I have created a change password portal, it keep echo "Old Password Not Match!",but i sure my old password is same with the DB's password, is there any wrong in my controller or model? Hope somebody can help,Thanks!
Below is my controller:
public function chgpass()
{
$this->load->helper('security');
$this->form_validation->set_rules('cpassword','Current Password','required|max_length[150]|min_length[6]');
$this->form_validation->set_rules('npassword','New Password','required|max_length[150]|min_length[6]');
$this->form_validation->set_rules('copassword','Confirm Password','required|max_length[150]|min_length[6]|matches[npassword]');
if($this->form_validation->run() == false){
$this->load->view('chgpass');
}else{
//update data
$data = array(
'password' => md5($this->input->post('npassword'))
);
//check old password
$result = $this->Form_model->Check_Old_Password($this->session->userdata('USER_ID'),md5($this->input->post('cpassword')));
if($result > 0 AND $result === true){
//update user data
$result = $this->Form_model->Update_User_Data($this->session->userdata('USER_ID'),$data);
if($result > 0){
echo "Password Changed!";
//$this->session->set_flashdata('success','Password Changed!');
//redirect(base_url() . 'main/login');
}else{
echo "Password Not Changed!";
//$this->session->set_flashdata('error','Password Not Changed!');
//redirect(base_url() . 'main/chgpass');
}
}else{
echo "Old Password Not Match!";
//$this->session->set_flashdata('error','Password Not Changed!');
//redirect(base_url() . 'main/chgpass');
}
}
}
Below is my model:
public function Update_User_Data($user_id,$data){
$this->db->set($data);
$this->db->where('id',$user_id);
$this->db->update('users');
if($this->db->affected_rows() > 0)
return true;
else
return false;
}
public function Check_Old_Password($user_id,$cpassword){
$this->db->where('id',$user_id);
$this->db->where('password',$cpassword);
$query = $this->db->get('users');
if($query->num_rows() > 0)
return true;
else
return false;
}
I got the solution,just change the USER_ID and $user_id into username and $username
model:
public function Update_User_Data($username,$data){
$this->db->set($data);
$this->db->where('username',$username);
$this->db->update('users');
if($this->db->affected_rows() > 0)
return true;
else
return false;
}
public function Check_Old_Password($username,$cpassword){
$this->db->where('username',$username);
$this->db->where('password',$cpassword);
$query = $this->db->get('users');
if($query->num_rows() > 0)
return true;
else
return false;
}
controller:
$result = $this->Form_model->Check_Old_Password($this->session->userdata('username'),md5($this->input->post('cpassword')));
if($result > 0 AND $result === true){
//update user data
$result = $this->Form_model->Update_User_Data($this->session->userdata('username'),$data);
Related
I have 2 user and I want to make 2 pages. if user A logs in, I will show page A and if user B logs in, I will show page B.
How to make controller for that?
my controller
public function cekLogin()
{
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'trim|required');
$this->form_validation->set_rules('password', 'Password', 'trim|required|callback_cekDb');
if ($this->form_validation->run() == FALSE) {
$this->load->view('login/login');
} else {
if($username=='admin'){
redirect('Home','refresh');
} else {
redirect('HomeMavens','refresh');
}
}
}
my model:
public function login($username, $password)
{
$this->db->select('id_user, username, password');
$this->db->from('user');
$this->db->where('username', $username);
$this->db->where('password', MD5($password));
$query = $this->db->get();
if($query->num_rows()==1){
return $query->result();
}else {
return false;
}
}
it is easy with if and else. like this.
if($query->num_rows() > 0){
if($query->row()->name == 'a'){
$this->load->view('page_A');
}
elseif($query->row()->name == 'b'){
$this->load->view('page_B');
}
else{
$this->load->view('login');
}
}else {
return false;
}
My Controller
public function getlogin(){
$this->form_validation->set_rules('email_address', 'Email', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_validatelogin');
if($this->form_validation->run() == FALSE){
$message = "Invalid Login Details";
$this->session->set_flashdata('message', $message);
redirect(base_url());
}else{
$data = $this->usermodel->myaccountdetails();
if($data['type'] == '0'){
$this->load->view('pageA');
}else{
$this->load->view('pageB');
}
}
}
public function validatelogin(){
$credentials = array(
"email_address"=>$this->input->post('email_address'),
"password"=>md5($this->input->post('password'))
);
return $this->loginmodel->getlogin($credentials);
}
Login Model
public function getlogin($credentials){
$this->db->select('*');
$this->db->from("tbl_login");
$this->db->where('email_address = ' . "'" . $credentials['email_address']. "'");
$this->db->where('password = ' . "'" . $credentials['password'] . "'");
$this->db->limit(1);
$query = $this->db->get();
if($query->num_rows() == 1){
$row = $query->row_array();
$this->session->set_userdata('admin', $row['id']);
return true;
}else{
return false;
}
}
User Model
function myaccountdetails()
{
$uid = $this->session->userdata('admin');
$sql = $this->db->query("select * from tbl_login where id = '".$uid."' ");
return $sql->row_array();
}
I can hash the password during user registration,but comparing them from the user input during login with the one in the database isn't working.getting errors.
