Perhaps I'm just unsure on the documentation. I've tried to figure it out, but I've never used this Codeigniter library before (Aauth). I'm attempting to create a form / page that will allow a user to change their password. The form works fine, but it's not changing the users password in the database.
The documentation says this:
Please note that I am not sure what "FALSE" represents. I do not see a change password method in the documentation provided here.
update_user($user_id, $email = FALSE, $pass = FALSE, $name = FALSE)
Updates user by using user_id
I'm not seeing any errors.
I'm writing something like this:
// get user info for currently logged user (this part works)
$userdata = $this->aauth->get_user();
// Change Password (not currently changing the password for the user)
$this->aauth->update_user($userdata->id, $userdata->email, $_POST['formpassword']);
Whoops, didn't realize when it said "FALSE" it meant it was required.
The correct solution:
// I did not want to change email or name. Password only.
$this->aauth->update_user($userdata->id, FALSE, $_POST['formpassword'], FALSE);
Related
I want to get user data
I tried using
$user_data = App\User::where(["username"=>"admin", "password"=>bcrypt("test123")])->get();
But it is not working! I am sure the username and password is correct!
then I tried another one without bcrypt
$user_data = App\User::where(["username"=>"admin", "password"=>"test123"])->get();
And still not working!.
I don't know what is the problem.
I wondering if I can use Auth::attempt just to get the user data (without log-in)
$user_data = Auth::attempt(["username"=>"admin", "password"=>"test123"]);
Auth::attempt will signing you in. But I don't want that. I just want to get the user data only (without sign-in)
I forgot to mention that I'm creating an API...
However, I solved the problem by using Auth::once()
Auth::once(['username'=>'admin', 'password'=>'test123']);
I am connecting an other application to create and update customers in Magento 1.9 with SOAP. Because I want the passwords to stay exactly the same customers will be forced to change the password in the other application. After change I want the password to be changed in Magento Through the SOAP connection, but I can't get it working. After the request I am getting "bool(true)" but nothing seems to be changed.
Am I doing something wrong, or are there restrictions in Magento.
My code:
<?php
//ensure you are getting error output for debug
error_reporting(E_ALL | E_STRICT);
ini_set('display_errors',1);
$client = new SoapClient('http://www.mymagentosite.com/api/v2_soap/?wsdl');
// If some stuff requires api authentification,
// then get a session token
$session = $client->login('apiuser', 'apikey');
// CustomerID search
$params = array('complex_filter'=>
array(
array('key'=>'email','value'=>array('key' =>'eq','value' => $email)),
),
);
$result = $client->customerCustomerList($session, $params);
var_dump ($result);
$customerID = $result[0]->customer_id;
// echo $customerID;
// Update Customer
$result2 = $client->customerCustomerUpdate($session, $customerID, array('password' => 'newpassword'));
var_dump ($result2);
It's very strange.
The doc (and the wsdl) wants you to pass the password parameter.
I've tried to investigate in the code (Magento 1.7 series).
Before setting the values you have passed through the API call, in the corresponding update() function of the app/code/core/Mage/Customer/Model/Customer/Api.php file, there is this code:
foreach ($this->getAllowedAttributes($customer) as $attributeCode=>$attribute) {
if (isset($customerData[$attributeCode])) {
$customer->setData($attributeCode, $customerData[$attributeCode]);
}
}
So, I've tried to print the allowed attributes, and password is not present. What is present is password_hash, but this field is not present in the doc, and, more important, is not present in the wsdl.
Just to make a test, I've tried to pass the md5 value of the password I wanted to pass as the password argument, then, in the _prepareData function that is called in the update function, I've added this line of code:
$data['password_hash'] = $data['password'];
The result is that the password is successfully changed, and I can login with the new password.
Now, of course this is not the way to proceed.
First of all, I'm changing a core file.
Then, probably, it's possible to update the list of the allowed attributes adding the password attribute, but you have to remember to build the md5 version of the password, not the "clear text" one, and in any case rename it to password_hash somewhere.
Another solution is to customize (not in core/, again) the wsdl parameters related to the complex type customerCustomerEntityToCreate, adding password_hash.
I am working on a CMS backend,and I use Codeigniter to help with the development.
So, I am working on a user table. For example, I allow the backend admin to insert, update the user info.
First there is a table of the user, for each row there is an "edit" button. After clicking on the "edit" button, there is a form for that particular user.
e.g.
UserName: Mr. ABC
Email: abc#a.com
Password: 1234
Since I need to ensure the username is unique and email is unique, I need to use isUnique validation
However, the problem is, how to handle the case, "only the user modify the data, then add the is Unique rule"? Because if I don't change the username, then I will pass the original name to check , and it can not pass the is Unique check , thanks
$this->form_validation->set_rules('name', 'Username', 'trim|required|min_length[4]|is_unique[admin.username]');
You're sending the userID anyway to the server in order to update, You can run a query to check if that username/userID combo exists. if it does, that mean this user didn't change. if it doesn't, you need to check further with is_unique.
