I am working on forgot password and i want to send the new password using rand() . After sending the password to customer email i want to update the new password with hashing but i do not know how to do this ? Please help me to solve this ?
code:
$hash = Security::hash('CakePHP Framework');
error : Class 'App\Controller\Security' not found
Just use the following line in the controller.
use Cake\Auth\DefaultPasswordHasher;
Now you can use the following code to hash your password manually.
$password = "Your Password";
$hasher = new DefaultPasswordHasher();
$hasher->hash($password);
Related
First of all im Using TYPO3 Version 8.7.
The current problem i'm facing regards authentication of FrontendUser (fe_user) stored on a given page (in this case pid 168).
Apparently i'm trying to authenticate user with given credentials sent by a mobile application. I'm able to parse the user data and perform an authentication:
// plain-text password
$password = 'XXX';
// salted user password hash
$saltedPassword = 'YYY';
// keeps status if plain-text password matches given salted user password hash
$success = FALSE;
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
$objSalt = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltedPassword);
if (is_object($objSalt)) {
$success = $objSalt->checkPassword($password, $saltedPassword);
}
}
While debugging this code snippet, i recognized the password sent by the user via Request, which gets encrypted with the given Salt algorithm change every time i retry this request. I'm not sure how to get a correct authentication, if the password changes constantly.
The $objSalt object contains the right Hashing Method($pbkdf2-sha256$25000), the password stored in the Database starts with the same prefix, but the actual payload is different.
So What is the exact problem or whats the thing i'm missing in the above code to complete the authentication?
Thanks for your help
BR,
Martin
the password sent by the user via Request, which gets encrypted with the given Salt algorithm change every time i retry this request
Yes, that because the salt is changed every time.
You should retrieve the salting instance with:
$instance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']);
Hi I'm trying to display the logged in username in a text field. Before I started using parse I would simply say let Account = NSUserDefaults.standardUserDefaults().stringForKey("userName") then say self.textfield.text = "Account: " + Account!).
Now that I'm using Parse and my username is stored in a server I'm not sure how to access the string that would be the username so I can use it in a label
Please help. Thanks
Assuming everything else is set up correctly, you should be able to use PFUser.currentUser().username.
I have a cakephp site, built by another developer that sends emails with a vender ('smtpmail'), this has worked fine in the past but just migrated to another server and I am now getting the below error.
can't find anything like this on google, anyone else seen this?
authentication failure [SMTP: Invalid response code received from server (code: -1, response: lid mail address 'no-reply')]
I have set up all the needed configuration
private $host = "mail.example.com";
private $pure_host = "example.com";
private $port = "25";
private $username = "no-reply";
private $password = "****";
(example not the actual name of the site!)
Any suggestions much appreciated
check if the private $username = "no-reply"; is an actual existing email account, maybe your server needs the full username to log in eg: private $username = "no-reply#urdomain.com"; make sure your password is also set.
And I need to secure some area's on my web store for admin use.
The problem is the authentication of the user: the salt + hash is failing.
This is my code for creating a password (using PHP5.x):
$salt = rand(0, 999999999999);<br>
$passEncr = sha1($pass1 + $salt);
This variable $passEncr is inserted into the database together with its salt.
At the login page I've got the following check:
$password = $_POST['password']; // hash+salt in the database
$storedSalt = $row['salt']; // salt from database<br>
if (sha1($password + $storedSalt) == $row['password'])
Now the problem I'm experiencing is that some hashes appear to be the same.
If I try to log in with an alphanumeric password, I succeed, no matter what the content of that password is.
Full login check here: http://pastebin.com/WjVnQ4aF
Can someone please explain what I'm doing wrong?
Well, SQL injection, using SHA for passwords instead of bcrypt are the first things I see, not using OpenId so you can get out of the business of storing passwords is another.
As for the passwords being the same, I would check the database -- see what you are storing, that will tell you where your problem lies.
I'm building an e-commerce website using magento 1.6.1.0. I'm using one extension that will force users to login before entering into website. Everything is going fine the problem is only with forgotpassword reset link. That extension is blocking this reset password link also. I didn't got any support from that extension team.
Today morning i worked in email template to change magento default logo. At that time i got one idea that while creating a new account we'll get a details of email, password. why can't we use that email template instead of reset password link template?
I tried copy pasting all contents from account_new.html to account_password_reset_confirmation.html from app/locale/en_US/template/email
After doing these changes i got a email with emailL:xxx#mydomain.com & Password:
I got the mail as empty password field.
Please guide me to change the template of forgot password from account_password_reset_confirmation.html to account_new.html so that i can send the password directly.
may i have your code to debug if you use
$customer = Mage::getModel("customer/customer");
$customer->setWebsiteId(Mage::app()->getWebsite()->getId());
$customer->getPassword();
it wont work.
password will be encrypted in the database. so you cant make use of it. the only way is generating new password and update it in the database and send the new password to the user mail.
sample code to generate custom password
$alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789"; //Random password generation
$pass = array(); //remember to declare $pass as an array
$alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
for ($i = 0; $i < 6; $i++) {
$n = rand(0, $alphaLength);
$pass[] = $alphabet[$n];
}
$newpassword =implode($pass);