The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Validating Password (while already logged on)
#1
Hi, Loving UserSpice thank you so much for your time and effort.

I have a website that Ive built around UserSpice and it requires a users password to be confirmed to complete a certain action (part of a form) Even when user is already logged on. an added security measure for this particular action

Ive tried ripping the login script to find the correct logic and even though I can confirm the users has entered the correct password Im unable to pass any of the $_POST variable through the form. I suspect Its something to do with the validation Class, but I just need a point in the right direction.

Am I going about this all wrong? Is there a better way of doing this? Your help is appreciated.

Im a bit of a novice on a sharp learning curve here
  Reply
#2
Sorry for the delay in getting back to you. I've been in 2 really long days of meetings. If you just need to confirm the password, for the form, then you probably shouldn't bother with using the login form because it's kind of one of the more complicated parts of UserSpice (I built it for multiple projects and really need to strip it down.

I will try to work on some code for you, but would you mind posting the code you're working on on pastebin or hastebin and sharing the link here? I might be able to point you in a direction faster.
  Reply
#3
One other part of the equation is whether or not the user MUST be logged in to even see this page or if the user can be logged in or not logged in. You would use different logic.
  Reply
#4
So... I decided to make a quick new page and add it to the database (by going to the admin panel and admin_pages). The page is pretty stripped of everything besides what is necessary.

It's on hastebin at http://hastebin.com/eyeramunam.xml

The gist of what you have to do is to use php's password_verify feature to see if what you have stored in the database matches what they entered. I used UserSpice's Input::get method to sanitize the data. So the checking logic is...

Code:
<?php if(!empty($_POST)){
Code:
//I called the form field password
Code:
$password = Input::get('password');

Code:
//password_verify is a php thing and user->data is the userspice way of accessing user info
Code:
if(password_verify($password,$user->data()->password)){

Code:
//bold is a userspice function that is similar to echo but makes text easier to see on our dark backgrounds
Code:
bold("<br>The passwords match");
Code:
}else {
Code:
bold("<br>The passwords do not match");
Code:
}

Note that this all assumes that the user is logged in already. If they're not logged in, it will throw up an error because there is no $user variable. If you need that ability, let me know and I'll see what I can do.
  Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)