密码更改密码 [英] codeigniter change password

问题描述

我是Codeigniter的新手，正在尝试编写安全代码以更改用户密码。请帮我

i am new to codeigniter and trying to write a secure code to change user password. please help me

我的控制器功能

public function change_password()
          {

            $data = array( "main_content" => 'includes/memberadmin/memberadmin_cpass'
                );
                $this->load->view('includes/memberadmin/template',$data);
          }

        public function change_password_process()
        {

        $this->load->library('form_validation');
        $this->form_validation->set_rules('old_password','Old Password','trim|required|min_length[4]|max_length[32]');
        $this->form_validation->set_rules('password','Password','trim|required|min_length[4]|max_length[32]');
        $this->form_validation->set_rules('password2','Reenter Password','trim|required|min_length[4]|max_length[32]|matches[password]');

        if ($this->form_validation->run() == FALSE)
        {
            $this->change_password();

        }else {
            $this->load->model('membership_model');
            $query=$this->membership_model->change_password();


                $data = array( "main_content" => 'includes/memberadmin/memberadmin_cpass_process',
                "query" => $query
                );
                $this->load->view('includes/memberadmin/template',$data);


        }

我的模型函数是

function Change_password()
        {   
        $this->db->select('id');
        $this->db->where('username',$this->session->userdata('uname'));
        $this->db->where('password',md5($this->input->post('old_password')));
        $query=$this->db->get('memberadmin');   

        if ($query->num_rows() > 0)
         {
                $row = $query->row();
                if($row->id==$this->session->userdata('uid'))
                {
                    $data = array(
                      'password' => md5($this->input->post('password'))
                     );
                  $this->db->where('username',$this->session->userdata('uname'));
                  $this->db->where('password',md5($this->input->post('old_password')));
                       if($this->db->update('memberadmin', $data)) 
                       {
                       return "Password Changed Successfully";
                       }else{
                        return "Something Went Wrong, Password Not Changed";
                       }
                }else{
                return "Something Went Wrong, Password Not Changed";
                }


         }else{
            return "Wrong Old Password";
         }

        }

实际上我的用户名和用户名已存储在会话中，我尝试从表中获取用户名，然后再次将返回的userid与会话userid匹配，以提高安全性，然后更改密码。

Actually my userid and username is stored in session and i try to get username from table and again match the return userid with session userid for extra security and then change password.

请让我知道我的代码是安全或我做错了事。

Please let me know does my code is secure or i am doing something wrong.

推荐答案

首先，您可以在匹配用户ID时使用===代替==

first you can use === in place of == while matching user id

if($row->id===$this->session->userdata('uid'))

另外，为了提高安全性，您可以在更新密码的同时在where子句中添加一行

in plus for more security you can add one more line in where clause while updating the password

$this->db->where('username',$this->session->userdata('uname'));
$this->db->where('id',$this->session->userdata('uid'));
$this->db->where('password',md5($this->input->post('old_password')));

这篇关于密码更改密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！