEAT_PASSWORD = md5($this->REPEAT_PASSWORD);
}
return parent::beforeSave();
}
there is a custom login form that should give users access to certain contents on the same page. That works so far with Users stored as Members in the SS database and I was checking after Login if the user has permissions like this in the Page Class:
function isAllowed() {
if (Member::currentUser()) {
$PresseGroup = DataObject::get_one('Group', "Code = 'presse'");
$AdminGroup = DataObject::get_one('Group', "Code = 'administrators'");
if (Member::currentUser()->inGroup($PresseGroup->ID) || Member::currentUser()->inGroup($AdminGroup->ID)) {
return true;
}
}
}
in the Template I just did this:
<% if isAllowed %>
SecretContent
<% end_if %>
OK so far, but now the users will not be stored in the silverstripe database - they are stored on a another server.
On that external server is running a little php script accepting the username and password. The script just returns user has permission: true or false.
I´m calling that script via cURL.
I planned to overwrite the dologin Function of MemberLoginForm. Now I just wonder how to check after Login that the User got the permission and display the contents... I tried to set a variable in the controller of the Page or should I set a session Variable? Thats my attempt (CustomLoginForm extends MemberLoginForm):
public function dologin($data) {
if(userHasPermission("user1", "pw")==true){
$this->controller->Test("test");
}
$link = $this->controller->Link();
$this->performLogin($data);
$this->controller->redirect($link);
}
I hope someone can help me with that - I know very specific - problem.
Many thanx,
Florian
In SilverStripe you can create a custom authenticator, which means users can log in on your website with accounts that are stored somewhere else, or even just a hard coded user and password.
You can check out the OpenID Authentication Module for example code on how to do it
But for your task this might even be to complex of a solution, how about after login just do something like Session::set('isAllowed', true); and to check if the user is allowed to view:
function isAllowed() {
if (Member::currentUser()) {
$PresseGroup = DataObject::get_one('Group', "Code = 'presse'");
$AdminGroup = DataObject::get_one('Group', "Code = 'administrators'");
if (Member::currentUser()->inGroup($PresseGroup->ID) || Member::currentUser()->inGroup($AdminGroup->ID)) {
return true;
}
}
// if Member::currentUser() is not allowed to view,
// return the session, which is either set to true or it returns null if not set
return Session::get('isAllowed');
}
I am attempting to make an authentication plugin. JUser::getInstance() takes one input, and it is supposed to be the id. Is there any way to get an instance of a User using some other indentifier? such as username, email etc.
Probably there isnt any such method. But yes if you are sure that username or email are unique then you can modify your file user.php in libraries/joomla/user/ and add a method there.
getInstanceByEmail($email)
{
$query = "select id from jos_users where email=".email;
// use the code to get the id;
return getInstance($id);
} // this is just a sample code of how it can be achieved
Since Joomla's own authentication is done by checking the user's username (and password of course), it has to be unique. And yes you can do something like what #Rixius suggested.
Here's my version:
// Get a database object
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->select('id, password');
$query->from('#__users');
$query->where('username=' . $db->Quote($credentials['username']));
$db->setQuery($query);
$result = $db->loadObject();
$user = JFactory::getUser();
if ($result)
{
$user = JUser::getInstance($result->id);
}