I am using codeigniter php framework. I am suffering from the problem that all the userss password automatically get changes in database sometime, please help.
This is my reset code
function reset_now($key){
//key of fourth segment is saved on cookie
$key = $this->uri->segment(4);
//start validation
$this->form_validation->set_rules('password','Password','xss_clean|required|alpha_numeric|min_length[6]|max_length[20]|matches[password_conf]|sha1');
$this->form_validation->set_rules('password_conf','Password Confirmation','xss_clean|required|alpha_numeric|matches[password]|sha1');
if($this->form_validation->run() == FALSE){
$this->load->view('account/reset_password');
}else{
$this->db->set('password', $this->_salt.$this->input->post('password'));
$this->db->where('lostkey', $_POST['lostkey']);
$this->db->update('users');
$this->session->set_flashdata('message','Password changed, please login with new password');
redirect('account/login');
//$this->load->view('account/reset_password_complete');
}
}
You might have forgot where condition in password update sql. Please re-check your sql. Passwords will not get changed automatically. It might be trigged when someone tries to change password.
UPDATE as per the code provided
Your update where condition is,
$this->db->where('lostkey', $_POST['lostkey']);
The where clause should use the user id(the primary key of the user in database) instead using lostkey( i dont what it means, it is possible that there are multiple rows with same lostkey).
So, your where clause must be something like
$this->db->where('id', $user_id).
Related
I want to check whether old password which user typed is matched with DB password using check hash, but its not working correctly please advice.
Below is my code which I used to update password function
fields which required are old_passwrord, new_password.
Currently it doesn't go to hash check fucntion and directly update password.
else if (Hash::check('password', $getPassword->password))
{
return ['error'=>['code'=>206, 'message'=>'old password is not matching']];
}
Replace
else if (Hash::check('password', $getPassword->password))
with
else if ( ! Hash::check('password', $getPassword->password))
I am working on a CMS backend,and I use Codeigniter to help with the development.
So, I am working on a user table. For example, I allow the backend admin to insert, update the user info.
First there is a table of the user, for each row there is an "edit" button. After clicking on the "edit" button, there is a form for that particular user.
e.g.
UserName: Mr. ABC
Email: abc#a.com
Password: 1234
Since I need to ensure the username is unique and email is unique, I need to use isUnique validation
However, the problem is, how to handle the case, "only the user modify the data, then add the is Unique rule"? Because if I don't change the username, then I will pass the original name to check , and it can not pass the is Unique check , thanks
$this->form_validation->set_rules('name', 'Username', 'trim|required|min_length[4]|is_unique[admin.username]');
You're sending the userID anyway to the server in order to update, You can run a query to check if that username/userID combo exists. if it does, that mean this user didn't change. if it doesn't, you need to check further with is_unique.
That's probably best implemented in a callback if you insist of using form_validation.
basically in your controller you'll two functions
function form_grabber()
{
//get your form and stuff. run this line :
$this->form_validation->set_rules('name', 'Username', 'call_back_isUserNameNotChanged[userID]');
//assuming userID comes from the form aswell.
}
function isUserNameNotChanged($username,$userID)
{
//query DB, return true if match exists or false if it doesn't
}
I don't use codeigniter much, so I'm not sure the exact code to go about this, but how about something like this:
$current_name = // current name in db
if ($this->input->post('name') != $current_name) {
// Name has been changed. Do validation.
}
...
Basically, just check if the posted name is different than what is already in the db. If so, run your validation and do your update. If it's the same, just ignore it.
EDIT: based on first reply I got below,I reworked my code and it now works... first checking the given email address to find the gamer id. Then checking the verfication state based on the gamer id. So if they change their email address in the future it will still know whether it's already been verified.
Below is my final code, (I've changed some name for items, so its not an exact copy/paste of my own code).
function email_not_verified ($email) { //check it's not already verified
include ('../connect.php'); // Include connect to database functions
$findUser= $db->prepare("SELECT game_id FROM players WHERE email=?");
$findUser->execute(array($email));
$user = $findUser->fetch();
if ( $findUser){
$veri= $db->prepare("SELECT sent_verification FROM players WHERE game_id=?");
$veri->execute(array($user["game_id"]));
$results = $veri->fetch();
$final = $results["sent_verification"];
}
if ($final == 1){
return TRUE;
}
else{
return FALSE;
}
}
Thanks again for the help.
