Been concentrating on my new mobile app for the Private Investigation Firm (for whom I made the awesome Acro JS app) and it’s going really well. Been learning a lot about PHP, SQL and security shizzle for both. Normally, when I stop to write on the blog it’s to post something I learned about a problem I encounter or have solved. Things have been moving along quite well, though.
Except for this one thing.
- Everything to do with users logging in is fine
- Sessions regarding the above works great
- Form for creating users works great
- Security for the above works great — includes some salt and hash
But I need a form so users can have their information updated — assigning them cases, in particular — so I create that basic form based on the “create” form (and the “edit president” form from an earlier project) which meant it starts off with the same fields — including password.
I wondered what to do about that password field. I hadn’t yet thought much about the code behind, say, resetting passwords or even entering it to confirm other changes … I wondered what would happen if you didn’t enter anything … so I did that … because I’m impatient and sometimes do stupid things.
And locked myself out of my own app.
I can’t just go into the database and change my password because of the salt and hash sprinkled in via the “create user” form and expected by the “log in” form.
Fortunately, I’d created a second user for future testing. Unfortunately, it seems I wrote the password down incorrectly.
So now I have to go in and comment out security and session-related stuff temporarily so I can create a new, usable user or two.
This isn’t even frustrating — just embarrassing.