I am using codeigniter php framework. I am suffering from the problem that all the userss password automatically get changes in database sometime, please help.
This is my reset code
function reset_now($key){
//key of fourth segment is saved on cookie
$key = $this->uri->segment(4);
//start validation
$this->form_validation->set_rules('password','Password','xss_clean|required|alpha_numeric|min_length[6]|max_length[20]|matches[password_conf]|sha1');
$this->form_validation->set_rules('password_conf','Password Confirmation','xss_clean|required|alpha_numeric|matches[password]|sha1');
if($this->form_validation->run() == FALSE){
$this->load->view('account/reset_password');
}else{
$this->db->set('password', $this->_salt.$this->input->post('password'));
$this->db->where('lostkey', $_POST['lostkey']);
$this->db->update('users');
$this->session->set_flashdata('message','Password changed, please login with new password');
redirect('account/login');
//$this->load->view('account/reset_password_complete');
}
}
You might have forgot where condition in password update sql. Please re-check your sql. Passwords will not get changed automatically. It might be trigged when someone tries to change password.
UPDATE as per the code provided
Your update where condition is,
$this->db->where('lostkey', $_POST['lostkey']);The
whereclause should use the user id(the primary key of the user in database) instead usinglostkey( i dont what it means, it is possible that there are multiple rows with samelostkey).So, your
whereclause must be something like$this->db->where('id', $user_id).