codeigniter change password

2019-05-30 00:27发布

站内文章 / PHP
46 0 0

问题:

i am new to codeigniter and trying to write a secure code to change user password. please help me

my Controller function are

public function change_password()
          {

            $data = array( "main_content" => 'includes/memberadmin/memberadmin_cpass'
                );
                $this->load->view('includes/memberadmin/template',$data);
          }

        public function change_password_process()
        {

        $this->load->library('form_validation');
        $this->form_validation->set_rules('old_password','Old Password','trim|required|min_length[4]|max_length[32]');
        $this->form_validation->set_rules('password','Password','trim|required|min_length[4]|max_length[32]');
        $this->form_validation->set_rules('password2','Reenter Password','trim|required|min_length[4]|max_length[32]|matches[password]');

        if ($this->form_validation->run() == FALSE)
        {
            $this->change_password();

        }else {
            $this->load->model('membership_model');
            $query=$this->membership_model->change_password();


                $data = array( "main_content" => 'includes/memberadmin/memberadmin_cpass_process',
                "query" => $query
                );
                $this->load->view('includes/memberadmin/template',$data);


        }

my model functions are

function Change_password()
        {   
        $this->db->select('id');
        $this->db->where('username',$this->session->userdata('uname'));
        $this->db->where('password',md5($this->input->post('old_password')));
        $query=$this->db->get('memberadmin');   

        if ($query->num_rows() > 0)
         {
                $row = $query->row();
                if($row->id==$this->session->userdata('uid'))
                {
                    $data = array(
                      'password' => md5($this->input->post('password'))
                     );
                  $this->db->where('username',$this->session->userdata('uname'));
                  $this->db->where('password',md5($this->input->post('old_password')));
                       if($this->db->update('memberadmin', $data)) 
                       {
                       return "Password Changed Successfully";
                       }else{
                        return "Something Went Wrong, Password Not Changed";
                       }
                }else{
                return "Something Went Wrong, Password Not Changed";
                }


         }else{
            return "Wrong Old Password";
         }

        }

Actually my userid and username is stored in session and i try to get username from table and again match the return userid with session userid for extra security and then change password.

Please let me know does my code is secure or i am doing something wrong.

回答1:

first you can use === in place of == while matching user id

if($row->id===$this->session->userdata('uid'))

in plus for more security you can add one more line in where clause while updating the password

$this->db->where('username',$this->session->userdata('uname'));
$this->db->where('id',$this->session->userdata('uid'));
$this->db->where('password',md5($this->input->post('old_password')));


标签: php codeigniter security
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~