+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Scripting (https://forum.logicmachine.net/forumdisplay.php?fid=8)
+--- Thread: Cookie x-auth - After user password update (/showthread.php?tid=5847)
Cookie x-auth - After user password update - Fcs - 15.01.2025
Hi all,
Even if this is related to my previous post, I prefer to create a new topic to facilitate the search for the next one :-)
I have a lp file so that users can change their own password
this is my code :
Code:
if getvar("form-name") == "password" then
local login = getvar('login')
local current_logged_user = request.username
if username ~= "admin" and login ~= current_logged_user then
return nil, 'wrong_user'
end
local password = getvar('user-new-password')
local password_confirmation = getvar("user-new-password-confirmation")
local user = db:getrow('SELECT * FROM users WHERE login=?', login)
if not user then
return nil, 'user_not_found'
end
if password ~= password_confirmation then
return nil, 'match'
end
if #password < 8 or #password > 20 then
return nil, 'length'
end
local password = hashpassword(login, password)
db:update('users', { password = password }, { id = user.id })
io.readproc('/etc/init.d/nginx reload')
return true, nil, string.format("%s:%s", login, password)
endEverythin work, but after the page change, the user has to reconnect, I'd like to avoid this, I saw that an x-auth cookie was added, I tried to find the hash value, but I can't
I've tried a base 64 like user:password or user:hash_password...
Thanks for the help
![[Image: cookie.png]](https://i.ibb.co/vXLdKJG/cookie.png)
RE: Cookie x-auth - After user password update - admin - 15.01.2025
Not possible. Redirect users to /logout after password change.