WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:
Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users
Course Of The Month
3 days, 2 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Log in and change password behavior
Posted on 2016-08-30
Dear experts,
I use below article for my php login-log out
Thanks to Ray Pasuer
What I want to do is, if my user login for the first time I'd like to my user to change his password.
What do you suggest i should do?
I think i should create another coloumn on my users table to insert another value like IP address then check if the ip address has a data? If not, after a successful log in, i can redirect the page; or for better i can create another table to store log in data and check the users log in if it's first time or not...
What do you suggest I should do?
https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html
I use below article for my php login-log out
Thanks to Ray Pasuer
What I want to do is, if my user login for the first time I'd like to my user to change his password.
What do you suggest i should do?
I think i should create another coloumn on my users table to insert another value like IP address then check if the ip address has a data? If not, after a successful log in, i can redirect the page; or for better i can create another table to store log in data and check the users log in if it's first time or not...
What do you suggest I should do?
https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
2
5 Comments
Active today
You can add a field that stores anything in it and check that for a status. The best solution is to pick a field that will be useful in the future - for instance - last login. This only gets set once a user has changed their password - after that it is updated every time they login. That way the field is not dead weight on your table.
If you are going to maintain an audit trail in a separate log database - that can also be used but then you have to query two tables to check status - whereas with the last-login suggestion you can do it in one.
If you are going to maintain an audit trail in a separate log database - that can also be used but then you have to query two tables to check status - whereas with the last-login suggestion you can do it in one.
Active 5 days ago
If you're using the design in the article, the user will register before using the site. During the registration, the user must provide and verify his password. To my mind, it does not make much sense to ask the user to choose and verify a password, then immediately ask the user to change the password. So I would not recommend that.
If you're looking for a design that indicates whether a user has visited a site, this article shows the register-and-confirm design. It's pretty simple - we just set an INT column value to indicate whether an action has been taken. The same could be done for a password change.
If you're looking for a little more sophisticated view of a user's visits, you might change the INT into a TIMESTAMP column. Then MySQL will update the TIMESTAMP any time an element of data in the corresponding row gets changed. This will give you an easy way to know the last time the password was changed, because a password update will change the user's row in the table, and the TIMESTAMP column will get updated. You can do more with this design by incorporating the TIMESTAMP column into the WHERE clause of your queries. For example, you can write a query to find all of the users who have not changed their passwords in the last month. Or you can write a query to see which users have changed their passwords most recently, etc. More details here:
https://dev.mysql.com/doc/refman/5.5/en/timestamp-initialization.html
If you're looking for a design that indicates whether a user has visited a site, this article shows the register-and-confirm design. It's pretty simple - we just set an INT column value to indicate whether an action has been taken. The same could be done for a password change.
If you're looking for a little more sophisticated view of a user's visits, you might change the INT into a TIMESTAMP column. Then MySQL will update the TIMESTAMP any time an element of data in the corresponding row gets changed. This will give you an easy way to know the last time the password was changed, because a password update will change the user's row in the table, and the TIMESTAMP column will get updated. You can do more with this design by incorporating the TIMESTAMP column into the WHERE clause of your queries. For example, you can write a query to find all of the users who have not changed their passwords in the last month. Or you can write a query to see which users have changed their passwords most recently, etc. More details here:
https://dev.mysql.com/doc/refman/5.5/en/timestamp-initialization.html
Active today
if you're looking for a little more sophisticated view of a user's visits, you might change the INT into a TIMESTAMP column. Then MySQL will update the TIMESTAMP any time an element of data in the corresponding row gets changed.
... if you set the field to CURRENT_TIMESTAMP on update
From http://dev.mysql.com/doc/refman/5.7/en/timestamp-initialization.html
Default the field to CURRENT_TIMESTAMP and set to CURRENT_TIMESTAMP on update
CREATE TABLE t1 (
ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
);
Active 5 days ago
Yeah, that's why I posted the link.
Here's 5.5:
You've got to wonder what the authors were thinking when they designed a system where both the presence and absence of a control setting meant the same thing!
Man pages changed some between 5.5 or 5.7, but as a practical matter there is not much difference in functionality there. I've never seen a table with more than one TIMESTAMP column, but I guess there is always some way to make things "interesting!"
Here's 5.5:
With neither DEFAULT CURRENT_TIMESTAMP nor ON UPDATE CURRENT_TIMESTAMP, it is the same as specifying both DEFAULT CURRENT_TIMESTAMP and ON UPDATE CURRENT_TIMESTAMP.And here's 5.7, same functionality, but better explanation:
TIMESTAMP and DATETIME columns have no automatic properties unless they are specified explicitly, with this exception: By default, the first TIMESTAMP column has both DEFAULT CURRENT_TIMESTAMP and ON UPDATE CURRENT_TIMESTAMP if neither is specified explicitly.
You've got to wonder what the authors were thinking when they designed a system where both the presence and absence of a control setting meant the same thing!
Man pages changed some between 5.5 or 5.7, but as a practical matter there is not much difference in functionality there. I've never seen a table with more than one TIMESTAMP column, but I guess there is always some way to make things "interesting!"
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
These days socially coordinated efforts have turned into a critical requirement for enterprises.
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing.
Set up your basic HTML file. Open your form tag and set the method and action attributes.:
(CODE)
Set up your first few inputs one for the name and …
Suggested Courses
Course of the Month3 days, 2 hours left to enroll
696 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.