Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#37 2011-03-27 22:45:33

Gocom
Developer Emeritus
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,533
Website

Re: How to compare passwords in TXP?

skrishi wrote:

Can I use txp_validate()

Yes, you can.

/**
	Include txp_auth.php. "txpath" constant will return the
	absolute path to /textpattern/ directory
*/
include_once txpath.'/include/txp_auth.php';
/**
	Setting the third parameter to false, will make it just to
	check the credentials w/o updating the last access time
*/
if(txp_validate($name,$oldpass,false) == false)
	return;

safe_field('repet', safe_pfx('gvv_user_edit'), "name = '".doSlash($name)."'");

You don’t need to use safe_pfx() when using TXP’s safe_ functions to run queries. Safe_ functions already automatically adds prefix to the table name. You only need to use safe_pfx() when building your own queries with safe_query() (or mysql_query()) function that doesn’t offer dedicated table parameter.

Offline

#38 2011-03-27 23:20:09

skrishi
Member
From: russia federation
Registered: 2011-02-25
Posts: 52
Website

Re: How to compare passwords in TXP?

Gocom wrote:

Yes, you can.

/**
	Include txp_auth.php. "txpath" constant will return the
	absolute path to /textpattern/ directory
*/
include_once txpath.'/include/txp_auth.php';
/**
	Setting the third parameter to false, will make it just to
	check the credentials w/o updating the last access time
*/
if(txp_validate($name,$oldpass,false) == false)
	return;

I do it:
		if(!txp_validate(doSlash($name), $oldpass))
		{
			return gvv_gTxt('old_pass_error');
		}
		$rs = safe_update(safe_pfx('txp_users'), "pass = password(lower('".doSlash($oldpass)."'))", "name = '".doSlash($name)."'");
		safe_delete(safe_pfx('gvv_user_edit'), "name = '".doSlash($name)."'");

It seems it works. At least if we mean "pass = password (lower ('". doSlash ($ new_pass )."'))"
But I’ll keep in mind. Thank you.

You don’t need to use safe_pfx() when using TXP’s safe_ functions to run queries. Safe_ functions already automatically adds prefix to the table name. You only need to use safe_pfx() when building your own queries with safe_query() (or mysql_query()) function that doesn’t offer dedicated table parameter.

Okay, I’ll remove the excess

Thank you

Last edited by skrishi (2011-03-27 23:21:20)

Offline

#39 2011-03-28 00:56:05

Gocom
Developer Emeritus
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,533
Website

Re: How to compare passwords in TXP?

skrishi wrote:

if(!txp_validate(doSlash($name), $oldpass))

Do not use doSlash(). You would be double escaping the $name as txp_validate() already does escaping. Also, set the third $log parameter to false if you don’t want to extend the active session’s life-time.

Offline

#40 2011-03-28 01:24:33

skrishi
Member
From: russia federation
Registered: 2011-02-25
Posts: 52
Website

Re: How to compare passwords in TXP?

Gocom wrote:

if(!txp_validate(doSlash($name), $oldpass))

Do not use doSlash(). You would be double escaping the $name as txp_validate() already does escaping. Also, set the third $log parameter to false if you don’t want to extend the active session’s life-time.

Yes, I have seen and corrected already.
But thanks anyway for the reminder.

Offline

#41 2011-04-18 13:53:13

skrishi
Member
From: russia federation
Registered: 2011-02-25
Posts: 52
Website

Re: How to compare passwords in TXP?

Good afternoon.

I rewrote a lot. This time I did not translate everything into English, that would not waste your time. In addition, most of all, I would have done it wrong.

If possible, please give an example of how to make a language file that I could fix it.

Code plug-in

If all is well, then I think it can be laid out for installation.

Offline

Board footer

Powered by FluxBB