How to edit the password using hash256 in editor's edit section
How to edit the password using hash256 in editor's edit section
Muhammad Haris
Posts: 4Questions: 3Answers: 1
Hi, I have some problem while updating the password in hash256 from edit field and initially password should be blank because it is in SHA256.
so what should i do in order to update the password in hash256 format using serformatter?
my code is:
include( "../plugins/datatable/php/DataTables.php" );
use DataTables\Editor,
DataTables\Editor\Field,
DataTables\Editor\Format,
DataTables\Editor\Mjoin,
DataTables\Editor\Options,
DataTables\Editor\Upload,
DataTables\Editor\Validate;
//$editor = Editor::inst( $db, 'students', 'student_id' );
Editor::inst( $db, 'students','student_id')
->fields(
Field::inst( 'students.student_name' ),
Field::inst( 'students.student_last_name' ),
Field::inst( 'students.student_father_name' ),
Field::inst( 'students.student_contact' ),
Field::inst( 'students.student_roll_no' ),
Field::inst( 'students.school_id' )
->options(Options::inst()
->table('schools')
->value('school_id')
->label('school_name')
)
->validator( 'Validate::dbValues' ),
Field::inst( 'schools.school_name' ),
Field::inst( 'students.class_id' )
->options(Options::inst()
->table('class')
->value('class_id')
->label('class_name')
)
->validator( 'Validate::dbValues' ),
Field::inst( 'class.class_name' ),
Field::inst( 'students.student_password' )
->validator( 'Validate::notEmpty' )
->setFormatter( function ( $val ) {
return hash('sha256', $val . $_POST['data'][0]['salt']);
})
)
->leftJoin( 'schools', 'schools.school_id', '=', 'students.school_id' )
->leftJoin( 'class', 'class.class_id', '=', 'students.class_id' )
->process( $_POST )
->json();
Now the Client Side code is:
var editor;
$(document).ready(function(){
editor = new $.fn.dataTable.Editor( {
ajax: 'editor_student.php',
table: '#example',
fields: [
{ label: 'Student Name', name: 'students.student_name' },
{ label: 'Student Last Name name', name: 'students.student_last_name' },
{ label: 'Student Father Name', name: 'students.student_father_name' },
{ label: 'Student Contact', name: 'students.student_contact' },
{ label: 'Password', name: 'students.password' },
{ label: 'Student Roll No.', name: 'students.student_roll_no' },
{
label: "Class Name:",
name: "students.class_id",
type: "select",
placeholder: "Select Class"
},
{
label: "School Name:",
name: "students.school_id",
type: "select",
placeholder: "Select School"
}
]
});
// Edit record
$('#example').on('click', 'a.editor_edit', function (e) {
e.preventDefault();
editor.edit( $(this).closest('tr'), {
title: 'Edit record',
buttons: 'Update'
} );
} );
// Delete a record
$('#example').on('click', 'a.editor_remove', function (e) {
e.preventDefault();
editor.remove( $(this).closest('tr'), {
title: 'Delete record',
message: 'Are you sure you wish to remove this record?',
buttons: 'Delete'
} );
} );
var t = $('#example').DataTable( {
"columnDefs": [ {"searchable": false,"orderable": false,"targets": 0} ],
"order": [[ 1, 'asc' ]],
//Following 125 - 145 code is used for individual filtering
initComplete: function () {
this.api().columns([6,7]).every( function () {
var column = this;
var select = $('<select><option value="">Select Filter</option></select>')
.appendTo( $(column.footer()).empty() )
.on( 'change', function () {
var val = $.fn.dataTable.util.escapeRegex(
$(this).val()
);
column
.search( val ? '^'+val+'$' : '', true, false )
.draw();
} );
column.data().unique().sort().each( function ( d, j ) {
select.append( '<option value="'+d+'">'+d+'</option>' )
} );
} );
},
ajax: 'editor_student.php',
dom: 'Bfrtip',
columns: [
{ data: 'students.student_name' },
{ data: 'students.student_name' },
{ data: 'students.student_last_name' },
{ data: 'students.student_father_name' },
{ data: 'students.student_password' },
{ data: 'students.student_contact' },
{ data: 'students.student_roll_no' },
{ data: "class.class_name" },
{ data: "schools.school_name" },
{
data: null,
className: "dt-center",
defaultContent: '<a href="" class="editor_edit"><button class="btn btn-primary"><i class="fa fa-pencil" aria-hidden="true"></i></button></a>'
},
{
data: null,
className: "dt-center",
defaultContent: '<a href="" class="editor_remove"><button class="btn btn-danger"><i class="fa fa-trash-o" aria-hidden="true"></i></button></a>'
}
]
} );
t.on( 'order.dt search.dt', function () {
t.column(0, {search:'applied', order:'applied'}).nodes().each( function (cell, i) {
cell.innerHTML = i+1;
} );
} ).draw();
});`
This discussion has been closed.
Answers
That basically looks like it should work. However, for passwords I would suggest you use
->get( false )so that the password is not read and sent to the client-side. That is a security hole, even if it is sha256 hashed. I can also see users going "that's not my password" and retyping it.Further to that, then use the
preCreateandpreEditevents on the server-side to add a set formatter that will do the hashing, only if there is a value submitted (i.e. don't hash an empty string and save that as the password!).Finally, I'm not sure about getting the salt from the client-side. Do you really want to do that?
Allan