i need a very simple code for changing password for a logged user. i used the following code:
Controller - my_account.php
public function change_password(){
$this->page_handler->consumer_page();
$this->form_validation->set_rules('opassword','Old Password','required|trim|xss_clean|callback_change');
$this->form_validation->set_rules('npassword','New Password','required|min_length[6]|max_length[32]');
$this->form_validation->set_rules('cpassword','Confirm Password','required|matches[npassword]');
if($this->form_validation->run()!=true) {
$this->load->view("passwordchange");
}
else {
$sql = $this->db->select("*")->from("consumer")->where("login", $this->session->userdata("login"))->get();
foreach ($sql->result()as $info) {
$db_password = $info ->password;
$login = $info ->login;
}
if(md5($this->input->post("opassword"))==$db_password) {
$fixed_pw = md5(mysql_real_escape_string($this->input->post("npassword")));
$update = $this->db->query("UPDATE 'consumer' SET 'password' = '$fixed_pw' where 'login' ='$login'") or die(mysql_error());
$this->session->set_flashdata("notification","Password has been updated!");
redirect("MyPage","refresh");
}
else {
echo "Password is incorrect!";
$this->load->view("passwordchange");
}
}
}
Model - page_handler.php
Class Page_handler extends CI_Model{
public function isLoggedIn(){
return $this->session->userdata("Logged_in");
}
public function consumer_page(){
if($this->isLoggedIn()) {
return TRUE;
}
}
}
I am getting error message...
A PHP Error was encountered
Severity: Notice
Message: Undefined variable: db_password
Filename: controllers/my_account.php
Line Number: 23
Password is incorrect!
Where can i be wrong?
It is better to define two methods in your controller.
First :
function check_old_passwd($pass){
//for set custom validation message
$this->form_validation->set_message('check_old_passwd', 'your custom message');
//{check in db...}
if(true){
return true;
}
return false
}
Second :
function is_newpasswd_correct($newpass){
//for set custom validation message
$this->form_validation->set_message('is_newpasswd_correct', 'your custom message');
//check if new password is in your site terms
//not smaller than 4 digits etc.
if(true){
return true;
}
return false;
}
Then use callback in your validation rules :
$this->form_validation->set_rules('oldpass', 'Old Password', 'required|trim|callback_check_old_passwd');
$this->form_validation->set_rules('newpass', 'New Password', 'required|trim|callback_is_newpasswd_correct');
Hope it will helps you
Related
CakePHP version: 3.3.5
I'm building a simple system using which users can login (using a email and password) and after login they can change their password.
For this, I'm using DefaultPasswordHasher
I had a few users already in my db. Their record were already present. So when I did the login function, it worked. I compared the password the user enters with the hased password already present in the db. The check was successful and user was able to login.
Now after login, I wrote change password function, which updated the user password. New hash string replaced the old password string but when I try to login again, login fails.
I will share my controller here. It's pretty basic.
namespace Api\Controller;
use Cake\Utility\Security;
use Cake\Utility\Hash;
use Cake\Auth\DefaultPasswordHasher;
use Api\Controller\AppController;
class LoginController extends AppController
{
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
}
//Function to reset the password
public function resetPassword()
{
$pass = $this->request->data['pass'];
$hasher = new DefaultPasswordHasher();
$hashedPass = $hasher->hash($pass);
$this->loadModel('Login');
//save it to db
$responseArray = $this->Login->resetPassword($hashedPass);
$this->set(compact('responseArray'));
$this->set('_serialize', ['responseArray']);
}
//Function to login
public function login()
{
if ($this->request->is('post'))
{
//Password submitted via form
$pass = $this->request->data['pass'];
//Hashed password fetched from db via a function call
$actualPassword = 'hashedPasswordString'
//Compare password submitted and hash from db
if($this->checkPassword($pass,$actualPassword))
{
$result = 'password matched';
}
else
{
$result = 'password doesnot match';
}
}
$this->set(compact('result'));
$this->set('_serialize', ['result']);
}
//Function to compare password and hash
public function checkPassword($passedPassword , $actualPassword)
{
if ((new DefaultPasswordHasher)->check($passedPassword, $actualPassword)) {
return true;
} else {
return false;
}
}
}
Can anyone tell me why the passwords don't match. I'm new to CakePHP framework. Thanks in advance!
