Clear User password using Sentry in Laravel 4 - laravel

I'm trying to clear a user's password, so the old password becomes useless and the User must choose a new one, but if I try to set a null or empty password I obtain:
Cartalyst \ Sentry \ Users \ PasswordRequiredException
A password is required for user [mickeymouse], none given.
This is my code, any idea? Thanks
// clearing the user's password
$user->password = null;
$user->save ();
$code = $user->getPasswordResetCode ();
// ...send code by email

You might be able to alter the database and allow it to be nullable() - but I dont think that is a good idea. Pretty much every single password related function is going to assume there is something in the database to compare to.
So rather than try for something complicated - just changed their password to something random - and you have achieved the same outcome:
$user->password = str_random(60);
$user->save ();
Now their password is useless :)

Related

Laravel sentinel login not working

I used Laravel 5 version with Sentinel package for authentication. I followed this instruction
Registration works fine. but login not return anything.
$credentials = [
"email" => 'test#gmail.com',
"password" => 'password'
];
$user = Sentinel::authenticate($credentials);
print_r($user);
exit;
$user returns empty even I given correct email & password.
(eg: Data)
Users table has the following data
Email Password
test#gmail.com $2y$10$Wu2dY8zQNJPBR
Anyone direct me, how do I debug this issue to fix it? or any useful ideas. Thanks in advance.
I finally fix this issue. Sometime we can not find the small problem :)
The problem is password length which was changed by me 20 characters. But sentinel encrypting the password before storing to db table. this encrypted length is more than 20 characters.
Partial password only stored in the DB. that's why Login was not working.
I changed the following line in migration
$table->string('password', 20);
to
$table->string('password');
So now the password length should be 255 character which is VARCHAR default length.

Joomla: How to check if another user (not current user) is online

this is probably really simple but I've gone round in circles trying to get it to work. My forte is HTML/CSS rather than PHP.
I have a 3rd party component that I am customising to show when the user who posted the ad is online. So far I have not been able to get it to work.
I have been passing the user ID I get from the component, to the Joomla user object.
$user =& JFactory::getUser($var_from_component);
I have then tried to check whether the guest flag is set, as I understand that it will be zero if the user is logged in but null if the user is not.
if($user->guest==0) {
echo "User is online";
} else {
echo "User is offline";
}
I have also tried with three equals signs as I want check the value is actually set at zero rather than it being null, so basically I have been messing around with variations of this method for too long. If anyone knows a better way to check then please say. I also tried to check the session table for the userid, but I am not that savvy with mySQL queries.
Thanks in advance!
You can query session table to check if user is logged in or not-
$db =& JFactory::getDBO();
$query = 'SELECT COUNT(userid) FROM #__session AS s WHERE s.userid = '.(int)$userid;
$db->setQuery($query);
$loggedin = $db->loadResult();
if($loggedin){
//echo 'User is logged in';
}
try this,
You can check like
$user = &JFactory::getUser($user_id);
//print_r($user);
if(isset($user->guest))
echo "Online";
else
echo "Offline";
Hope this may help you..

Adding a 'fake' field to grocerycrud add/edit form

On my users table I have a 128 char 'hashed_password' field. In my User_model I have functions to encrypt and decrypt the password. When encrypting I randomly generate a salt and it gets stored in the first 64 chars of hashed_password field. The hashed pw result gets stored in the last 64 chars. When decrypting I do the reverse.
As I guess is almost universal, there is never a plaintext password to display.
So, when my users (through grocery_CRUD) are adding/editing a user I thought it was possible to include fake fields: "password" and "passconf" to the add & edit forms with the following:
$crud->fields('username', ... <other fields> ... 'password', 'passconf');
Just to be crystal clear - the "password" and "passconf" fields DO NOT exist on my users table. I just want my users to input the new password there then deal with it in my own way.
But it doesn't work. By that I mean the add/edit form renders with the two fake fields correctly (validation below works correctly) but if I try to update any other user information then 'Update Changes', that action fails with "Loading" graphic spinning briefly but not updating the database.
I have tried replicating this on a VERY simply grocery_CRUD form with no other complexity and get the same behaviour: the form renders correctly but will not update the db.
Is it even possible to use fake fields? Am I missing something?
Is grocery_CRUD trying to do something with these fields behind the scenes that is causing the db update to fail?
I had then hoped to do the following:
$crud->set_rules('password', 'Password', 'callback_valid_password');
$crud->set_rules('passconf', 'Password Confirmation', 'matches[password]');
$crud->callback_before_insert(array($this,'encrypt_password_callback'));
$crud->callback_before_update(array($this,'encrypt_password_callback'));
function encrypt_password_callback($post_array, $primary_key = null){
if ($post_array['password'] <> '') {
$this->User_model->set_password($post_array['username'], $post_array['password']);
}
}
function valid_password($str) {
//do some pw validation
return TRUE;
}
I have solved this problem using insert and update callbacks then encrypting the password then unset(ing) the offending 'password' & 'passconf' fields before the insert or update db call.

Codeigniter tank auth check user entered password

I'm using Tank Auth for my website.
I've searched for a function that would check if user has entered a valid password, when he tries to update his profile.
I don't understand how to hash password from user input that would match one in database.
Here's my controllers code:
$password = $this->input->post('password');
$hasher = new PasswordHash(
$this->config->item('phpass_hash_strength', 'tank_auth'),
$this->config->item('phpass_hash_portable', 'tank_auth')
);
$hashed_password = $hasher->HashPassword($password);
$hashed_password gives me different hash each time
I dont think that i should enable phpass_hash_portable
Any advices?
You need to use the CheckPassword module of the Tank Auth instead of hashing it by using the PasswordHash of the phpass.
You can check your password by using this function:
$hasher->CheckPassword(password which has to be checked,password from database).
instead of encrypting yourself.
Note: password which has to be checked => is raw data
password from database => password from database.

Accessing admin Account in Joomla

Is there any way I can access the admin account of a website built in Joomla,if I dont have the password for the admin account.I do have all the privileges on the server. Please let me know your suggestions and opinions.
The password is stored in the MySQL database jos_users table password field. (change this for your table prefix if different)
Use a MySQL utility such as phpMyAdmin or MySQL Query Browser to edit this field.
Open the table, find your admin username, and then select that row for editing.
The password must be hashed (MD5), you cannot simply enter text into this field.
Set the password to a known value eg:
- admin = 21232f297a57a5a743894a0e4a801fc3
Source: http://forum.joomla.org/viewtopic.php?t=10985
The admin password you can find it in {DB_PREFIX}_users, the password is hashed (MD5) ...
Well it's a little more complicated than that, the hash is formed like {hashedpassword}:{hashedsalt}, the hashedpassword is formed by md5(password.hashedsalt) ...
so you can make a little script to echo a new password ...
<?php
$psw = 'hashedpassword:hashedsalt'; // you copy the entry from the db here
$newpassword = 'newpassword'; // your new password
list($hashedpassword, $hashedsalt) = explode(":", $psw);
$newpsw = md5($newpassword.$hashedsalt);
$output = $newpsw.":".$hashedsalt;
echo $output; // this is what you put in the db
?>

Resources