This is the insert for registration.Kindly show me where i'm going wrong
public function insert_client($codeDigits)
{
$options = ['cost'=>12];
$response = $this->taken_email($_POST['Email']);
if($response){
$returned = false;
}else{
$this->FirstName = $_POST['FirstName'];
$this->LastName = $_POST['LastName'];
$this->Email = $_POST['Email'];
$this->Role_Id = 2;
$this->Password = password_hash($_POST['Password'],PASSWORD_BCRYPT,$options);
$this->PhoneNo = $_POST['PhoneNo'];
$this->confirmCode = $codeDigits;
$this->db->insert('users', $this);
$returned = true;
}
return $returned;
}
This is the login model,the query for login
public function login_model2($email,$password)
{
$options = ['cost'=>12];
$this->db->select('*');
$this->db->from('users');
$this->db->where('Email',$email);
//$this->db->where('Password',$password);
$this->db->where('Role_Id !=',1);
$query = $this->db->get();
if($query->num_rows() > 0)
{
$data = $query->row();
// storing the results in the variable $data
if(password_verify($password,$data->password))
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
This is the login controller function when logging in
public function post_login2()
{
$this->form_validation->set_rules('Email', 'Email', 'trim|required|min_length[6]');
$this->form_validation->set_rules('Password', 'Password', 'trim|required|min_length[6]');
if($this->form_validation->run() == TRUE ){
if($this->Users_model->login_model2($_POST['Email'],$_POST['Password']))
{
//test for redirect
if ($_SESSION['role'] == 2) {
redirect("Client/welcome");
} else if ($_SESSION['role'] == 3) {
redirect("Pro/welcome");
}
// test for redirect
}else{
//
$this->session->set_flashdata('err', true);
redirect("Welcome/login");
}
}else{
$this->login();
}
}
Simply change $data->password to $data->Password
In model login_model2(), password_verify should be like this :
if(password_verify($password,$data->Password))
{
return true;
}
else
{
return false;
}
Hi all I have this issue when I validate log in in codeigniter that seems it does not check the required password in my database.The required password in my database is hash using this
$password_hash = password_hash($password, PASSWORD_BCRYPT);
How can i used password_verify function in my model code?
Here is my model code:
public function login($data) {
$condition = "username =" . "'" . $data['username'] . "' AND " . "password =" . "'" . $data['password'] . "'";
$this->db->select('*');
$this->db->from('users');
$this->db->where($condition);
$this->db->limit(1);
$query = $this->db->get();
if ($query->num_rows() == 1)
{
return true;
} else
{
return false;
}
}
Here is my controller:
public function login_user()
{
$this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean','required');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean','required');
if ($this->form_validation->run() == FALSE) {
$this->load->view('login_view');
} else {
$data = array(
'username' => $this->input->post('username'),
'password' => $this->input->post('password'),
'firstname' => $this->input->post('firstname'),
'lastname' => $this->input->post('lastname')
);
$result = $this->login_database->login($data);
if ($result == TRUE) {
// Add user data in session
$this->session->set_userdata('username', $data['username']);
$this->session->set_userdata('firstname', $data['firstname']);
$this->session->set_userdata('lastname', $data['lastname']);
//redirect to dashboard
$this->load->view('include/sidenavbar');
$this->load->view('include/topnavbar');
$this->load->view('dashboard');
} else {
$this->session->set_flashdata('message', 'Login is invalid. Please try again!');
$this->load->view('login_view', $data);
}
}
}
can anyone help me how to do this..
Thanks in advance.
You should use password_verify() to know if you're password is valid.
Try this model function:
public function login($data) {
$this->db->select('password');
$this->db->from('users');
$this->db->where('username', $data['username']);
$this->db->limit(1);
$query = $this->db->get();
if ($query->num_rows() == 1) {
$record = $query->row_array();
return password_verify($data['password'], $record['password']);
} else {
return false;
}
}
Hope this will help you :
after returning data from model you can check for correct password using password_verify()
$data = array(
'username' => $this->input->post('username'),
'password' => $this->input->post('password'),
'firstname' => $this->input->post('firstname'),
'lastname' => $this->input->post('lastname')
);
$result = $this->login_database->login($data);
/*$result should return a single user data (in array form here)*/
if (! empty($result))
{
if (password_verify($data['password'], $result['password']))
{
$this->session->set_userdata('username', $data['username']);
$this->session->set_userdata('firstname', $data['firstname']);
$this->session->set_userdata('lastname', $data['lastname']);
//redirect to dashboard
redirect('dashboard'); /*use redirect()*/
//$this->load->view('include/sidenavbar');
//$this->load->view('include/topnavbar');
//$this->load->view('dashboard');
}
else
{
$this->session->set_flashdata('message', 'Password is invalid. Please try again!');
$this->load->view('login_view', $data);
}
}
else
{
$this->session->set_flashdata('message', 'Login is invalid. Please try again!');
$this->load->view('login_view', $data);
}
Your model should be like this :
public function login($data)
{
$this->db->where('username', $data['username']);
$query = $this->db->get('users');
if ($query->num_rows() == 1) {
$user = $query->row_array();
return $user;
} else {
return false;
}
}
Update : dashboard method
public function dashboard()
{
/*$data['title'] = 'my title';
you can pass data to the view like this
$this->load->view('dashboard',$data);
*/
$this->load->view('templates/header');
$this->load->view('dashboard');
$this->load->view('templates/footer');
}
In the below code i have used codeigniter in my database i have a column name account_status it will be inactive by default .Now i want to check the account_status if it is active it should make me login else not.Pls help me to do .
Controller:
function index()
{
$data['main_content'] = 'login_form';
$this->load->view('includes/template', $data);
}
function validate_credentials()
{
$this->load->model('membership_model');
$query = $this->membership_model->validate();
if($query) // if the user's credentials validated...
{
$data = array(
'username' => $this->input->post('username'),
'is_logged_in' => true
);
$this->session->set_userdata($data);
redirect('site1/members_area');
}
else // incorrect username or password
{
$this->index();
}
}
Site1
function members_area()
{
$this->load->view('homepage_view');
}
model:
function validate()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('membership');
if($query->num_rows == 1)
{
return true;
}
}
You have these methods Just try this
Just use anther where condition in your model
function validate()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$this->db->where('account_status','active');
$query = $this->db->get('membership');
if($query->num_rows == 1)
{
return true;
}
}
Or check the status in your controler
function validate_credentials()
{
$this->load->model('membership_model');
$query = $this->membership_model->validate();
if($query) // if the user's credentials validated...
{
$data = array(
'username' => $this->input->post('username'),
'is_logged_in' => true
);
if($query->num_rows()>0)
$status = $query->row()->account_status;
else
$status = '';
if($status == 'active')
{
$this->session->set_userdata($data);
redirect('site1/members_area');
}
else //Account In active
{ $this->index(); }
}
else // incorrect username or password
{
$this->index();
}
}
I am using codeigniter-bcrypt from https://github.com/dwightwatson/codeigniter-bcrypt, with codeigniter. I have a form that is submitting post data to my main controller. I then check via a model the DB for the record. I have used the
$hash = $this->bcrypt->hash_password($password);
To hash the password on account creation. And it works. Password is properly hashed in DB. Now however I am unsure of where to use the reverse to check if the password entered in the form to post is the same as the DB's hashed password.
if ($this->bcrypt->check_password($password, $stored_hash))
{
// Password does match stored password.
}
else
{
// Password does not match stored password.
}
My code in my model is
function getUserByLogin($login, $password) {
$this->db->where('login',$login);
$this->db->where('password',$password);
$result = $this->getUsers();
if (count($result) > 0) {
return $result[0];
} else {
return null;
}
}
function getUsers() {
$query = $this->db->get('users');
if ($query->num_rows() > 0) {
return $query->result();
} else {
return array();
}
}
and my controller
if (isset($_POST['email']) && isset($_POST['password'])) {
$login = $_POST['email'];
$password = $_POST['password'];
$user = $this -> user_model -> getUserByLogin($login, $password);
$this -> saveUserToSession($user);
$loggedIn = ($user == null ? false : true);
}
Any help would be appreciated.
This won't do:
$this->db->where('password',$password);
You're checking for the actual raw password inside the DB.
You should get the hash from the database and then compare it to the user's password:
function getUserByLogin($login, $password) {
$this->db->where('login',$login);
$result = $this->getUsers($password);
if (!empty($result)) {
return $result;
} else {
return null;
}
}
function getUsers($password) {
$query = $this->db->get('users');
if ($query->num_rows() > 0) {
$result = $query->row_array();
if ($this->bcrypt->check_password($password, $result['password'])) {
//We're good
return $result;
} else {
//Wrong password
return array();
}
} else {
return array();
}
}
You should use default php hash function
$options = [ 'cost' => 12, ]; echo password_hash("rasmuslerdorf", PASSWORD_BCRYPT, $options);