We are writing a user management module where the admin can change passwords for other users.
We store hashed passwords of users in DB.
The question is what field do we present to the admin user ?
There are some options:
Present the input filed with no value, and change the password only if the some value was entered
Present the input field with fixed-length string, and detect the change when the value changes
There's an option of presenting a change password button, but we prefer not to do it this way.
What option do you use and why ?
I would go with option 1.
Present the input filed with no value, and change the password only if the some value was entered
This is because its not really a "change password" option, its really a "set password" option. There is no value in showing the current hash to the admin user.
So in your update user code you just check if the password field is set, if so hash the new value and store the new hash.
Note: this is traditionally different to the way a user (including admin) changes their own password.
In that case the user is usually prompted for the value of the old password to ensure that its not someone else coming across the screen when its already logged in. But if you wanted to re-use the same screen (with a different where clause) then this is not essential - just what's normally done.
After a few minutes of brainstorming we got to the merged option, of showing fixed-size value inside the text-box and use onfocus() and onblur() events to blank the field on focus and return to the fixed size string on loose of focus when no text was entered.
Related
We have a login/ registration form. I filled all the fields username, first name, last name and password.
Now I clicked on back button from browser and again clicked on forward. All information is there except password field.
Password field gets empty.
I know its a default property of password field but i need the reason.
Can anyone help on this.?
Thanks.
This is the expected behaviour, as someone could come along, click back and then use a tool to show the password behind the *'s
I am trying to develop a profile form in Joomla so users can update their information - including changing their password.
However, as can be seen in the below example, the dots just flow beyond the viewable string in the field. Is there a way I can show the correct number of dots for the users password? For example, a user with an 8 character password:
<form>
<input type="password" name="psw" value="********">
</form>
<form>
<input type="password" name="psw" placeholder="********">
</form>
I'm getting the input field populated as this:
PS I'm aware aware of identifying password length as in this question. However, with hashing/salting for the type of site this is that it is acceptable
Updated slightly to incorporate the comments.
In the first example (with "value") what you are doing is setting the actual value of the password to a series of '*' if the form is saved. Then the Joomla password field is doing what it does which is to obfuscate the new password.
I don't know if you can use a place holder give that the field has a value (although the value is not displayed). If it would the placeholder would be something like "Enter new password". The password will be automatically obfuscated as the user types it. However if a password already exists neither a placeholder nor a value would be rendered by the field.
From what I can tell you are talking about editing the profile, in which case there is an existing password.
The Joomla password field never displays back the original password once it has been set, it just provides a blank space for the user to change passwords if desired. If a user is changing their password they should just see an empty field and then one dot for each character they type. The password field cannot show the existing password because it is hashed in the database. There is no way for the field to retrieve the actual password, only the hashed password. The only way to get the real password is for the user to type it in.
You don't say where $pass is coming from but if you are pulling it from the database it is the hashed value and then it is going to be double hashed on save.
Is there really a good reason not to use the Joomla profile edit form? Or if there is not to just copy and modify it?
With access sysop and database access how do I change the Email address associated with a user?
The user table in the database has everything encoded as BLOBs. If I can decode and encode those values presumably I can just update user.user_email.
UPDATE user SET user_email='foo#bar.com' WHERE user_id=... should just work. However, if you need to also set the confirmed flag, see instructions here (replace the mwscript line with php maintenance/eval.php). If you need to set their email only so that they could reset their password, see https://www.mediawiki.org/wiki/Manual:Resetting_passwords
You can get a current list of users and emails like this (i.e. decode):
SELECT Cast(user_name AS CHAR), Cast(User_Email AS CHAR) FROM user;
MaxSem's answer did not work for me, but here is a MediaWiki maintenance script (introduced in v1.27) that'll do the trick: https://www.mediawiki.org/wiki/Manual:ResetUserEmail.php
Go to the base directory of your wiki, and type something like this:
php maintenance/resetUserEmail.php uuuu new#email.address
to change user uuuu's email address to new#email.address. By default, this will change the user's password so that the user has to reset it, which can usually be done on the wiki website. You might need to add user name and password for database access, e.g.:
php maintenance/resetUserEmail.php --dbuser myuser --dbpass wordpass uuuu new#email.address
I have a form in which we are showing customer records in a grid.User clicks a row, and in a new form record is shown.After editing some values, user may click cancel. if so, in grid we need to return to original values.
How can I restore the original state of the entity.We are using linq-to-sql, and grid is bounded to List.One way I see is,using getoriginalentitystate method.
If a user cancels a process, no change is made at the Database and the control reverts back to the pre-action state. This is a normal and built-in behaviour.
In case, if this is not happening, try rebinding List to it's DataSource, like
myList.Databind()
As the user is entering data in the form, the values should be stored in your UI layer (not written to your "database"). The data in the form is held there temporarily until the user clicks 'OK'/commit. If the user clicks 'cancel' the form is simply discarded and not written to the database.
Until the user hits 'OK', the original data is still in the database. You can get the original values there.
I need help to quickly add about >100 username and password to a locally installed Wordpress.
I have a list of usernames in text file, and I'd let each password to be equal to username (or someother function if equal is not allowed by Wordpress).
Is there a way I can programmatically add users to Wordpress? I have access to wordpress database if that helps.
Thanks.
If you don't want to use a plugin and you have your users and passwords stored in an array, simply throw it into a loop and use the 'wp_create_user' function. It takes 3 parameters (username, password and email). It will return the ID if successful and false if not.
http://codex.wordpress.org/Function_Reference/wp_create_user
Check out this plugin, it will let you import users from a csv which is basically what you're looking to do:
http://www.dagondesign.com/articles/import-users-plugin-for-wordpress/