This is what my reset password workflow looks like. I cannot tell from your post what your entity and table look like.
Anytime posted data is converted into a user entity it will now be hashed
Admin/UsersController.php
public function password($id = null)
{
$user = $this->Users->get($id, [
'fields' => ['id', 'first_name', 'last_name', 'username']
]);
if ($this->request->is('put')) {
if ($this->request->data['password'] == $this->request->data['password2']) {
$this->Users->patchEntity($user, ['password' => $this->request->data['password']]);
$this->Users->save($user);
$this->Flash->success('Password has been updated');
return $this->redirect('/admin/users/password/' . $id);
} else {
$this->Flash->error('Passwords do not match');
}
}
$this->set(compact('user'));
}
Model/Entity/User.php
protected function _setPassword($password)
{
if (strlen($password) > 0) {
return (new DefaultPasswordHasher)->hash($password);
}
}
public function changePassword(){
if ($this->request->is('post')) {
$data = $this->request->data();
$res['success'] = FALSE;
$user = $this->Users->get($this->Auth->user('id'))->toArray();
if ((new DefaultPasswordHasher)->check($data['oldPassword'], $user['password'])) {
if($data['newPassword'] == $data['confPassword']){
$userEntity = $this->Users->get($this->Auth->user('id'));
$userEntity->password = $data['newPassword'];
if($this->Users->save($userEntity)){
$res['success'] = TRUE;
$res['message'] = 'Password Changed Successfully.';
}
}else{
$res['success'] = FALSE;
$res['message'] = 'Confirm password is not same as new password. please enter both password again!!';
}
}else{
$res['success'] = FALSE;
$res['message'] = 'Your old password is wrong!';
}
echo json_encode($res);
exit();
}
}
Here Is My COde I m checking username is already exist or not in datbase
when i validate and submit the form duplicate entry entered in database i want that if already exist it show validation error
My Controller
public function index()
{
if($this->input->post('submit')) {
$this->form_validation->set_rules('name', 'User Name', 'callback_checkuser');
$this->form_validation->set_rules('role', 'Role', 'trim|required');
$this->form_validation->set_rules('pass', 'Password', 'trim|required');
if($this->form_validation->run()==TRUE)
{
$user['u_name'] = $this->input->post('name');
$user['role'] = $this->input->post('role');
$user['password']= md5($this->input->post('pass'));
$u_id = $this->custom_model->add_user($user);
if($u_id){
$data['msg'] = 'Successfully Created!!!!';
}
}
}
$this->load->template('add_user', $data);
}
function checkuser($name) {
if($this->custom_model->check_name($name) == false) {
false;
}else {
$this->form_validation->set_message('checkuser', 'This user already exist');
return true;
}
}
Here is My Model
public function check_name($name) {
$sql = "SELECT * FROM users WHERE u_name='".$name."' ";
$query = $this->db->query($sql);
$res = $query->row_array();
if (is_array($res) && count($res) > 0){
return $res;
}
return false;
}
There is a return statement missing in the function checkuser, but more importantly, you should invert the value you return. According to the example in the docs, when you set a validation message because of a validation error, you should return false, and return true when the validation passes.
