I want to ask how to change password for logged in user, I can change the password when I enter password that matches anyone in database. For just example, user have "admin" password, I just enter the current password, new password and confirm password.
Current password: admin New Password: newadmin Current Password: new admin
And also I don't know how to change the password if the password uses md5(). I hope you can help me, I am a newbie on Codeigniter. I search answers but I really don't understand it so I want to comment but it's required 50 reputation so I post new question.
Here's my code :
Controller
public function update(){
$this->form_validation->set_rules('password', 'Current Password', 'required|alpha_numeric|min_length[6]|max_length[20]');
$this->form_validation->set_rules('newpass', 'New Password', 'required|alpha_numeric|min_length[6]|max_length[20]');
$this->form_validation->set_rules('confpassword', 'Confirm Password', 'required|alpha_numeric|min_length[6]|max_length[20]');
if($this->form_validation->run()){
$cur_password = $this->input->post('password');
$new_password = $this->input->post('newpass');
$conf_password = $this->input->post('confpassword');
$this->load->model('queries');
$userid = '1';
$passwd = $this->queries->getCurrPassword($userid);
if($passwd->password == $cur_password){
if($new_password == $conf_password){
if($this->queries->updatePassword($new_password, $userid)){
echo 'Password updated successfully';
}
else{
echo 'Failed to update password';
}
}
else{
echo 'New password & Confirm password is not matching';
}
}
else{
echo'Sorry! Current password is not matching';
}
}
else{
echo validation_errors();
}
model
public function getCurrPassword($userid){
$query = $this->db->where(['id'=>$userid])
->get('users');
if($query->num_rows() > 0){
return $query->row();
} }
public function updatePassword($new_password, $userid){
$data = array(
'password'=> $new_password
);
return $this->db->where('id', $userid)
->update('users', $data); }
I got a solution for my problem.
For logged in user I just changed the $userid = '1'; into $userid = $this->session->userdata('account_id');
And for the md5 password I just add md5 on passwords.Like what @sintakonte did and @zaph is right.
"Only use strong password hashing algorithms like BCrypt, which is used in PHP’s own Password Hashing functions."
Reference : https://www.codeigniter.com/userguide3/general/security.html
Thanks for the help guys!