Below, is my original question.
I'm trying to figure out a simple setup that stops a user repeatedly verifying their email address. As when they verify their email I'm awarding them a bonus of 300 credits for in store game purchases. I obviously don't want to keep dishing that out each time they follow their emailed verification link.
So I'm trying to run a check first, before the normal verification script is run.
But surprise, surprise: its not working...
I was trying to search my database for the email address with the verification field set to '1', I'd then see how many times it found this result. If it found it '0' times then that's fine to verify, if it found it once then its already been verified before.
function email_not_verified ($email) {
include ('../connect.php'); // connect to database
//check it's not already verified
$checkEmail= $db->prepare("SELECT * FROM players WHERE sent_verification=?, email=?");
$checkEmail->execute(array('1', $email));
$check2 = $checkEmail->rowCount();
if ($check2 = 1){
return TRUE;
}
else{
return FALSE;
}
}
I've been using
file_put_contents('results.txt',$check2);
to see the results of the code regardless of whether its putting out a TRUE or FALSE. But the result comes back as '0', even though I can see from looking at my database it should be '1'.
I'm not sure if there's a whole easier way to approach this, I keep trying to get my head around bind values but it's not yet sinking in... I'll continue to try.
Thanks for any help, guidance, pointing out the obvious... I feel like I've taken the wrong path with my script but can't think how else to approach it...
Cheers
Jon
Your if statement is wrong. You're using the assignment operator instead of comparison. This doesn't matter though because rowCount isn't always reliable, which is probably where the actual problem is. What you need to do is fetch the first row and see if you get a row back.
However, you probably don't want to attach this to e-mail verification. When users change their e-mail address, you will want to verify that new address and you probably don't want to give them 300 more credits each time they do. Otherwise, someone could programmatically change their e-mail address over and over again, creating a lot of credits for themselves.
I would separate out the 300 free credits as a coupon or something that can only be used once per account. On e-mail verification, if that coupon hasn't already been used up for that account, use it and mark it as such in your database. This could be done simply by adding another column for new_account_bonus_credits or something.
I have a bit of an issue with my code.
I'm making an administrative panel for users to add things to the database. On occasion, they might try to save data without changing it (open a dialog, click save without changing anything). This, of course, will make mysql_affected_rows() return '0' when checking to see if the UPDATE query worked.
Is there another query to make that will always UPDATE regardless of whether the data is the same or not (or can I modify a simple UPDATE query to always update)?
EDIT
This is for users who don't have programming experience. Of course you wouldn't want to update if there's no reason to, but when a user tries to update and it doesn't happen I end up showing a failure message. Rather than there being something wrong, its just it doesn't need to be updated. I need a way to show the user that, instead of a generic 'failure' message. If it failed for another reason, I still need to know.
From the MySQL Documentation:
If you set a column to the value it currently has, MySQL notices this
and does not update it.
Instead of checking mysql_affected_rows, just check to see if the query was successful:
if(!mysql_query("UPDATE ..."))
{
//failure
}
else
{
$verification = mysql_query("SELECT ROW_COUNT() as rows_affected");
$row = mysql_fetch_row($verification);
$rows_affected = $row[0];
if ($rows_affected > 0)
{
//update was performed
}
else
{
//no update was needed
}
}
i am using jquery chat tutorial
for chatting. I am working on this to make registration separately using a username and password.
Right now it is taking username and gravatar for registration. I changed my code for registration. But if it gets a username in the database, it just updates its timestamp and password leaving the username unchanged. But i want to show error if the username already exists. How can i achieve this goal?
Also it is deleting the user from database after some time of idle state. How can i remove this functionality?
Set the name field in webchat_users to unique. Or insert following lines of code into your PHP class:
$userEnteredName = 'John';
$row = mysql_fetch_assoc(DB::query("SELECT `name` FROM `webchat_users` WHERE `name` LIKE '".mysql_real_escape_string($userEnteredName)."' LIMIT 1"));
if(!empty($row['name'])) {
// Username taken
die('Username taken.');
} else {
// Proceed registration.
}
For your second problem: Simply remove line 33 & 34 from Chat.class.php.