So add a return, and change the boolean values. BTW, you don't really need an else clause and the word "exist" needs an additional "s":
function checkuser($name) {
if ($this->custom_model->check_name($name) == false) {
return true; // the user does not yet exist, so all is OK
}
$this->form_validation->set_message('checkuser', 'This user already exists');
return false; // this is a duplicate user name: not OK
}
Use this:
$this->form_validation->set_rules('name', 'User Name', 'trim|required|is_unique[users.u_name]');// trim and required added too
Docs.
need help on this one:
here's a my sample code,
i would like to add a validation message if a preg_match occurs:
pls. see inline comments for more details..
public function supplier_entry()
{
if (preg_match("/[\'^£#&*...etc.../", $this->input->post('supplier')))
{
//add or pass validation message, ex. $msg = 'Invalid Supplier Name';
// i tried $this->supplier_entry_form($msg); but its not working.
$this->supplier_entry_form();
}else{
$post_data = array(
'supplier_name' =>$this->input->post('supplier'),
'user' => $this->input->post('user'),
'trx_id' =>$this->input->post('trx_id'),
);
$this->load->model('user_model');
$this->load->model('product_model');
$this->product_model->add_new_supplier($post_data);
$user_data['trx'] = 'Supplier Entry';
$user_data['username'] = $this->user_model->user_info();
$trx_data['supplier'] = $this->product_model->get_supplier_list();
$trx_data['msg'] = 'Supplier Posted.';
$this->load->view('header',$user_data);
$this->load->view('item_supplier', $trx_data);
}
}
thanks in advance..
public function supplier_entry_form()
{
$this->load->model('user_model');
$this->load->model('product_model');
$user_data['username'] = $this->user_model->user_info();
$user_data['trx'] = 'Supplier Entry';
$trx_data['supplier'] = $this->product_model->get_supplier_list();
$this->load->view('header', $user_data);
$this->load->view('item_supplier', $trx_data);
}
Use the built in form validation.
$this->load->library('form_validation');
$this->form_validation->set_rules($this->input->post('supplier'), 'Supplier', 'trim|callback_pregMatchSupplier');
if($this->form_validation->run()==FALSE)
{
$this->supplier_entry_from();
}
// continue code here if validation passes.
function pregMatchSupplier()
{
if (preg_match("/[\'^£#&*...etc.../", $this->input->post('supplier')))
{
return FALSE;
} else {
return TRUE;
}
Then in the view you echo out the validation errors:
<?php echo validation_errors(); ?>
http://ellislab.com/codeigniter/user-guide/libraries/form_validation.html
I have a form on my website header where i allow the user to log in with his username/password... then i POST to /signin page and check if the username exists to allow the user to log in.. if there is a problem upon login i output these errors...
i tried using the following code to show a custom error but with no luck
if ($this->form_validation->run() == false){
$this->load->view("login/index", $data);
}else{
$return = $this->_submitLogin();
if ($return == true){
//success
}else{
$this->form_validation->set_message('new_error', 'error goes here');
//error
}
$this->load->view("login/index", $data);
}
how does set_message work and if this is the wrong method, which one allow me to show a custom error in this case?
EDIT :
validation rules:
private $validation_rules = array(
array(
'field' => 'username',
'label' => 'Username',
'rules' => 'trim|required|callback__check_valid_username|min_length[6]|max_length[20]|xss_clean'
),
array(
'field' => 'password',
'label' => 'Password',
'rules' => 'trim|required|min_length[6]|max_length[32]'
),
);
The set_message method allows you to set your own error messages on the fly. But one thing you should notice is that the key name has to match the function name that it corresponds to.
If you need to modify your custom rule, which is _check_valid_username, you can do so by perform set_message within this function:
function _check_valid_username($str)
{
// Your validation code
// ...
// Put this in condition where you want to return FALSE
$this->form_validation->set_message('_check_valid_username', 'Error Message');
//
}
If you want to change the default error message for a specific rule, you can do so by invoking set_message with the first parameter as the rule name and the second parameter as your custom error. E.g., if you want to change the required error :
$this->form_validation->set_message('required', 'Oops this %s is required');
If by any chance you need to change the language instead of the error statement itself, create your own form_validation_lang.php and put it into the proper language folder inside your system language directory.
