can someone please explain me the logic of forgot password procedure i.e how can I implement a forgot password logic while using codeigniter framework.
For forgot password, first take user id i.e. User email for authorizing him i.e. search in your database where any user exist of such email...
Now after authorizing, generate random password and at the same time update that database entry with random password and send that random password to the user via Email....
After user login with that user ask user to update his/her password
Related
I created a new application in apex and by default the login page got created.
Now when i run the application, what username and password should i put to enter?
I am confused as to which table stores the login and password.
The login page has itemsfor username and password and in processes uses apex_authentication.login(username item....& password item).
So how do i figure out what my username and password is?
This is my first time trying to create an apex application.
If you didn't create any additional users, then provide your workspace's username and password.
I am working on a Laravel project. I need to be able to create a user, mark that user with a number for their 'plan_id', and then invite them to log in and change their password. Currently, I am creating a user, adding the 'plan_id', and setting the password to a generic term like 'password'. I don't have info like their SSN or DOB that I could set it to initially.
While this does work, I don't know that it follows best practices. The only other thing I can think of is setting up another table that matches up the user's email address to the 'plan_id'. I don't want to do this because it makes it possible that the user accidentally signs up with another email and can't figure out why their portal is not working.
It doesn't sound like a great idea to set all new passwords to "password". It looks like your application is creating users, then letting each user know they have an account, as opposed to the user initiating this process. This would mean that you can't have the user pick a password.
Consider not creating a password at all, but sending an email to each new user containing a link to your system with a unique key that you store in the database user record. The user could then access the system, and it would ask them to pick an email and password to be registered with. You could have the keys expire after a number of days.
The easiest way to do this would be to generate a completely random password for the user and then email them a password reset link. The potential pitfall of this is that password reset links expire, by default after 1 hour though you can change it in config/auth.php.
i want to ask
is it possible for admin to set up username and password for the employees without the employees need to register their username and password?
if it is possible, how should i do that?
p/s: i'm sorry. i'm new to Laravel
I would like to know if it's a good practice in terms of security to send the decrypted password to a new user by email. Someone could tell me his feeling?
If i would like to send the password decrypted should i use this ?
$decrypt= Crypt::decrypt($user->password);
thanks a lot in advance
You can't decrypt hashed password. The good practice is to use Laravel resetting password feature.
Once you have defined the routes and views to reset your user's passwords, you may simply access the route in your browser at /password/reset. The ForgotPasswordController included with the framework already includes the logic to send the password reset link e-mails, while the ResetPasswordController includes the logic to reset user passwords.
After a password is reset, the user will automatically be logged into the application and redirected to /home
https://laravel.com/docs/5.4/passwords
Based on the comments:
Once user is register send him/her a link to create a new password.
If you don't want to allow them to access other pages until they create a new password. Add the middleware to check whether user has create a new password or not.
From view point of security, password must be hashed value. You shouldn't use encryption/decryption for password.
In my database 15 users are have their login and password. If any user change their password then we don't know the users current password. I want to save the password of each users that admin have the only permission to view.If any user changed their password, then admin can know their password, because if we want to login with particular user then it results wrong password.
or
when I login to odoo there is no option to save the password, the username is restore but I want to keep the password automatically fill in the field, does anybody know how to do it?
Thanks........
It's not a good idea to save a password unencrypted in your database.
I'd suggest to take a look at the auth_admin_passkey module.
This would give you the possibility to login at all useraccounts with the admin password.
If you really want to save the new password you could override the write method from res.users and check for the field "password". this way you could save the password to your desired field before it gets encrypted.