I used rule exists for check Email has in database or not
https://laravel.com/docs/8.x/validation#rule-exists
But I realize in Gmail can add characters as ".","+" without affecting the original Email
It means, a User can create so many account without use other Email
My question is
How do I can validate email exist in database which can prevent the above case?
so you don't want the user to register himself by entering email that contains dot and plus symbol. Simply use regular expressions to validate
whenever the enter email for registration, try to ensure that it is proper gmail address (or you can add validation for other mail addresses including domain names), if the email fullfils the condition, let the email inserted into the database
so simple
Related
I am new to programming...
I know this probably is the best way to do an Offline login page
but
MYSQL users db (consists of usernames, passwords, id) is 'downloaded' from a php script to iOS device.That part works, and the users print to the console.
What I am struggling with is, checking the textfield where the user enters their username to the 'usersArray' to see if it exists at index[0]
Any help is appreciated.
I'm not entirely sure what you are trying to do here but I think you are trying to take the value of a text field and see if that value appears in your usersArray. Provided this is the case try:
let exists = usersArray.contains(usernameTextField.text)
This will give you a Bool that indicates if the username exists in your array.
Side Note:
Hopefully you are only doing some general testing at the moment but in case you aren't… Please don't send passwords in plain text and absolutely don't download all usernames and passwords even in an encrypted format to a device! Aside from potentially taking up a large amount of space on the user's device you would be making it very easy for unscrupulous people to crack every user password in your database!
In our web application we want to use DB2 row level access control to control who can view what. Each table would contain a column named userId which contain the user id. We want log-in users be able to see only row's usereId column with theirs id. I have seen db2 permission examples using DB2 session_id or user, for example taking DB2 given Banking example :
CREATE PERMISSION EXAMPLEBANKING.IN_TELLER_ROW_ACCESS
ON EXAMPLEBANKING.CUSTOMER FOR ROWS WHERE BRANCH in (
SELECT HOME_BRANCH FROM EXAMPLEBANKING.INTERNAL_INFO WHERE EMP_ID = SESSION_USER
)
ENFORCED FOR ALL ACCESS
ENABLE;
Our table gets updated dynamically hence we don't know what row get added or deleted hence we don't know what are all the user Id in the table.
At any given time, different user would log-on to the web to view information retrieve from the tables, the permission declaration above only take SESSION_USER as the input, can I change it to something like Java function parameter where one can pass arbitrary id to the permission? If not then how do I handle different log-in users at arbitrary time? Or do I just keep changing SESSION_USER dynamically as new user login (using "db2 set" ??)? If so then is this the best practice for this kind use case?
Thanks in advance.
Since the user ID in question is application-provided, not originating from the database, using SESSION_USER, which equals to the DB2 authorization ID, would not be appropriate. Instead you might use the CLIENT_USERID variable, as described here.
This might become a little tricky if you use connection pooling in your application, as the variable must be set each time after obtaining a connection from the pool and reset before returning it to the pool.
Check out Trusted Contexts, this is exactly why they exist. The linked article is fairly old (you can use trusted contexts with PHP, ruby, etc. now).
I have a local Silverstripe instance but I cannot login and the owners are battling to find their login details. I have the DB so how can I find the Users table and edit it, or make myself an admin account? Thanks
Despite having solved your problem, you did not answer your own question :-). For Google's sake I will try...
The user table is called "Member". It has got the email address and the password in it. You can not manually change the password here, as it is hashed. What you can do is change the email address and use the "forgot password" functionality (in case the client can't do that himself), change the password for the client through the application backend (cms) and change the email address back to its original value. If you are wondering what the MemberPassword table does: AFAIK it only stores a copy of all used passwords by a user (password history)
When you want to make an account administrator, you should first take a look at the Group table and look for "administrators" in the "Code" Column. Take that ID (normally, this would be 2). After that, take a look in the Member table, and look for the user you want to make an admin. Take the ID here as well.
Next, open the Group_Member table and insert a new row (or change the existing if you want) and specify the group id under GroupID and the member id under MemberID.
Adding Security::setDefaultAdmin('admin','admin'); to the _config.php also works, but don't forget to remove it afterwards, just as any phpmyadmin or equivalent that you installed :-)
Just found this add Security::setDefaultAdmin('username', 'password'); to mysite/_config.php. Worked like a bomb!
Create a file _ss_environment.php in the webroot (or the folder above it) if it doesn't already exist. Add these two lines to the bottom:
define('SS_DEFAULT_ADMIN_USERNAME','admin');
define('SS_DEFAULT_ADMIN_PASSWORD','password');
I need to reset my Drupal site's admin password and I can't user the email reset because the admin email doesn't exist.
I followed the directions here: http://www.ostraining.com/blog/drupal/reset-your-drupal-admin-password/
I ran the SQL: UPDATE dr_users SET pass = md5('newpassword') WHERE uid = 1; - no luck
I also tried entering a password into the users table manually in plain text. - no luck
At this point I'm not sure what the problem is.
The only thing I can think of, and I can't see why this would be it, is that I have a browser open with Admin logged in using the old password. This seems to be a hint to my problem as I would expect that on page refresh I would get logged out as the password has now changed.
try to update the admin email via mysql, then have drupal email you the password reset.
To see what you have now, you could look at the output from SQL
SELECT * FROM dr_users WHERE uid = 1;
It is pretty easy!
With the access to the table "users" (i.e. this table can have a prefix that you have already mentioned during the installation part, so yourPrefix_ can be your project's name as mywebsitename_, and in this case you'll have mywebsitename_users) in your database via PhpMyAdmin for example.
You should alter the "pass" column associated with the "uid" column with the value 1 (i.e 1 for the admin user account).
As the encrypted value for the password: Admin_12345 is =>
$S$DifCVXg9tNtHadziyyQJQVLAaZzW5EgS6OjR56D.mk8MpNQs1II2
You can accede to your admin account after replacing the old hashed password value stored in your database that you have totally forgotten.
Don't forget to change the password: Admin_12345 after you accede to your account ;)
I couldn't come up with a better title, so here is what I'd like to do in an Active Directory (Windows 2008 R2):
A user forgot his password and asks an admin to set his password to a new, randomly generated password. Using this random password, the user logs in again and is prompted to change his password (via having the pwdLastSet option set to 0 when setting the random password).
So far, so good.
Is there a way to enforce that the new random password is only valid for a certain amount of time? The only idea I could come up with was to also set the accountExpires property to "now + n hours", but this poses the problem that I'd have to reset this property as soon as the user legitimatly changes his password within the given time frame, and I don't know how to do that.
Is this at all possible using Windows functionality?
if you have a PasswordExpire date field for each password you can use that. if you don't have, i would recommend you create one.
if you don't want this kind of field you can create a database/file/any other way you choose that contains temporary passwords and their expire date/time
there are many other ways to do it. you need to decide the best for you and if you need help come to use with a problem, this is more a recommendation question.