As you can see here, you can display the custom error in your view in the following way:
<?php echo form_error('new_error'); ?>
PS: If this isn't your problem, post your corresponding view code and any other error message that you're getting.
The problem is that your form is already validated in your IF part! You can fix the problem by this way:
if ($this->form_validation->run() == false){
$this->load->view("login/index", $data);
}else{
$return = $this->_submitLogin();
if ($return == true){
//success
}else{
$data['error'] = 'Your error message here';
//error
}
$this->load->view("login/index", $data);
}
In the view:
echo $error;
The CI way to check user credentials is to use callbacks:
$this->form_validation->set_rules('username', 'Username', 'callback_username_check');
...
public function username_check($str) {
// your code here
}
I recommend you to read CI documentation: http://codeigniter.com/user_guide/libraries/form_validation.html
The way I did this was to add another validation rule and run the validation again. That way, I could keep the validation error display in the view consistent.
The following code is an edited excerpt from my working code.
public function login() {
$this->form_validation->set_rules('email', 'Email', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
$data['content'] = 'login';
if($this->form_validation->run()) {
$sql = "select * from users where email = ? and password = ?";
$query = $this->db->query($sql, array($this->input->post('email'), $this->input->post('password')));
if($query->num_rows()==0) {
// user not found
$this->form_validation->set_rules('account', 'Account', 'callback__noaccount');
$this->form_validation->run();
$this->load->view('template', $data);
} else {
$this->session->set_userdata('userid', $query->id);
redirect('/home');
}
} else {
$this->load->view('template', $data);
}
}
public function _noaccount() {
$this->form_validation->set_message('_noaccount', 'Account must exist');
return FALSE;
}
Require Codeigniter 3.0
Using callback_ method;
class My_controller extends CI_Controller {
function __construct() {
parent::__construct();
$this->form_validation->set_message('date_control', '%s Date Special Error');
}
public function date_control($val, $field) { // for special validate
if (preg_match("/^[0-9]{2}.[0-9]{2}.[0-9]{4}$/", $val)) {
return true;
} else {
return false;
}
}
public function my_controller_test() {
if ($this->input->post()) {
$this->form_validation->set_rules('date_field', 'Date Field', 'trim|callback_date_control[date_field]|xss_clean');
if ($this->form_validation->run() == FALSE) {
$data['errors']=validation_errors();
$this->load->view('my_view',$data);
}
}
}
}
Result:
if date = '14.07.2017' no error
if date = '14-7-2017' Date Field Date Special Error
Could you please help me work out why my code will not show the setmessage:
$this->form_validation->set_message('Sorry %s is not correct.');
The validation is happily showing that they are required:
home.php -> controller
<?php
ob_start();
if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Home extends CI_Controller {
function __construct(){
parent::__construct();
}
function index(){
$this->login();
}
public function login()
{
//Loads The Page Template
$this->template->set('title','Admin Login');
//Validation Check
$this->form_validation->set_rules('username','Username','required|trim|max_length[50]|xss_clean');
$this->form_validation->set_rules('password','Password','required|trim|max_length[200]|xss_clean|callback_checkUsernamePassword');
if($this->form_validation->run() == FALSE){
$this->template->load('template','admin/admin_login');
}else{
extract($_POST); // Gets data from form and creates vars
$user_id = $this->login_model->check_login($username,$password);
if(! $user_id || $password){ // != If username or password are not correct
$this->session->set_flashdata('login_error',TRUE); //does not add the non valid login to the session
$this->form_validation->set_message('Sorry %s is not correct.');
redirect('admin');
}else{
$this->session->set_userdata('logged_in',TRUE);
$this->session->set_userdata('user_id',$user_id);
redirect('admin/dashboard');
}
}
}
function logout(){
$this->session->unset_userdata('logged_in');
echo 'You have now been logged out';
redirect('admin');
}
}
//End of file home.php
//Location: ./application/controllers/admin/home.php
login_model.php -> model
<?php
class Login_model extends CI_Model
{
function __construct()
{
parent::__construct();
}
function Login_model(){
parent::Model();
}
function check_login($username,$password){
$MD5_password = md5($password); // Tells the db that the password is a MD5 #
$query_str ="SELECT id FROM users WHERE email = ? and password = ?"; // Tells the db that this is a query
$result = $this->db->query($query_str, array($username, $MD5_password)); // Result
//If it is all correct
if($result->num_rows() == 1){
return $result->row(0)->id;
}else{
return false;
}
}
}
?>
I have tried the following:
$lang['error'] = "Sorry your %s is incorrect.";
- This is set in the lang file
and
$this->form_validation->set_message('error','Sorry %s is not correct.');
I am unsure what the 2nd para must be
Your really really really should read the user_guide. Your logic is incorrect. For example, you didn't use your callback. That's why your error messages don't show. I have put in a few comments for you to read.
