Postingan lainnya
Thread ini sudah dihapus oleh penulis. Silahkan buka thread yang lain. Terima kasih.
Thread ini sudah dihapus oleh penulis. Silahkan buka thread yang lain. Terima kasih.
18 Jawaban:
password memang harusnya ngga ditampilkan sama sekali. Jadi setiap user tanggung jawab mengingat passwordnya. Kalo mau edit password user harus masukkan password dia sebelumnya, untuk diuji apakah benar dia orangnya yang mau ganti password
boleh minta tutorial lengkapnya mas Hilman ?
logikanya dipahami dulu, kalo mau langsung tutorial bisa dilihat disini https://sekolahkoding.com/kelas/sistem-login-dan-register-oop-php
Hmm yang bagian ganti password harus bayar ya Mas ? gk ada diskon Mas ? hehe becanda. Kalau ada uang entar saya beli yang premium
3 inputan pasword lama password baru sama ulangi password baru . logikanya sama kaya ketika login. check password jika benar maka update password.
cara nyamain password yg udh diencrypt pake fungsi php -> http://php.net/manual/en/function.password-verify.php
kalau buat fungsi lupa password via email gimana ya ?
ane belum pernah coba gan . tapi mungkin agan masuk ke kelas mengirim email dengan PHP .
jadi mungkin alurnya kalo ada yang forgot password->masukin alamat email-> query nyari data yang sesuai dengan email yang di masukin terus ngupdate password pake hash and password tadi otomatis ke kirim ke email user. jadi cuma si user yang punya email itu yang tau password barunya.
CMIIW
ga mesti ditampilin gan.. pake validasi kaya gini aja...
Tanggapan
Bang boleh minta source code ubah password lamanya ?
@ahmadhanaf. masih bingung sy buat validasi password lama & password baru
jadi logikanya gini gan, kita ngecek apakah bener user asli yg ganti password, apa orang lain, jadikan di validasi dulu password lama, terus tinggal samain aja kalo user udah masukkin pass lama sama pass yg di database dengan fungsi password_verify, kalo ga cocok yaa tinggal dikasih alert aja..
contohnya kaya gini gan...
<?php
if(isset($_POST["simpan"])) {
$password_old = no_injex($_POST['password_old']); //Password lama
$password_new = no_injex($_POST['password_new']); //Password baru
$password_conf = no_injex($_POST['password_conf']); //Konfirmasi password
if (empty(trim($password_old)) || empty(trim($password_new)) || empty(trim($password_conf)) ) {
echo "<script>alert('Form tidak boleh ada yang kosong!');</script>";
} else {
$sql = mysql_query("SELECT * FROM tbl_admin WHERE id = '$_SESSION[uid]' ");
$data = mysql_fetch_array($sql);
$pass = password_verify($password_old, $data['password']);
//die(var_dump($pass));
if ($pass === TRUE) {
$pass_new = password_hash($password_new, PASSWORD_DEFAULT, ['cost'=>12]);
//$pass_conf = password_hash($password_conf, PASSWORD_DEFAULT, ['cost'=>12]);
$conf = password_verify($password_conf, $pass_new);
//die(var_dump($conf));
if($conf === FALSE) {
echo "<script>alert('Gagal mengganti password! Password tidak sama!');</script>";
} else {
$q = u_query(
"tbl_admin",
"password = '$pass_new'",
"id = $_SESSION[uid]"
);
echo msg("success","Data berhasil diedit.");
}
} else {
echo "<script>alert('Gagal mengganti password! Password tidak terdaftar!');window.location='index.php?page=pengaturan';</script>";
}
}
}
?>
yaa tinggal disamain aja gan langkah-langkahnya..
kalau controllernya seperti ini gimana ya kalau tambah fungsi cek password lama lalu update password baru....
function simpan_akun(){
if(!isset($_POST['simpan'])){
echo "<h3 style='color:red;font-weight:bold;'>Forbiden Access</h3>";
}else{
$this->form_validation->set_rules("nama", "Username", "trim");
$this->form_validation->set_rules("facebook", "Facebook", "trim");
$this->form_validation->set_rules("email", "Email", "trim");
$nama = addslashes($this->input->post('nama',true));
$facebook = addslashes($this->input->post('facebook',true));
$email = addslashes($this->input->post('email',true));
$image = '';
if($this->form_validation->run() == false ){
$rs = array(
'alert' => 'alert-danger',
'rs' => 1,
'msg' => '<b><i class="glyphicon glyphicon-remove"></i> Tolong isi data dengan benar...</b>'
);
$this->session->set_flashdata($rs);
redirect("dashboard/akun","refresh");
}else{
$this->load->helper('file');
$config['upload_path'] = './uploads/profile/';
$config['allowed_types'] = 'jpg|png|jpeg|PNG';
$config['max_size'] = '5120';
$this->load->library('upload', $config);
$this->upload->initialize($config);
if($this->upload->do_upload('upload-gambar')){
$file = $this->upload->data();
$image = 'uploads/profile/'.$file['file_name'];
} else {
$type = get_mime_by_extension($_FILES['upload-gambar']['name']);
if(($type != 'image/jpeg' || $type != 'image/png' || $type != 'image/gif') && $_FILES['upload-gambar']['size'] > $config['max_size']) {
$rs = array(
'alert' => 'alert-danger',
'rs' => 1,
'msg' => '<b><i class="glyphicon glyphicon-remove"></i> Format file yang Anda upload tidak sesuai. Hanya bisa upload gambar saja...</b>'
);
$this->session->set_flashdata($rs);
redirect("dashboard/akun","refresh");
}
}
}
$update = '';
if($image){
$update = array(
'nama' => $nama,
'email' => $email,
'gambar' => $image,
'facebook' => $facebook,
);
}else{
$update = array(
'nama' => $nama,
'email' => $email,
'facebook' => $facebook
);
}
$query = $this->model_users->getUpdate($update,$this->session->userdata("user_id"));
if($query){
$rs = array(
'alert' => 'alert-success',
'rs' => 1,
'msg' => '<b><i class="glyphicon glyphicon-ok"></i> Profil Berhasil Diupdate...</b>'
);
$this->session->set_flashdata($rs);
redirect("dashboard/akun","refresh");
}else{
$rs = array(
'alert' => 'alert-danger',
'rs' => 1,
'msg' => '<b><i class="glyphicon glyphicon-remove"></i> Gagal Update Profil...</b>'
);
$this->session->set_flashdata($rs);
redirect("dashboard/akun","refresh");
}
}
}