In my project, the password is hashed and saved in the database, but how can I get the origin password if I forgot the password?
You can't, that's the whole point of using a hash.
If someone forgot their password, then they should set a new one, ie you should implement some form of password reset functionality accordingly.
You can't have it ! If user forgot his password, you can send him a link to create a new one (with questions to check his identity).
Related
I'm very new to DotNetNuke but I'm creating a custom module where a user can update their details which will then be saved. One of these things is the password. I dont know the best way to insert something into the DotNetNuke database or which table the password is stored in. Can anyone help me with this?
Thanks
EDIT: I've noticed a "ChangePassword" function under the UserController class which would sound like it would do the trick, however its asking for the old password of the user which I don't know how to get
You don't need to know the old password, use
MembershipProvider.Instance().ResetAndChangePassword(user, "password");
where user is UserInfo type object of your user, "password" is the string with new password.
It works in dnn 7.
I have had success getting and updating a user's password using the following code.
strUsername = Entities.Users.UserController.GetCurrentUserInfo.Username
strPassword = Membership.Provider.GetPassword(strUsername, String.Empty)
Membership.Provider.ChangePassword(strUsername, strPassword, txtPassword.Text)
I am looking to build a "reset password" function in my CakePHP app, and reading around the net I have decided to: Have the user type in their email address, send them an email with a link to http://www.mysite.com/users/reset_password/generated_uuid_that_expires_in_24_hours. This will present a form that allows them to change their password. Obviously the hiccup is that I don't know how to log the user in with a temporary password. Am I approaching this correctly? I am thinking that the url I send them would be a hashed version of their email plus a uuid to use as a temp password, and that I would perform a user id lookup based on the email that comes in the url....but still, I wouldn't know how to manually log them in so they can change their password.
I use the session approach.
after using the token from the email the user gets a
Tmp.User.id (as opposed to Auth.User.id)
in the session which will allow him to change the password.
afterwards it will be removed from the session again.
While developing my app, I suddenly can't login using Auth anymore, according to Cake, the password or username is not correct.
When I track the query, the password (hashed) that Cake is looking for is not the one that the user has. I matched the query password to the User table in MAMP.
What can be the reason of this sudden error? What can Cake make looking for another password that not exists in the user table.
all error logs are clear
I can register a user without any issue
I use everything the standard Cake way (Auth, register process etc)
Many thanks!
well, most likely, you changed the salt value in core.php or hash mehod, or both. That's the only 2 reasons the hash is different for the same password.
I am interested in testing the incoming password field for a particular admin level password. If it matches, I want it to manually have Auth log in with whatever username they want (submitted via form)
My understanding is Auth, in taking the data, will only authorize it if it sees the same email/hashed password in the database. Is there a way to get around this check to manually set it? Even $this->Auth->login(..) will do this check right?
$this->Auth->login($userId)
Auth::login accepts either a username/password combination or simply a user id (the primary key of the user model in the database).
see my answer here: Using username instead of email in CakePHP's Auth Component
It's not the same question, but the idea is, when the login fails, you can intercept it and do what you want.
On my password reset page, I save the user's new password using Security::hash(). When I then try to log in though, my database saved hashed password does not match the version that Auth comes up with when hashing my input in the login field.
I assume this is something like Security::hash() using my application salt to hash the password, whereas Auth doesn't use that salt?
How do you go about this?
Have you tried the AuthComponent::password() method instead?
Also, if the field is named password, check that AuthComponent hasn't already hashed it.
Edit: In 3.x, see DefaultPasswordHasher::hash() instead, as explained in Hashing Passwords.
should be Security::hash($password, 'sha1', true)
you can leave the second parameter NULL because Auth use the same hash as specified in Security.