change password code is not working - passwords

I was just working on a password changing program for my website, it resulted in all my users passwords changed into the same password.
The code which I used is displayed below.
If any one could help me out it would be a big thanks to him/her.
//if form has been submitted process it
<br/>
if(isset($_POST['submit'])){
$stmt = $db->prepare('SELECT password FROM user WHERE password = :hashedpassword');
$stmt->execute(array(':hashedpassword' => $_POST['password']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(strlen($_POST['password']) < 3){
$error[] = 'Password is too short.';
}
if(strlen($_POST['passwordConfirm']) < 3){
$error[] = 'Confirm password is too short.';
}
if($_POST['password'] != $_POST['passwordConfirm']){
$error[] = 'Passwords do not match.';
}
//if no errors have been created carry on
if(!isset($error)){
//hash the password
$hashedpassword = $user->password_hash($_POST['password'], PASSWORD_BCRYPT);
try {
//insert into database with a prepared statement
$sql="UPDATE user SET password = :hashedpassword";
$stmt = $db->prepare($sql);
$stmt->execute(array(
':hashedpassword' => $hashedpassword
));
//redirect to index page
header('Location: login.php?action=resetAccount');
exit;
//else catch the exception and show the error.
} catch(PDOException $e) {
$error[] = $e->getMessage();
}
}
}

Related

Validating the login window in appcelerator

I am working with appcelerator and i am creating a login window. But all the validations do not seem to work properly. Also the error i am facing for the validation where username should not be numeric is throwing me a runtime error. Please help!
function loginUser() {
var uName = $.username;
var pwd = $.password;
var correctUName = "sayali";
var correctPwd = "123sayali";
var letters = /^[A-Za-z]+$/;
if(uName == "" || pwd == ""){
alert("Please fill all the credentials!!");
}
else{
if(uName.match == letters){
if(uName == correctUName){
if(pwd == correctPwd){
alert("Login Successful!!");
}
else{
alert("Incorrect Password!");
}
}
else{
alert("User doesn't exist!");
}
}
else{
("Numeric values are not allowed in Username!");
}
}
}
Instead of using uName.match == letters you should use i.e. letters.test(uName)
Click here for more information on regular expressions and Javascript

Yii2 signup without saving session data

I have registration form in my Yii2 advanced application. In my application only admin can register users. But when I register new user, admin session data are destroyed and new user's session data are set. What I am trying is not to change session data when I register new user. Admin user is still should be set to session data. How to solve this problem. This is my action in controller:
public function actionSignup()
{
$model = new SignupForm();
if(Yii::$app->user->can('admin'))
{
if (($response = self::ajaxValidate($model)) !== false)
return $response;
if (self::postValidate($model))
{
try
{
$trans = Yii::$app->db->beginTransaction();
if ($user = $model->signup()) {
Yii::$app->getUser()->login($user);
}
//tagidan tushgan odamining child_left, child_right tini o'zgartirish
$under = UserModel::findOne($user->id_parent_under);
if ($under->id_child_left == 0)
$under->id_child_left = $user->id;
else
$under->id_child_right = $user->id;
$under->update(false);
ChildrenBinaryModel::insertNewUser($user);
ChildrenClassicModel::insertNewUser($user);
$parents = ChildrenBinaryModel::find()->with('user')->where(["id_child" => $user->id])->orderBy(['depth' => SORT_ASC])->all();
$c_user = $user;
foreach($parents as $p)
{
$p_user = $p->user;
if ($p_user->id_child_left == $c_user->id)
$p_user->ball_left += 100;
else
$p_user->ball_right += 100;
$p_user->update(false);
$c_user = $p_user;
}
$trans->commit();
}
catch(\Exception $e)
{
$trans->rollBack();
return $this->renderContent($e->getMessage());
}
return $this->render('index');
}
return $this->render('signup', [
'model' => $model,
]);
}else{
throw new ForbiddenHttpException;
}
}
Checkout the documentation for \yii\web\User::login(). When this is run in your code by calling Yii::$app->getUser()->login($user), the session data is set to match your $user.
If it's always the admin user that's signing up new users, I'm not sure you even need to run the login method.
I have solved this problem. In order to make answer clearly and simple I will show you default signup action in site controller (Yii2 advanced template):
public function actionSignup()
{
$model = new SignupForm();
if ($model->load(Yii::$app->request->post())) {
if ($user = $model->signup()) {
if (Yii::$app->user->enableSession = false &&
Yii::$app->getUser()->login($user)) {
return $this->goHome();
}
}
}
return $this->render('signup', [
'model' => $model,
]);
}
Only I have done was adding this
Yii::$app->user->enableSession = false
inside the if statement

