Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
J
J
Justin Bieber2017-02-13 13:56:41
Yii
Justin Bieber, 2017-02-13 13:56:41

Where is the admin site password stored in yii?

UserIdentity checked, there

<?php

/**
 * UserIdentity represents the data needed to identity a user.
 * It contains the authentication method that checks if the provided
 * data can identity the user.
 */
class UserIdentity extends CUserIdentity
{
  const ERROR_ACCESS_DENIED = -1;
  private $_id;

  public function authenticate()
  {
    sleep(5);
    $record = User::model()->findByAttributes(array('user_login'=>$this->username));

    if (is_null($record))
      $this->errorCode=self::ERROR_USERNAME_INVALID;
    elseif ($record->user_pswd !== md5(md5($this->password)))
      $this->errorCode=self::ERROR_PASSWORD_INVALID;
    elseif ($record->user_hospital_id !== HospitalList::model()->getHospitalId())
      $this->errorCode=self::ERROR_ACCESS_DENIED;
    else 
    {
      $this->_id = $record->user_id;
      $this->setState('title', $record->user_login);
      $this->errorCode=self::ERROR_NONE;
    }
    
    // return ($this->errorCode === -1) ? $this->errorCode : false;
    return !$this->errorCode;
  }

  public function getId()
  {
    return $this->_id;
  }
}

I checked the database, it's not there, I post what folders there are
453053f70f7a4893a8a6143d760b7933.png

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
E
Evgeny Bukharev, 2017-02-13
@evgenybuckharev

The user_pswd field in the user table in the database

Report
V
Valery, 2017-02-13
@supervaleha

In the database, in the users table, there is a password_hash field.
The password hash is stored in it by default.

Report
S
Sergey Doniy, 2017-02-13
@doniys_a

there is no password_hash field in yii1, I may be wrong, but it seems that there is just a password field and md5 as a hash.
Out of the box, yii does not support authorization via DB
https://github.com/yiisoft/yii/blob/master/framewo...
Usually, inheriting CWebUser and rewriting the method to check the user from the DB would allow this.
You can simply write a migration to change the user's password, run it and log in safely, or simply generate a new md5 hash (just first check that md5 is used when checking the password), put it in the password field or whatever it is called in the user table and log in .

Report
J
Justin Bieber, 2017-02-15
@JustinBieber

it turned out to be much more difficult, thanks for the support everyone))

Similar questions
T
tp1232015-05-22 13:46:06
How to do indexing with Sphinx? 2Reply
M
muhasa2019-11-17 23:17:44
How to sync files between macs? 3Reply
B
bizzonaru2016-10-20 16:07:09
Why doesn't PHPCI see the common models folder in yii2 advanced? 1Reply
I
InfoLabs2016-10-21 17:08:25
How to reduce number of yii2 requests on GridView? 2Reply
Z
ZaurK2016-10-21 23:26:32
How to sort by dependent field? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question