Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: How to compare passwords in TXP?
I looked at another function as well, trying to understand what it does:
function gvv_query_db ($name)
{ //Check whether user in the table
if(safe_count(safe_pfx('gvv_user_edit'), "name = '".doSlash($name)."'") == 1)
{
$repet = safe_field('repet', safe_pfx('gvv_user_edit'), "name = '".doSlash($name)."'");
//check how many once tried to remember the password
if ($repet < 5)
{ //If less than 5 once, then add 1 and return to "allowed to try"
$repet = $repet + 1;
safe_update(safe_pfx('gvv_user_edit'), "repet = '$repet'", "name = '".doSlash($name)."'");
return ;
}
else
{ //consider whether the time recorded
$time = safe_field('time',safe_pfx('gvv_user_edit')," name = '".doSlash($name)."'");
if(!empty($time)) //time is not?
{
if($time > time()) //time more than now
{
$a=1;
return $a; // relax and remember your password
}
else
{ //otherwise you can make an attempt initially
$repet = 1;
safe_update(safe_pfx('gvv_user_edit'), "repet = '$repet', time = ''", "name = '".doSlash($name)."'");
return ;
}
}
else
{ //if there was no time, then write to the table time of 10 minutes
$time = time() + 600;
safe_update(safe_pfx('gvv_user_edit'), "time = '$time'", "name = '".doSlash($name)."'");
$a=1;
return $a;
}
}
}
else
{ //If the user does not
$repet = 1;
safe_insert(safe_pfx('gvv_user_edit'), "repet = '$repet', name = '".doSlash($name)."'");
return ;
}
}I rewrote that to this, which should do the same thing, difference being that I use TRUE/FALSE instead of 1/undefined as return values. If you combine that with a different function name, like ‘ggv_query_db_allowed’, you can call the function like this and it’s easy to understand: if (ggv_query_db_allowed()) { do something }:
// returns TRUE if you are allowed another try or FALSE if you tried too many times in a short time.
function gvv_query_db ($name)
{
//check how many once tried to remember the password
$repet = safe_field('repet', safe_pfx('gvv_user_edit'), "name = '".doSlash($name)."'");
// user didn't exist yet?
if($repet === FALSE)
{
safe_insert(safe_pfx('gvv_user_edit'), "repet = 1, name = '".doSlash($name)."'");
return TRUE;
}
//If less than 5 once, then add 1 and return to "allowed to try"
if ($repet++ < 5)
{
safe_update(safe_pfx('gvv_user_edit'), "repet = $repet", "name = '".doSlash($name)."'");
return TRUE;
}
//consider whether the time recorded
$time = safe_field('time',safe_pfx('gvv_user_edit')," name = '".doSlash($name)."'");
//if there was no time, then write to the table time of 10 minutes
if (empty($time))
{
$time = time() + 600;
safe_update(safe_pfx('gvv_user_edit'), "time = '$time'", "name = '".doSlash($name)."'");
return FALSE;
}
if($time > time()) //time more than now
{
return FALSE; // relax and remember your password
}
else
{ //otherwise you can make an attempt initially
safe_update(safe_pfx('gvv_user_edit'), "repet = 1, time = ''", "name = '".doSlash($name)."'");
return TRUE;
}
}If I understand correctly, this means: you’re allowed to try if you’ve never tried before or tried less than 5 times. But on the 5th attempt, you’re checking if $time exists. If it does not, then you set the time to 10 minutes in the future (and that attempt fails) and any other attempts that happen during those 10 minutes fail as well. Once the 10 minutes have passed, you’re once again granted 5 new attempts. So basically this allows to to quickly try 5 times, but over a longer period you can only try at most once per 2 minutes on average. Nice.
Syntax: I’m learning php 3 weeks.
Is PHP your first programming language or did you learn writing programs in other languages before?
Offline
Re: How to compare passwords in TXP?
Thanks, now I understand.
I will try to follow it.
If I understand correctly, this means: you’re allowed to try if you’ve never tried before or tried less than 5 times. But on the 5th attempt, you’re checking if $time exists. If it does not, then you set the time to 10 minutes in the future (and that attempt fails) and any other attempts that happen during those 10 minutes fail as well. Once the 10 minutes have passed, you’re once again granted 5 new attempts. So basically this allows to to quickly try 5 times, but over a longer period you can only try at most once per 2 minutes on average. Nice.
Yes, probably a good thing.
I will try to implement it now.
Is PHP your first programming language or did you learn writing programs in other languages before?
Yes, 15 years ago, VB, and the basis C, but did not write anything on the C.
So, I can say no. =)
Perhaps that is why so many questions.
In connection with the release of 4.4.
As it is now worth checking your password?
And will the source code posted on PHPXref ? There is organized a very good search functions and variables.
Last edited by skrishi (2011-03-27 18:03:35)
Offline
Re: How to compare passwords in TXP?
skrishi wrote:
And will the source code posted on PHPXref ? There is organized a very good search functions and variables.
PHPXref is the old site, the new location is PHPCrossRef.
We Love TXP . TXP Themes . TXP Tags . TXP Planet . TXP Make
Offline
Re: How to compare passwords in TXP?
hcgtv wrote:
PHPXref is the old site, the new location is PHPCrossRef.
Thank you, now would be convenient to seek the necessary.
Offline
Re: How to compare passwords in TXP?
skrishi wrote:
In connection with the release of 4.4.
As it is now worth checking your password?
I don’t understand the question.
Offline
Re: How to compare passwords in TXP?
ruud wrote:
I don’t understand the question.
Can I use txp_validate() to check the password instead of (safe_count(safe_pfx('txp_users'), "(pass=password('".doSlash($oldpass)."')) or pass=password(lower('".doSlash($oldpass)."')) and name='".doSlash($name)."'") == 1)?
It will be right for the public side?
Offline
Re: How to compare passwords in TXP?
skrishi wrote:
Can I use
txp_validate()
Yes, you can.
/**
Include txp_auth.php. "txpath" constant will return the
absolute path to /textpattern/ directory
*/
include_once txpath.'/include/txp_auth.php';
/**
Setting the third parameter to false, will make it just to
check the credentials w/o updating the last access time
*/
if(txp_validate($name,$oldpass,false) == false)
return;
safe_field('repet', safe_pfx('gvv_user_edit'), "name = '".doSlash($name)."'");
You don’t need to use safe_pfx() when using TXP’s safe_ functions to run queries. Safe_ functions already automatically adds prefix to the table name. You only need to use safe_pfx() when building your own queries with safe_query() (or mysql_query()) function that doesn’t offer dedicated table parameter.
Offline
Re: How to compare passwords in TXP?
Gocom wrote:
Yes, you can.
/**
Include txp_auth.php. "txpath" constant will return the
absolute path to /textpattern/ directory
*/
include_once txpath.'/include/txp_auth.php';
/**
Setting the third parameter to false, will make it just to
check the credentials w/o updating the last access time
*/
if(txp_validate($name,$oldpass,false) == false)
return;
I do it: if(!txp_validate(doSlash($name), $oldpass))
{
return gvv_gTxt('old_pass_error');
}
$rs = safe_update(safe_pfx('txp_users'), "pass = password(lower('".doSlash($oldpass)."'))", "name = '".doSlash($name)."'");
safe_delete(safe_pfx('gvv_user_edit'), "name = '".doSlash($name)."'");It seems it works. At least if we mean "pass = password (lower ('". doSlash ($ new_pass )."'))"
But I’ll keep in mind. Thank you.
You don’t need to use
safe_pfx()when using TXP’ssafe_functions to run queries.Safe_functions already automatically adds prefix to the table name. You only need to usesafe_pfx()when building your own queries withsafe_query()(ormysql_query()) function that doesn’t offer dedicated table parameter.
Okay, I’ll remove the excess
Thank you
Last edited by skrishi (2011-03-27 23:21:20)
Offline
Re: How to compare passwords in TXP?
skrishi wrote:
if(!txp_validate(doSlash($name), $oldpass))
Do not use doSlash(). You would be double escaping the $name as txp_validate() already does escaping. Also, set the third $log parameter to false if you don’t want to extend the active session’s life-time.
Offline
Re: How to compare passwords in TXP?
Gocom wrote:
if(!txp_validate(doSlash($name), $oldpass))
Do not use
doSlash(). You would be double escaping the$nameas txp_validate() already does escaping. Also, set the third$logparameter to false if you don’t want to extend the active session’s life-time.
Yes, I have seen and corrected already.
But thanks anyway for the reminder.
Offline
Re: How to compare passwords in TXP?
Good afternoon.
I rewrote a lot. This time I did not translate everything into English, that would not waste your time. In addition, most of all, I would have done it wrong.
If possible, please give an example of how to make a language file that I could fix it.
If all is well, then I think it can be laid out for installation.
Offline