TechQA.

Query builder update() codeigniter 4 not updateing my password

2.8k views Asked by At

i'd like to ask some question. I want to make a change password feature in codeigniter 4, so i have to updateing my old password, but when i do that, the password it's not updated, but all my flashdata works perfectly. I also try a normal sql query but not work too. Where is my mistake?

When i var_dump the new hash password, the new password is hashed, but again not updating my database.

This is my model

protected $user = 'user';

public function EditKataSandi($password_hash = null){
        $session = \Config\Services::session();
        $id = $session->get('id');
        $db      = \Config\Database::connect();
        $builder = $db->table($this->user);
        //$queryB = "UPDATE `user` SET `sandi` = $password_hash WHERE `id` = $id
        //";
        // $menu = $db->query($queryB);
        // return $menu;
        $builder->set('sandi', $password_hash);
        $builder->where('id', $id);
        return $query = $builder->update();
    }

my controller

protected $helpers = ['form', 'url', 'array'];
    public function katasandi($page = 'katasandi'){
            $request = \Config\Services::request();
            $validation = \Config\Services::validation();
            $model = new Model_all();
            $email = $this->session->get('email');

            if (!$email){
                return redirect()->to(base_url('/auth'));
            }else{
                $userAccess = $model->Tendang();
                if ($userAccess < 1) {
                    return redirect()->to(base_url('/auth/blokir'));
                }
            }

            if (! is_file(APPPATH.'/Views/admin/admin-katasandi/v_katasandi.php'))
            {
                // Whoops, we don't have a page for that!
                throw new \CodeIgniter\Exceptions\PageNotFoundException($page);
            }

            if($request->getMethod() == 'post'){
                $validation->setRules([
                    'katasandi_sebelum' => [
                        'label'  => 'Kata sandi sebelum',
                        'rules'  => 'required|trim',
                        'errors' => [
                            'required' => 'Harus diisi harus diisi!'

                        ]
                    ],
                    'katasandi_baru' => [
                        'label'  => 'Sandi Baru',
                        'rules'  => 'required|trim|min_length[6]|matches[katasandi_baru1]',
                        'errors' => [
                            'required' => 'Harus diisi!',
                            'matches' => '',
                            'min_length' => 'Terlalu pendek!'
                        ]
                    ],
                    'katasandi_baru1' => [
                        'label'  => 'Sandi Ulangi',
                        'rules'  => 'required|trim|min_length[6]|matches[katasandi_baru]',
                        'errors' => [
                            'required' => 'Harus diisi!',
                            'matches' => 'Harus sesuai dengan kata sandi baru!',
                            'min_length' => ''
                        ]
                    ]
                ]);
            }
                $data['nama'] = $model->GetNama();
                $data['title'] = ucfirst('Ubah Kata Sandi'); // Capitalize the first letter
                $data['user'] = $model->UserLogin();
                $data['menu'] = $model->MenuAll();
                $data['attr'] = ['id' => 'katasandi', 'name'=>'katasandi'];

            if($validation->withRequest($this->request)->run() == FALSE){
                echo view('admin/admin-base-html/v_header', $data);
                echo view('admin/admin-base-html/v_navbar', $data);
                echo view('admin/admin-base-html/v_sidebar');
                echo view('admin/admin-katasandi/v_katasandi', ['validation' => $validation,'session' => $this->session]);
                echo view('admin/admin-base-html/v_footer');
                echo view('admin/admin-base-html/v_js');
                echo view('admin/admin-katasandi/v_js_katasandi');
            }else{
                $pass_sebelum = $request->getPost('katasandi_sebelum');
                $pass_baru = $request->getPost('katasandi_baru');
                if (!password_verify($pass_sebelum, $data['user']['sandi'])) {
                    $this->session->setFlashdata('salah', 'Kata sandi sebelumnya salah!');
                    return redirect()->to(base_url('/pengguna/katasandi'));
                }else{
                    if ($pass_sebelum == $pass_baru) {
                        $this->session->setFlashdata('sama', 'Kata sandi baru tidak boleh sama dengan kata sandi sebelumnya!');
                        return redirect()->to(base_url('/pengguna/katasandi'));
                    }else{
                        $password_hash = password_hash($pass_baru, PASSWORD_DEFAULT);
                        $model->EditKataSandi($password_hash);
                        $this->session->setFlashdata('pesan', 'Kata sandi berhasil diubah!');
                        return redirect()->to(base_url('/pengguna/katasandi'));
                    }
                }