public function login()
{
$this->template->set('title','Admin Login');
$this->form_validation->set_rules('username','Username', 'required|trim|max_length[50]|xss_clean');
// You aren't using the callback here.
$this->form_validation->set_rules('password','Password', 'required|trim|max_length[200]|xss_clean|callback_checkUsernamePassword');
if($this->form_validation->run() == FALSE){
$this->template->load('template','admin/admin_login');
}else{
// You shouldn't be adding messages when the validation has already passed. The setting should be when the validation is false.
extract($_POST);
$user_id = $this->login_model->check_login($username,$password);
if(! $user_id || $password){
$this->session->set_flashdata('login_error',TRUE); //does not add the non valid login to the session
$this->form_validation->set_message('Sorry %s is not correct.');
redirect('admin');
}else{
$this->session->set_userdata('logged_in',TRUE);
$this->session->set_userdata('user_id',$user_id);
redirect('admin/dashboard');
}
}
}
Here's what you should do. I'm not going to code everything but will give you an idea.
public function login()
{
$this->template->set('title','Admin Login');
$this->form_validation->set_rules('username','Username', 'required|trim|max_length[50]|xss_clean');
$this->form_validation->set_rules('password','Password', 'required|trim|max_length[200]|xss_clean|callback_checkUsernamePassword');
if($this->form_validation->run() == TRUE){
$this->session->set_userdata('logged_in',TRUE);
$this->session->set_userdata('user_id',$user_id);
redirect('admin/dashboard');
}
$this->template->load('template','admin/admin_login');
}
public function checkUsernamePassword() {
extract($_POST); // Gets data from form and creates vars
$user_id = $this->login_model->check_login($username,$password);
if(! $user_id || $password){ // != If username or password are not correct
$this->session->set_flashdata('login_error',TRUE); //does not add the non valid login to the session
$this->form_validation->set_message('checkUsernamePassword', 'Sorry %s is not correct.');
return FALSE
}else{
$this->session->set_userdata('logged_in',TRUE);
$this->session->set_userdata('user_id',$user_id);
redirect('admin/dashboard');
}
}
The set_message function for CodeIgniter's Form Validation class takes two parameters - the first being the name of the validation rule you would like to modify the message for, and the second being the modified message itself.
http://codeigniter.com/user_guide/libraries/form_validation.html
So if you would like to modify the message for the required fields, you would use:
$this->form_validation->set_message('required', 'Sorry %s is not correct.');
$this->form_validation->set_message();
This is used when you are trying to make your own Validation Functions or setting new error messages
If you are trying to make your own validation function then you should follow below article
http://codeigniter.com/user_guide/libraries/form_validation.html
What you can do is according to the returned value you can set the $this->session->set_flashdata(); and show it on the admin page.
http://codeigniter.com/user_guide/libraries/sessions.html