I used Laravel 5 version with Sentinel package for authentication. I followed this instruction
Registration works fine. but login not return anything.
$credentials = [
"email" => 'test#gmail.com',
"password" => 'password'
];
$user = Sentinel::authenticate($credentials);
print_r($user);
exit;
$user returns empty even I given correct email & password.
(eg: Data)
Users table has the following data
Email Password
test#gmail.com $2y$10$Wu2dY8zQNJPBR
Anyone direct me, how do I debug this issue to fix it? or any useful ideas. Thanks in advance.
I finally fix this issue. Sometime we can not find the small problem :)
The problem is password length which was changed by me 20 characters. But sentinel encrypting the password before storing to db table. this encrypted length is more than 20 characters.
Partial password only stored in the DB. that's why Login was not working.
I changed the following line in migration
$table->string('password', 20);
to
$table->string('password');
So now the password length should be 255 character which is VARCHAR default length.
Related
I am wondering if the updateOrCreate method in Laravel has a way to skip some information in case the record exists in the database. For example, I wanna be able to search for users, and assign a password if the user is to be created, but not if the user already exists.
Say, I have 3 data for a user, $email, $info and $password. The search criteria would of course be $email, then maybe $info needs to be updated for whatever reason, while $password should only be given if the record is new.
Is there a 'do not update' parameter for updateOrCreate where I can put the password?
User::updateOrCreate(
[
'email' => $email // These parameters are the search criteria, but also used on create
],
[
'data' => $info, // These parameters are the values that will be updated if exist
],
[
'password' => $password, // These parameters are used only in create but are not search criteria
]
);
There are so many questions I would have love to ask to fully understand your organization's process.
1.How did the information get to the db at the first place if the user has not be created?
2. Why can't the password be generated when creating the info into the db at the first place
But I guess all these might bore down to design issue so, I think would say you can create a regular expression that would match your organization document number pattern and use it to check for new user through a loop and the assign password to such ones.
I'm trying to clear a user's password, so the old password becomes useless and the User must choose a new one, but if I try to set a null or empty password I obtain:
Cartalyst \ Sentry \ Users \ PasswordRequiredException
A password is required for user [mickeymouse], none given.
This is my code, any idea? Thanks
// clearing the user's password
$user->password = null;
$user->save ();
$code = $user->getPasswordResetCode ();
// ...send code by email
You might be able to alter the database and allow it to be nullable() - but I dont think that is a good idea. Pretty much every single password related function is going to assume there is something in the database to compare to.
So rather than try for something complicated - just changed their password to something random - and you have achieved the same outcome:
$user->password = str_random(60);
$user->save ();
Now their password is useless :)
On my users table I have a 128 char 'hashed_password' field. In my User_model I have functions to encrypt and decrypt the password. When encrypting I randomly generate a salt and it gets stored in the first 64 chars of hashed_password field. The hashed pw result gets stored in the last 64 chars. When decrypting I do the reverse.
As I guess is almost universal, there is never a plaintext password to display.
So, when my users (through grocery_CRUD) are adding/editing a user I thought it was possible to include fake fields: "password" and "passconf" to the add & edit forms with the following:
$crud->fields('username', ... <other fields> ... 'password', 'passconf');
Just to be crystal clear - the "password" and "passconf" fields DO NOT exist on my users table. I just want my users to input the new password there then deal with it in my own way.
But it doesn't work. By that I mean the add/edit form renders with the two fake fields correctly (validation below works correctly) but if I try to update any other user information then 'Update Changes', that action fails with "Loading" graphic spinning briefly but not updating the database.
I have tried replicating this on a VERY simply grocery_CRUD form with no other complexity and get the same behaviour: the form renders correctly but will not update the db.
Is it even possible to use fake fields? Am I missing something?
Is grocery_CRUD trying to do something with these fields behind the scenes that is causing the db update to fail?
I had then hoped to do the following:
$crud->set_rules('password', 'Password', 'callback_valid_password');
$crud->set_rules('passconf', 'Password Confirmation', 'matches[password]');
$crud->callback_before_insert(array($this,'encrypt_password_callback'));
$crud->callback_before_update(array($this,'encrypt_password_callback'));
function encrypt_password_callback($post_array, $primary_key = null){
if ($post_array['password'] <> '') {
$this->User_model->set_password($post_array['username'], $post_array['password']);
}
}
function valid_password($str) {
//do some pw validation
return TRUE;
}
I have solved this problem using insert and update callbacks then encrypting the password then unset(ing) the offending 'password' & 'passconf' fields before the insert or update db call.
I'm using Tank Auth for my website.
I've searched for a function that would check if user has entered a valid password, when he tries to update his profile.
I don't understand how to hash password from user input that would match one in database.
Here's my controllers code:
$password = $this->input->post('password');
$hasher = new PasswordHash(
$this->config->item('phpass_hash_strength', 'tank_auth'),
$this->config->item('phpass_hash_portable', 'tank_auth')
);
$hashed_password = $hasher->HashPassword($password);
$hashed_password gives me different hash each time
I dont think that i should enable phpass_hash_portable
Any advices?
You need to use the CheckPassword module of the Tank Auth instead of hashing it by using the PasswordHash of the phpass.
You can check your password by using this function:
$hasher->CheckPassword(password which has to be checked,password from database).
instead of encrypting yourself.
Note: password which has to be checked => is raw data
password from database => password from database.
Is there any way I can access the admin account of a website built in Joomla,if I dont have the password for the admin account.I do have all the privileges on the server. Please let me know your suggestions and opinions.
The password is stored in the MySQL database jos_users table password field. (change this for your table prefix if different)
Use a MySQL utility such as phpMyAdmin or MySQL Query Browser to edit this field.
Open the table, find your admin username, and then select that row for editing.
The password must be hashed (MD5), you cannot simply enter text into this field.
Set the password to a known value eg:
- admin = 21232f297a57a5a743894a0e4a801fc3
Source: http://forum.joomla.org/viewtopic.php?t=10985
The admin password you can find it in {DB_PREFIX}_users, the password is hashed (MD5) ...
Well it's a little more complicated than that, the hash is formed like {hashedpassword}:{hashedsalt}, the hashedpassword is formed by md5(password.hashedsalt) ...
so you can make a little script to echo a new password ...
<?php
$psw = 'hashedpassword:hashedsalt'; // you copy the entry from the db here
$newpassword = 'newpassword'; // your new password
list($hashedpassword, $hashedsalt) = explode(":", $psw);
$newpsw = md5($newpassword.$hashedsalt);
$output = $newpsw.":".$hashedsalt;
echo $output; // this is what you put in the db
?>