Well yes … you use the same hash with salt in the login action as well, so they need to be the same on register action, update password action and login action.
OK, I was thinking that was the case but I wanted to verify thanks.
1 Like
Great series @Teodor. It has given me a lot of new and important concepts within Wappler to start exploring. Thank you!
1 Like
This tutorial has an error I believe. As I was working down through it I came to a place where it says to add a condition to the repeat - however we had not added a repeat at that point. This step:
Now we should check - if the query returns results, i.e. if an user with the provided email is found. This check is done using a condition.
Right click the steps inside the repeat:
The images show a repeat step right after the database step but a few images later they show a condition in it’s place.
I believe that the correct instruction should be to add the Condition directly after the Database Query.
1 Like
Yes, you are right. I’ve mixed some old screenshots there.
Sorry about that, I will fix the screenshots and description for these steps.
2 Likes
Hi @Teodor Maybe I don’t understand this correctly… But why do we need “repeat” action in the first place? Wouldn’t there be only one user with a particular email? So why repeat over them…
I know I can just copy the steps here and they’d work fine. But if I don’t understand the reasoning behind it, I believe I wouldn’t be learning much.
Appreciate your thoughts on this one!
1 Like
At the time this tutorial was created the single query was not available as an option and when you are using a multiple results query you always need a repeat no matter if you have one or ten results.
So you can safely use a single query if you prefer not using a repeat.
2 Likes
Thanks Teodor! That makes sense 
It was really confusing me…
2 Likes
Theo,
It’s only after I followed the whole tutorial that I find out abt the DB single query “shortcut”.
Without breaking anything, can I simply switch to DB single query and remove my 1st repeat and reference the new single query “emailcheck” in the 1st condition (and I keep the rest as is)?
Yes, you can. Single queries were introduced after this tutorial was created. But you can safely use a single query and a condition after it.
Thanks Teo,
I get error 400 ‘invalid’. Hash not matching. Is that because I used argon2id to generate a hashed email? It is the method I used across all other APIs. Anything I should verify?
In my pwd reset API:
In my pwd chg API:
I am not sure i understand what exactly are you doing and what are you showing on these screenshots.
Please check how to use argon2id:
I have followed parts 1 & 2 of your password reset tutorial, except that I used argon hash on email instead of sha1 on email with password as salt.
My argon security has worked well for user registration and login. But for pwd reset, i get error 400 hash not matching. Asking what I should verify to figure it out. (all the debug reports is ‘invalid’)
What steps are you referring to exactly? Where and how are you doing this?
I’ve tested in the browser. I receive my pwd reset link by email, for ex:
http://mydomain/~mangosteen/changepwd.php?email=fredkzk@email.com&id=$argon2id$v=19$m=65536,t=4,p=1$YVpHTGtwbVV4SUhRMG9SUQ$DrbetAoLHZUEY207AVHdHz0k6OBZOJLvD6iC0Awz0Fk
I get error 400 when I validate a new password on that changepwd page.
Steps I’m referring to: in the reset request API
And in the password update API steps, wherever the error may come from. Any tips on how to debug the error?
You cannot compare argon2id hashes like that … they are never the same! It does not work like sha hashing methods.
1 Like
Thanks for clarifying, I’ll resort to sha method for the reset.
Can I however keep argon for register/login/DB updates or there might be conflict?
I tested it and it works: Can have new users pwd hashed with argon and do the pwd reset url params with sha at the same time 