codeigniter 密码更改密码

iecba09b  于 2022-12-06  发布在  其他
关注(0)|答案(2)|浏览(180)

我是新的codeigniter,并试图写一个安全的代码来更改用户密码。请帮助我
我的控制器功能包括

public function change_password()
          {

            $data = array( "main_content" => 'includes/memberadmin/memberadmin_cpass'
                );
                $this->load->view('includes/memberadmin/template',$data);
          }

        public function change_password_process()
        {

        $this->load->library('form_validation');
        $this->form_validation->set_rules('old_password','Old Password','trim|required|min_length[4]|max_length[32]');
        $this->form_validation->set_rules('password','Password','trim|required|min_length[4]|max_length[32]');
        $this->form_validation->set_rules('password2','Reenter Password','trim|required|min_length[4]|max_length[32]|matches[password]');

        if ($this->form_validation->run() == FALSE)
        {
            $this->change_password();

        }else {
            $this->load->model('membership_model');
            $query=$this->membership_model->change_password();

                $data = array( "main_content" => 'includes/memberadmin/memberadmin_cpass_process',
                "query" => $query
                );
                $this->load->view('includes/memberadmin/template',$data);

        }

我模型函数是

function Change_password()
        {   
        $this->db->select('id');
        $this->db->where('username',$this->session->userdata('uname'));
        $this->db->where('password',md5($this->input->post('old_password')));
        $query=$this->db->get('memberadmin');   

        if ($query->num_rows() > 0)
         {
                $row = $query->row();
                if($row->id==$this->session->userdata('uid'))
                {
                    $data = array(
                      'password' => md5($this->input->post('password'))
                     );
                  $this->db->where('username',$this->session->userdata('uname'));
                  $this->db->where('password',md5($this->input->post('old_password')));
                       if($this->db->update('memberadmin', $data)) 
                       {
                       return "Password Changed Successfully";
                       }else{
                        return "Something Went Wrong, Password Not Changed";
                       }
                }else{
                return "Something Went Wrong, Password Not Changed";
                }

         }else{
            return "Wrong Old Password";
         }

        }

实际上,我的用户ID和用户名存储在会话中,我尝试从表中获取用户名,并再次将返回的用户ID与会话用户ID进行匹配,以获得额外的安全性,然后更改密码。
请让我知道我的代码是安全的还是我做错了什么。

ttisahbt

ttisahbt1#

首先,您可以在匹配用户ID时使用===代替==

if($row->id===$this->session->userdata('uid'))

在plus中,为了提高安全性,您可以在更新密码时在where子句中再添加一行

$this->db->where('username',$this->session->userdata('uname'));
$this->db->where('id',$this->session->userdata('uid'));
$this->db->where('password',md5($this->input->post('old_password')));
brvekthn

brvekthn2#

$this-〉db-〉where('用户名',$this-〉会话-〉用户数据('uname'));如果您有一个会话,那么您就可以使用这个会话来访问您的数据库。输入密码,输入密码,输入密码,输入密码。

相关问题