I want to check whether old password which user typed is matched with DB password using check hash, but its not working correctly please advice.
Below is my code which I used to update password function
fields which required are old_passwrord, new_password.
Currently it doesn't go to hash check fucntion and directly update password.
else if (Hash::check('password', $getPassword->password))
{
return ['error'=>['code'=>206, 'message'=>'old password is not matching']];
}
Replace
else if (Hash::check('password', $getPassword->password))
with
else if ( ! Hash::check('password', $getPassword->password))
Related
I use Hash::make($req->pass); to login in Laravel. Now I forgot the password. Can I change the password by editing PHPMyAdmin? Is there any PHPMyadmin function to change the Bcrypt?
For eg. To change the password stored in MD5, I can change it by using MD5 function. And it works fine for all WordPress logins.
Thanks in Advance
I would use Tinker to achieve this:
php artisan tinker
$user = App/Models/User()::find(/* user_id */);
$user->password = Hash::make('your new password here');
$user->save();
// You should receive a "true" if the update is successful.
// This can all be done via the command line.
You can also (for the sake of answering your question) just output the password from the route file:
Route::get('generate-password', function () {
return Hash::make('your new password');
})
visit the '/generate-password' url, copy that password, then paste it into PHPMyAdmin
One way to change the password manually is to get the value from
$pw=Hash::make('yourpassword');
to a variable and copy that value into users table password field.
I use hash check to compare between current password which is inputted by the user and current password which is stored in the database (Bcrypt)
Here is my source code
$user = User::findOrFail($request->id);
if (Hash::check($request->password, $user->password)) {
$user->fill([
'password' => Hash::make($request->newPassword)
])->save();
$request->session()->flash('success', 'Password changed');
// return redirect()->route('your.route');
echo "Hash match";
} else {
$request->session()->flash('error', 'Password does not match');
// return redirect()->route('your.route');
echo "Hash does not matched";
}
My problem is the Hash:check always return false ("Hash does not matched")
I put the variable in hash check like this
Hash::check(new password plain text, bcrypt value in db)
Before the Hash check is called. I try to print the variable to investigate why it not working. I found my plain text of the new password is already sent and I already got the bcrypt password from the database as well. Everything looks fine it should be worked. I don't know what is my mistake. I follows a lot of topic on this site to solve my problem as I tried it does not work for me. Anyone, please help me.
Thank you.
If you are using this with default Login Controller provided by auth,then you need not use this. Its automatically done by laravel itself.
You're using the wrong argument order.
Try this,
if (Hash::check($user->password, $request->password))
I've a website and its access should be restricted. So, on entering the page, before page load we should restrict the access with three fields i.e., username and password of client and specific password for that page, these three were created by me and are stored in a database.
I've basic knowledge of Javascript and PHP.
My idea is before the page load, Javascript should get the three field values entered by user and by PHP we have to validate using a database, if the match occurs then page should load if not the access to that page should be denied.
in brief on hitting URL and before page load connection to the database has to be made and user/client entered 3 fields should be taken and be verified with MYSQL database by PHP and on successful authentication page should be displayed.
Please come up with code suggestions. Thanks in advance :)
i have created a function which you may use:
<?php
function login($username,$password,$salt,$db,$table,$usercolumn,$passwordcolumn,$con)
{
$user=mysql_real_escape_string($username);
$password=mysql_real_escape_string($password);
$db=mysql_select_db($db,$con);
if(!$db)
{
return "connection error";
}
else
{
$sql="SELECT * FROM `$table` WHERE `$usercolumn`='$user';";
$enc=$password;
foreach($salt as $value)
{
if($value=="md5")
{
$enc=md5($enc);
}else
{
$enc=crypt($enc,$value);
}
}
$resource=mysql_query($sql);
$row=mysql_fetch_array($resource);
$passdb=$row[$passwordcolumn];
if($passdb==$enc)
{
$sucess=true;
}else
{
$sucess=false;
}
}
return $sucess;
}
?>
you may use this and if it returns true, that means username and passwords are correct now you have to validate your third option...
to use this function, you just need to call like this after copying that function to a file, if it is named to "logger.php",
<?php
require("logger.php");
$enc=array("salt","md5","differentsalt")//your encryption such as if you have encrypted using 'salt' at first then using md5 hash and again 'differentsalt',then you need to give like i have given
if(login($username,$password,$enc,$db,$table_name,$usercolumn,$passwordcolumn,$con))//$username is the username which user supplied,$password is password user supplied,$enc is the encryption and it must be an array... which is also given above,$db is database name,$table_name is the table where username and encrypted password are stored,$usercolumn is the column name where username are stored, $passwordcolumn is the column where encrypted password are stored, and last $con is the connection identifier, you may have given, $con=mysqli_connect("username","password");
//if all the parameters are supplied correctly, it will check for the username and password matching and you will have to check the third option
{
//now validate your third option here...
//if you are here, that means password and username has matched
}
else
{
//this means username and password didnt matched... so output the error
}
?>
for accepting username and password, you may create a form and ask password there and then submit...
I am using codeigniter php framework. I am suffering from the problem that all the userss password automatically get changes in database sometime, please help.
This is my reset code
function reset_now($key){
//key of fourth segment is saved on cookie
$key = $this->uri->segment(4);
//start validation
$this->form_validation->set_rules('password','Password','xss_clean|required|alpha_numeric|min_length[6]|max_length[20]|matches[password_conf]|sha1');
$this->form_validation->set_rules('password_conf','Password Confirmation','xss_clean|required|alpha_numeric|matches[password]|sha1');
if($this->form_validation->run() == FALSE){
$this->load->view('account/reset_password');
}else{
$this->db->set('password', $this->_salt.$this->input->post('password'));
$this->db->where('lostkey', $_POST['lostkey']);
$this->db->update('users');
$this->session->set_flashdata('message','Password changed, please login with new password');
redirect('account/login');
//$this->load->view('account/reset_password_complete');
}
}
You might have forgot where condition in password update sql. Please re-check your sql. Passwords will not get changed automatically. It might be trigged when someone tries to change password.
UPDATE as per the code provided
Your update where condition is,
$this->db->where('lostkey', $_POST['lostkey']);
The where clause should use the user id(the primary key of the user in database) instead using lostkey( i dont what it means, it is possible that there are multiple rows with same lostkey).
So, your where clause must be something like
$this->db->where('id', $user_id).
I'm integrating an application with the osCommerce shopping cart and want users to be able to log into the app with the same account details they do with osCommerce.
Everything works fine but I got stuck on the user login system. I need to know how to check against a user entered password in my application against the osCommerce user's credentials. They're using a combination of MD5 and salt for generating the password.
How can I use that method to check my user's password?
To check against the password saved in osCommerce, just use the osCommerce function that checks the attempt against the one stored in the database. You'll find this function in the following:
catalog/includes/functions/password_funcs.php
////
// This funstion validates a plain text password with an encrpyted password
function tep_validate_password($plain, $encrypted) {
if (tep_not_null($plain) && tep_not_null($encrypted)) {
// split apart the hash / salt
$stack = explode(':', $encrypted);
if (sizeof($stack) != 2) return false;
if (md5($stack[1] . $plain) == $stack[0]) {
return true;
}
}
return false;
}
So all you need to do is extract the password column from the customers table, based on their entered email address, and compare.
tep_validate_password(password_attempt, password_from_osC)
If you're just going to include it, make sure you also include the catalog/includes/functions/general.php file since that's where the tep_not_null function is defined.