I'm using Tank Auth for my website.
I've searched for a function that would check if user has entered a valid password, when he tries to update his profile.
I don't understand how to hash password from user input that would match one in database.
Here's my controllers code:
$password = $this->input->post('password');
$hasher = new PasswordHash(
$this->config->item('phpass_hash_strength', 'tank_auth'),
$this->config->item('phpass_hash_portable', 'tank_auth')
);
$hashed_password = $hasher->HashPassword($password);
$hashed_password gives me different hash each time
I dont think that i should enable phpass_hash_portable
Any advices?
You need to use the CheckPassword module of the Tank Auth instead of hashing it by using the PasswordHash of the phpass.
You can check your password by using this function:
$hasher->CheckPassword(password which has to be checked,password from database).
instead of encrypting yourself.
Note: password which has to be checked => is raw data
password from database => password from database.
Related
I used Laravel 5 version with Sentinel package for authentication. I followed this instruction
Registration works fine. but login not return anything.
$credentials = [
"email" => 'test#gmail.com',
"password" => 'password'
];
$user = Sentinel::authenticate($credentials);
print_r($user);
exit;
$user returns empty even I given correct email & password.
(eg: Data)
Users table has the following data
Email Password
test#gmail.com $2y$10$Wu2dY8zQNJPBR
Anyone direct me, how do I debug this issue to fix it? or any useful ideas. Thanks in advance.
I finally fix this issue. Sometime we can not find the small problem :)
The problem is password length which was changed by me 20 characters. But sentinel encrypting the password before storing to db table. this encrypted length is more than 20 characters.
Partial password only stored in the DB. that's why Login was not working.
I changed the following line in migration
$table->string('password', 20);
to
$table->string('password');
So now the password length should be 255 character which is VARCHAR default length.
I'm trying to clear a user's password, so the old password becomes useless and the User must choose a new one, but if I try to set a null or empty password I obtain:
Cartalyst \ Sentry \ Users \ PasswordRequiredException
A password is required for user [mickeymouse], none given.
This is my code, any idea? Thanks
// clearing the user's password
$user->password = null;
$user->save ();
$code = $user->getPasswordResetCode ();
// ...send code by email
You might be able to alter the database and allow it to be nullable() - but I dont think that is a good idea. Pretty much every single password related function is going to assume there is something in the database to compare to.
So rather than try for something complicated - just changed their password to something random - and you have achieved the same outcome:
$user->password = str_random(60);
$user->save ();
Now their password is useless :)
On my users table I have a 128 char 'hashed_password' field. In my User_model I have functions to encrypt and decrypt the password. When encrypting I randomly generate a salt and it gets stored in the first 64 chars of hashed_password field. The hashed pw result gets stored in the last 64 chars. When decrypting I do the reverse.
As I guess is almost universal, there is never a plaintext password to display.
So, when my users (through grocery_CRUD) are adding/editing a user I thought it was possible to include fake fields: "password" and "passconf" to the add & edit forms with the following:
$crud->fields('username', ... <other fields> ... 'password', 'passconf');
Just to be crystal clear - the "password" and "passconf" fields DO NOT exist on my users table. I just want my users to input the new password there then deal with it in my own way.
But it doesn't work. By that I mean the add/edit form renders with the two fake fields correctly (validation below works correctly) but if I try to update any other user information then 'Update Changes', that action fails with "Loading" graphic spinning briefly but not updating the database.
I have tried replicating this on a VERY simply grocery_CRUD form with no other complexity and get the same behaviour: the form renders correctly but will not update the db.
Is it even possible to use fake fields? Am I missing something?
Is grocery_CRUD trying to do something with these fields behind the scenes that is causing the db update to fail?
I had then hoped to do the following:
$crud->set_rules('password', 'Password', 'callback_valid_password');
$crud->set_rules('passconf', 'Password Confirmation', 'matches[password]');
$crud->callback_before_insert(array($this,'encrypt_password_callback'));
$crud->callback_before_update(array($this,'encrypt_password_callback'));
function encrypt_password_callback($post_array, $primary_key = null){
if ($post_array['password'] <> '') {
$this->User_model->set_password($post_array['username'], $post_array['password']);
}
}
function valid_password($str) {
//do some pw validation
return TRUE;
}
I have solved this problem using insert and update callbacks then encrypting the password then unset(ing) the offending 'password' & 'passconf' fields before the insert or update db call.
Is there any way I can access the admin account of a website built in Joomla,if I dont have the password for the admin account.I do have all the privileges on the server. Please let me know your suggestions and opinions.
The password is stored in the MySQL database jos_users table password field. (change this for your table prefix if different)
Use a MySQL utility such as phpMyAdmin or MySQL Query Browser to edit this field.
Open the table, find your admin username, and then select that row for editing.
The password must be hashed (MD5), you cannot simply enter text into this field.
Set the password to a known value eg:
- admin = 21232f297a57a5a743894a0e4a801fc3
Source: http://forum.joomla.org/viewtopic.php?t=10985
The admin password you can find it in {DB_PREFIX}_users, the password is hashed (MD5) ...
Well it's a little more complicated than that, the hash is formed like {hashedpassword}:{hashedsalt}, the hashedpassword is formed by md5(password.hashedsalt) ...
so you can make a little script to echo a new password ...
<?php
$psw = 'hashedpassword:hashedsalt'; // you copy the entry from the db here
$newpassword = 'newpassword'; // your new password
list($hashedpassword, $hashedsalt) = explode(":", $psw);
$newpsw = md5($newpassword.$hashedsalt);
$output = $newpsw.":".$hashedsalt;
echo $output; // this is what you put in the db
?>
I use Symfony 1.4.11. I have two tables "companies" and "ads". When user add new ad, he can connect ad with his company.Before it I check, if user have company, for example I have variable $has_company, if $has_company==1 - user has company, if $has_company==0 he has not company. If user want connect company with ad, he must check checkbox :-) So I want to validate checkbox, If user check checkbox, and he has not company,I want to show messages, that first he must create company.... Is it possible? Can I use sfValidatorBoolean ? If yes, how to validate variable has_company? Thank you!
I think you can create a method in myUser class to check if the current user has a company (if your models user and company are linked).
And then, you can pass the result of this method in option of your form.
For validation, you can use a callback validator : http://www.symfony-project.org/forms/1_4/en/B-Validators#chapter_b_sub_sfvalidatorcallback
you can use halt_on_error option like
$v = new sfValidatorAnd(
array(
new sfValidatorString(array('max_length' => 255)),
new sfValidatorEmail(),
),
array('halt_on_error' => true),
array('invalid' => 'The input value must be an email with less than 255 characters.')
);