That's probably best implemented in a callback if you insist of using form_validation.
basically in your controller you'll two functions
function form_grabber()
{
//get your form and stuff. run this line :
$this->form_validation->set_rules('name', 'Username', 'call_back_isUserNameNotChanged[userID]');
//assuming userID comes from the form aswell.
}
function isUserNameNotChanged($username,$userID)
{
//query DB, return true if match exists or false if it doesn't
}
I don't use codeigniter much, so I'm not sure the exact code to go about this, but how about something like this:
$current_name = // current name in db
if ($this->input->post('name') != $current_name) {
// Name has been changed. Do validation.
}
...
Basically, just check if the posted name is different than what is already in the db. If so, run your validation and do your update. If it's the same, just ignore it.
I'm trying to make a login form for my kohana2 app using ORM example presented in kohana2 docs ( http://docs.kohanaphp.com/addons/auth ). I've done everything like in the wiki but after providing username, password and sending a form, nothing happens. No error, no exception, nothing! just the same form without any errors.
Here is the controller action, the only thing i've changed was adding a template functionality: http://pastebin.com/jEc4nqSP
There is a die() function in line 42, it's there for debug purposes. After sending a form, it displays Array ( [username] => invalid ) 1. I'm sure i have that user data in database and i'm providing a proper username and password. Roles are set to login. Have you any idea what am i doing wrong ?
Thanks.
On line 39 you are creating an empty ORM user object. At a minimum, surely you want:
ORM::factory('user', $post['username'])
Although you probably want to refactor that, so it actually checks that the username value is set.
Ok problem solved! All we need to do is to create a new user with this code (registration controller from kohana2 docs):
<?php
// grab relevant $_POST data
$username = $this->input->post('username');
$password = $this->input->post('password');
// instantiate User_Model and set attributes to the $_POST data
$user = ORM::factory('user');
$user->username = $username;
$user->password = Auth::instance()->hash_password($password);
// if the user was successfully created...
if ($user->add(ORM::factory('role', 'login')) AND $user->save()) {
// login using the collected data
Auth::instance()->login($username, $password);
// redirect to somewhere
url::redirect('user/profile');
}
The previous admin login data was not working cause the password was not hashed properly.
I am implementing an authentication component,
This is my registration page
create('User',array('action' => 'login'));
echo $form->input('primary_email',array('size'=> 32));
echo $form->input('password',array('label' => 'Password'));
echo $form->input('remember_me',array('label' => 'Remember Me','type'=>'checkbox','checked' => 'false'));
echo $html->link('Forgot Password','/users/forgot/');
echo $form->end('Login');
// Javascripts
echo $javascript->link('jquery',false);
//echo $javascript->link('jquery.validate.js',false);
//echo $javascript->codeBlock($code, array('inline' => false));
?>
When I print the contents of $this->data the password field turns up empty.
How can I resolve this?
When I rename password to password2 or something else it works !!! Strange
this is because the Auth component removes the password from the data array (for security purposes). why would you want it to contain the password anyway? the remember me logic (which I assume you are using from the form fields) will handle logging someone in without the password.
I had the same issue and mrlanrat's suggestion worked for me.
Instead of trying to access $this->data['password'], you will need to access $this->Auth->data['password']
What basically happens is that the Auth component hashes the password and moves the hashed version into $this->Auth->data. The non-hashed version is deleted for security purposes.
So whenever you need to deal with data related to Auth component, make sure you're using $this->Auth->data and not $this->data.
I would like to see your login() function as well but indeed this problem seems weird. You can work around this by renaming your password field and then inside your login function do something like:
$this->data['password']=$this->Auth->password($this->data['User']['pwd']);
//now you can call $this->Auth->login and it will work
One thing you may be able to do is have the user confirm their password, and use it for the login function. I may be completely mis-reading what you're trying to accomplish, but if you have the user Confirm their password w/ a password 2 field, you can compare the two, and also use the starting state of the confirmation password for whatever it is that you're wanting to do.
So:
echo $form->input('password', array('label' => 'password'));
echo $form->input('password2', array('label' => 'Confirm Password'));
Inside of your logic for whatever you're wanting to accomplish, you can just put:
$morePermanentDataStorage = $this->data['User']['password2'];
if($this->data['User']['password'] == $this->Auth->password($this->data['User']['password2']) {
//function logic here
}
I am also assuming that your form logic from above actually starts with:
echo $form->create('User');
I had the same problem, Using $this->Auth->data['User']['user'] and $this->Auth->data['User']['password'] fixed it.
It looks like the auth controller removed the password from the data when it does its automagic.
I had the same problem and it was related to using the email field for login thru this method
$this->Auth->fields = array('username' => 'email', 'password' => 'password');
I couldn't resolve it, so I opted to include a username field on my database and now it works perfectly.
I had the same problem with some ExtJS authentication I was working on some weeks back.
A weird workaround is to go to /config/core.php and change the debug level temporarily e.g. change from Configure::write('debug', 0); to Configure::write('debug', 1); and then run your code - not necessarily the part with the Auth component - (and afterwards change the debug level back if you wish). $this->data['User']['password'] will now be populated with the hash value as intended.
What causes this in the first place still beats me :)
First of all, you need to comment the code Configure::write('Cache.disable', true); in the file core.php