In yii how to send password reset link

In yii i am creating forget password functionality.For this user enters email id.If this email id is correct then i want to retrieve securityQuestion id from database and display that question to user.if his answer is correct then password reset link will get send to user's email id. In controller i had made action as
public function ActionForget{if(isset($_POST['email']))
{ $record=User::model()->find(array(
'select'=>'primaryEmail',
'condition'=>'PrimaryEmail=:email',
'params'=>array(':email'=>$_POST['email']))
); if($record===null) {
$error = 'Email invalid';
} else {
$mailer = Yii::createComponent('application.extensions.mailer.EMailer');
$mailer->IsSMTP();
$mailer->IsHTML(true);
$mailer->SMTPAuth = true;
$mailer->SMTPSecure = "ssl";
$mailer->Host = "smtp.gmail.com";
$mailer->Port = 465;
$mailer->CharSet = 'UTF-8';
$mailer->Username = "abc#shailani.com";
$mailer->Password = "abc";
$mailer->From = "xyz#shailani.com";
$mailer->FromName = "Balaee.com";
$mailer->AddAddress($record);
$mailer->Subject = "welcome to Balaee";
$mailer->IsHTML(true);
$mailer->Body = "<h1>Thanks to showing interest </h1><br>click on link for other detail ".$url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if($mailer->Send()) {echo "Please check mail";}
else {echo "Fail to send your message!"; }}}
else{ $this->render('emailForm'); //show the view with the password field}}
I am having password.php as view file for entering primary email id and submit button
<?php $form=$this->beginWidget('CActiveForm', array(
'id'=>'email-form',
'enableClientValidation'=>true,
));
echo CHtml::textField('email');
echo CHtml::submitButton('Send');
$this->endWidget();
But after submiiting primary email id by user,no action takes place. So can please someone tell me what changes i need to do
Shouldn't the name of the controller method be actionForgot instead of ActionForgot. PHP is case sensitive, also when you render the page send the model with it like this->render->('emailForm',$email) where $email is your model name
Ok I like the start, and here are some of the fixes to the existing code above.
However what was your plan once you successfully sent the e-mail; see the existing code gets you a url that looks like this http://yoursite.com/yourapp/user/forget and that will bring you right back to the form in which you enter your email, thus creating a giant loop.
See the link should in fact create be validated and thus giving the user access to their user record. You need some other function to validate and allow for the password change.
<code>
public function actionForget() {
if(isset($_POST['email'])) {
$record=User::model()->findByAttributes(array('email' => Yii::app()->request->getPost('email')));
if ($record != NULL) {
$mailer = Yii::createComponent('application.extensions.mailer.EMailer');
$mailer->IsSMTP();
$mailer->IsHTML(true);
$mailer->SMTPAuth = true;
$mailer->SMTPSecure = "ssl";
$mailer->Host = "smtp.gmail.com";
$mailer->Port = 465;
$mailer->CharSet = 'UTF-8';
$mailer->Username = "yourgmailacccount#gmail.com";
$mailer->Password = "P#ssWord";
$mailer->From = "yourfromemail#yourdomain.com";
$mailer->FromName = "HQ-DEV-01";
$mailer->AddAddress($_POST['email']);
$mailer->Subject = "welcome to CES Document Site";
$mailer->IsHTML(true);
$mailer->Body = "<h1>Thanks, please</h1><br>
click on link for other detail
".$url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if($mailer->Send()) {
echo "Please check your email";
}
else {
echo "Fail to send your message!";
}
} else {
echo 'Email invalid';
}
else {
$this->render('password');
Yii::app()->user->setFlash('error', "Email is not valid!");
//echo 'Email invalid';
}
}
else{ $this->render('password'); //show the view with the password field}}
Yii::app()->user->setFlash('info', "Enter a valid e-mail!");
}
}

In yii login functionality when password is wrong

In yii i am creating login functionality. When user enters correct username but wrong password i want to make serach in database for this correct username and want to put that username's id into loginattemmpt table and display wrong password message to him. So can please someone help me.
in userIdentity.php save data in table .
public function authenticate() {
$user = User::model()->findByAttributes(array('username' => $this->username));
if ($user === null) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
elseif($user->password !== crypt($this->password, $salt))
{ // save $user->id in attempt table here .
$this->errorCode = self::ERROR_PASSWORD_INVALID;
}else{
//set id
}
and in file from where authenticate function is called setError.
$this->_identity = new UserIdentity($this->username, $this->password);
if (!$this->_identity->authenticate())
if ($this->_identity->errorCode === UserIdentity::ERROR_USERNAME_INVALID) {
$this->addError('password', 'Incorrect email Id');
}elseif($this->_identity->errorCode === UserIdentity::ERROR_PASSWORD_INVALID){
$this->addError('password', 'Incorrect Password');
}

Joomla onUserAuthenticate

In the Joomla source, I found a method caled onUserAuthenticate, which could not be found in the API (through google), but its functionality is the similar to onLoginUser... So, after login/password check I need to run some more code via this function. As a result, I have true/false - depending on it I need to set users' authorization completely. Even if the user's login/password is correct, but my code returns false -> authorization fail...
I am trying something like:
functionon UserAuthenticate($credentials,$options,&$response){
jimport('joomla.user.helper');
$username=mysql_real_escape_string($credentials['username']);
$password=mysql_real_escape_string(md5($credentials['password']));
//my code returns $result
if($result!=NULL){
$response->status=JAUTHENTICATE_STATUS_SUCCESS;
$response->error_message='';
}
else{
$response->status=JAUTHENTICATE_STATUS_FAILURE;
$response->error_message=JText::_('JGLOBAL_AUTH_INVALID_PASS');
}
}
onUserAuthenticate is an event not a method. You use plugins to listen for Joomla events, in this case usually a user plugin would listen for this. When the event happens your code will run.
http://docs.joomla.org/Plugin
You can try this for custom login form-
$app = JFactory::getApplication();
$data = array();
$data['return'] = '';
$data['username'] = JRequest::getVar('username', '', 'method', 'username');
$data['password'] = JRequest::getString('password', '', 'post', JREQUEST_ALLOWRAW);
// Get the log in options.
$options = array();
// Get the log in credentials.
$credentials = array();
$credentials['username'] = $data['username'];
$credentials['password'] = $data['password'];
// Perform the log in.
$error = $app->login($credentials, $options);
if (!JError::isError($error)) {
$response->status=JAUTHENTICATE_STATUS_SUCCESS;
$response->error_message='';
}else{
$response->status=JAUTHENTICATE_STATUS_FAILURE;
$response->error_message=JText::_('JGLOBAL_AUTH_INVALID_PASS');
}
If you want authenticate solution on function "onUserAuthenticate" you should check it yourself if user credential is valid or not And you do it with this code :
function onUserAuthenticate($credentials, $options, &$response)
{
$response->type = 'Joomla';
// Joomla does not like blank passwords
if (empty($credentials['password'])) {
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED');
return false;
}
// Initialise variables.
$conditions = '';
// Get a database object
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->select('id, password');
$query->from('#__users');
$query->where('username=' . $db->Quote($credentials['username']));
$db->setQuery($query);
$result = $db->loadObject();
if ($result) {
$parts = explode(':', $result->password);
$crypt = $parts[0];
$salt = #$parts[1];
$testcrypt = JUserHelper::getCryptedPassword($credentials['password'], $salt);
if ($crypt == $testcrypt) {
$user = JUser::getInstance($result->id); // Bring this in line with the rest of the system
$response->email = $user->email;
$response->fullname = $user->name;
$response->status = JAuthentication::STATUS_SUCCESS;
$response->error_message = '';
print_r("You login correct Sir");
die();
} else {
print_r("you enter wrong credential");
die();
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS');
}
} else {
print_r("you enter blank credential");
die();
$response->status = JAuthentication::STATUS_FAILURE;
$response->error_message = JText::_('JGLOBAL_AUTH_NO_USER');
}
return true;
}