            }
        }

my view

<div class="col-sm-12 col-md-12 col-lg-12">
          <?php echo form_open(base_url().'/pengguna/katasandi', $attr);    ?>
          <?php echo csrf_field(); ?>

            <div class="card card-primary">
              <div class="card-header">
                <h4>Ubah kata sandi</h4>
              </div>
              <div class="card-body">
                <div class="row">
                  <div class="form-group col-lg-12 col-sm-12 col-md-12">
                    <label for="katasandi_sebelum">Kata sandi sebelumnya</label>
                    <input type="password" class="form-control" id="katasandi_sebelum" name="katasandi_sebelum"
                      placeholder="" autofocus>
                      <label class="text-danger"><?php echo $validation->showError('katasandi_sebelum') ?></label>
                  </div>
                  <div class="form-group col-lg-6 col-sm-12 col-md-6">
                    <label for="katasandi_baru">Kata sandi baru</label>
                    <input type="password" class="form-control" id="katasandi_baru" name="katasandi_baru" placeholder="">
                    <label class="text-danger"><?php echo $validation->showError('katasandi_baru') ?></label>
                  </div>
                  <div class="form-group col-lg-6 col-sm-12 col-md-6">
                    <label for="katasandi_baru1">Ulangi kata sandi baru</label>
                    <input type="password" class="form-control" id="katasandi_baru1" name="katasandi_baru1"
                      placeholder="">
                    <label class="text-danger"><?php echo $validation->showError('katasandi_baru1')?></label>
                  </div>
                </div>
              </div>
              <div class="card-footer">
                <button type="submit" class="btn btn-primary"> Ubah Kata Sandi</button>
              </div>
            </div>
          <?php echo form_close(); ?>
        </div>

and my database structure

php codeigniter codeigniter-4 php-password-hash
Original Q&A
2

There are 2 answers

0
KarolY On BEST ANSWER

I found my mistake, its work when i put my update password code into a new function...

Example:

Public function updatepassword(){
 $data['user'] = $model->UserLogin();

$pass_sebelum = $request->getPost('katasandi_sebelum');
                $pass_baru = $request->getPost('katasandi_baru');
                if (!password_verify($pass_sebelum, $data['user']['sandi'])) {
                    $this->session->setFlashdata('salah', 'Kata sandi sebelumnya salah!');
                    return redirect()->to(base_url('/pengguna/katasandi'));
                }else{
                    if ($pass_sebelum == $pass_baru) {
                        $this->session->setFlashdata('sama', 'Kata sandi baru tidak boleh sama dengan kata sandi sebelumnya!');
                        return redirect()->to(base_url('/pengguna/katasandi'));
                    }else{
                        $password_hash = password_hash($pass_baru, PASSWORD_DEFAULT);
                        $model->EditKataSandi($password_hash);
                        $this->session->setFlashdata('pesan', 'Kata sandi berhasil diubah!');
                        return redirect()->to(base_url('/pengguna/katasandi'));
                    }
}
0
Abdullah Basem On

Use $allowedFields.

This array should be updated with the field names that can be set during save, insert, or update methods. Any field names other than these will be discarded. This helps to protect against just taking input from a form and throwing it all at the model, resulting in potential mass assignment vulnerabilities. protected $allowedFields = ['name', 'email'];

You can read more in the official documentation: https://codeigniter.com/user_guide/models/model.html#models

Related Questions in PHP

Related Questions in CODEIGNITER

Related Questions in CODEIGNITER-4

Related Questions in PHP-PASSWORD-HASH

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions