Codeigniter/REST Showing Incorrect Results - php

I am trying to create a login script using CodeIgniter and the REST Controller (https://github.com/philsturgeon/codeigniter-restclient) however; I keep getting a null response from my model
this is my model function
public function login($data)
{
$checkEmail = $this->db->get_where('users', array('email' => $data['email']));
$emailRow = $checkEmail->row();
if(isset($emailRow)) {
if (password_verify($data['password'], $emailRow->password)) {
return $emailRow->id;
} else {
return false;
}
} else {
return false;
}
}
this is my controller
public function login_post()
{
$this->load->model('User_model');
$data = $this->_post_args;
if($this->form_validation->run() === FALSE) {
//does some unnecessary stuff thats pointless showing
$this->set_response([
'status' => FALSE,
'error' => $error
], REST_Controller::HTTP_BAD_REQUEST);
} else {
$login = $this->User_model->login($data);
if($login === TRUE) {
$user = $this->User_model->getUser($login);
$this->set_response([
'status' => TRUE,
'user' => $user
], REST_Controller::HTTP_ACCEPTED);
} else {
$this->set_response([
'status' => FALSE,
'error' => 'Nope'
], REST_Controller::HTTP_BAD_REQUEST);
}
}
}
everytime i run this, i get the 'nope' error message and $login is returning as null if i var_dump it? anybody got any ideas?


In your controller you are checking:
if($login === TRUE) {
Unfortunately, for your controller, the model will NEVER return TRUE so your code falls into your else{} block every single time.
Your model only returns FALSE or the value of $emailRow->id
As an immediate fix, you can try:
if($login !== FALSE) {

Related

ACL grants access to all Users in Symfony?

I try to understand how ACL works but even if I set them for an item ($client in this case), everybody has access.
SET ACL
public function setACL($repository, $mask, $selectUser = false)
{
$objectIdentity = ObjectIdentity::fromDomainObject($repository);
$acl = $this->aclProvider->createAcl($objectIdentity);
if($selectUser === false){
$user = $this->tokenStorage->getToken()->getUser();
}else{
$user = $this->entityManager->getRepository('AppBundle:User')->find($selectUser);
}
$securityIdentity = UserSecurityIdentity::fromAccount($user);
$acl->insertObjectAce($securityIdentity, $mask);
$this->aclProvider->updateAcl($acl);
return;
}
$selectUser is for setting it manually (via Console Comannd etc.) does it work that way at all?
GET ACL
public function getACL($repository, $granted)
{
if (is_array($repository)) {
foreach ($repository as $rp) {
if (false === $this->authorizationChecker->isGranted($granted, get_class($rp))) {
$this->get('log')->writeLog('Access denied.', __LINE__, 3);
return new JsonResponse(array(
'result' => 'error',
'message' => 'Not allowed'
));
}
}
} else {
if (false === $this->authorizationChecker->isGranted($granted, get_class($repository))) {
$this->get('log')->writeLog('Access denied.', __LINE__, 3);
return new JsonResponse(array(
'result' => 'error',
'message' => 'Not allowed'
));
}
}
return true;
}
Set ACL for $client
$this->get('global_functions')->setACL($client, MaskBuilder::MASK_OWNER);
But when I try to
Get ACL
$this->get('global_functions')->getACL($client, 'VIEW');
I get access with whatever user I am trying this...
Where am I wrong?

Solved it myself...
$this->authorizationChecker->isGranted($granted, get_class($repository)) should be $this->authorizationChecker->isGranted($granted, $repository)

Var_dump changes "something" in my variable?

So I am currently coding a user registration in PHP 5.6.10 and just discovered something weird: The function Token::check(Input::get('token')) returns a boolean. If it returns true, the if-statement is getting executed. Works fine so far, however when I var_dump it previous to the if-statement, the if-statement is not being executed.
Is there any explanation for this behaviour?
var_dump(Token::check(Input::get('token')));
if(Input::exists()) {
if(Token::check(Input::get('token'))) {
echo "Loop.";
$validate = new Validate();
$validation = $validate->check($_POST, array(
'first_name' => array(
'required' => true,
'min' => 1,
'max' => 50
)
));
if($validation->passed()) {
echo "Die Eingaben waren korrekt.";
} else {
foreach ($validation->errors() as $error) {
echo $error,"<br>";
}
echo "<br>";
}
}
}
(I hope I didn't make a typo when shortening the code)
Here is the check()-function as requested:
public static function check($token) {
$tokenName = Config::get('session/token_name');
if(Session::exists($tokenName) && $token === Session::get($tokenName)) {
Session::delete($tokenName);
return true;
}
return false;
}

Based on the code from the check method:
public static function check($token) {
$tokenName = Config::get('session/token_name');
if(Session::exists($tokenName) && $token === Session::get($tokenName)){
Session::delete($tokenName);
return true;
}
return false;
}
In the first time that you call:
var_dump(Token::check(Input::get('token')));
it deletes the token from the session, preventing the condition:
if(Token::check(Input::get('token'))) to be met.
Maybe you can put an extra param in the check function just to help you debug and not delete the token:
public static function check($token, $test = false) {
$tokenName = Config::get('session/token_name');
if(Session::exists($tokenName) && $token === Session::get($tokenName)){
if (!$test) {
Session::delete($tokenName);
}
return true;
}
return false;
}

Laravel authentication with MongoDB

I'm trying to make authentication with Laravel and MongoDB.
The problem is in my controller. This code does not make authentication :
if(!Input::exists('username') or !Input::exists('password')) {
App::abort(403, 'Forbidden request');
}
$credentials = array(
'username' => Input::get('username', null),
'password' => Input::get('password', null),
);
if(Auth::validate($credentials)) {
return 'Success';
} else {
return 'Failed';
}
But this one just works fine:
if(!Input::exists('username') or !Input::exists('password')) {
App::abort(403, 'Forbidden request');
}
$credentials = array(
'username' => Input::get('username', null),
'password' => Input::get('password', null),
);
$users = User::all();
$found = false;
foreach($users as $user) {
if($user->username == $credentials['username']
and Hash::check($credentials['password'], $user->password)) {
$found = true;
break;
}
}
if($found) {
return 'Success';
} else {
return 'Failed';
}
Both controllers are given the same username and password. First one always prints Failed, but second one gives true results.

The problem is you are using Auth::validate which only checks if the credentials are correct, but does not log the user in. You need to use Auth::attempt for a complete login. See the docs here http://laravel.com/docs/security#authenticating-users .

OK, Always remember that your model has to implement UserInterface.

Model always executing else clause when using WHERE clause

I have a problem with the function of the mode. When I put the right admin name and admin password, it doesn't work. Instead, it gives me the last error message ("You don't have..."), but if I comment out the second WHERE clause in my model, then it works as intended.
Model:
function validate_admin()
{
$this->db->where('adminname',$this->input->post('adminname'));
//$this->db->where('adminpassword',md5($this->input->post('adminpassword')));
$query = $this->db->get('admin');
if($query->num_rows() == 1)
{
return TRUE;
}
}
Controller:
function validate_admin_credentials()
{
$this->load->library('form_validation');
$this->form_validation->set_rules('adminname','Username','trim|required');
$this->form_validation->set_rules('adminpassword','Password','trim|required');
if($this->form_validation->run() == FALSE)
{
$data['main_content']='login_failed';
$this->load->view('includes/template',$data);
}
else
{
$this->load->model('admin_model');
if($this->admin_model->validate_admin())
{
$data = array(
'adminname' => $this->input->post('adminname'),
'adminpassword' => $this->input->post('adminpassword'),
'is_logged_in' => true
);
$this->session->set_userdata($data);
redirect('/site/admin_panel');
}
else
{
echo "You don't have administration privileges";
}
}
}
How can I resolve this issue?

If you completely sure about password you can try this code:
$this->db->where('adminpassword', md5($this->input->post('adminpassword', TRUE)));
Edit: edited, sorry for my poor english

You can try it.
Model
$adminpassword = md5($this->input->post('adminpassword'));
$data = array('adminname' => $this->input->post('adminname'),
'adminpassword' => $adminpassword);
$query = $this->db->get_where('admin', $data);
return $query->num_rows();
Controller
if($this->admin_model->validate_admin() > 0)

Where to pass back message when Model cannot find a record in DB in MVC?

I'm wondering what is the best message to pass back the success or failure message from the model to the controller? The success message is easy because we can pass the data back. However, for failures, we can only pass FALSE and not the callback result of the failure.
What is the best method?
Here is method one:
Here is the model:
function get_pkg_length_by_id($data) {
$this->db->where('id', $data['pkg_length_id']);
$result = $this->db->get('pkg_lengths');
if($result->num_rows() > 0 ) {
return $result->row();
}
else {
return false;
}
}
In the controller, I will do
function show() {
if(get_pkg_length_by_id($data) {
//pass success message to view
}
else {
//Pass failure message to view
}
Here is version 2:
In Model
function get_pkg_length_by_id($data) {
$this->db->where('id', $data['pkg_length_id']);
$result = $this->db->get('pkg_lengths');
if($result->num_rows() > 0 ) {
$result['status'] = array(
'status' => '1',
'status_msg' => 'Record found'
);
return $result->row();
}
else {
$result['status'] = array(
'status' => '0',
'status_msg' => 'cannot find any record.'
);
return $result->row();
}
}
In Controller
function show() {
$result = get_pkg_length_by_id($data);
if($result['status['status']] == 1) {
//pass $result['status'['status_msg']] to view
}
else {
//pass $result['status'['status_msg']] to view
}

I can't say for certain which is best. I can say that I often use choice # 2, where I pass errors from the server, often doing so in a specific form that any subclass of my controller can parse and send to the view.
Also, in your show() function, the else is extraneous, once you return, you will break out of the function , so you can just do :
if($result->num_rows() > 0 ) {
$result['status'] = array(
'status' => '1',
'status_msg' => 'Record found'
);
//the condition is met, this will break out of the function
return $result->row();
}
$result['status'] = array(
'status' => '0',
'status_msg' => 'cannot find any record.'
);
return $result->row();

Its always a good practice to do these kind of stuffs in model page.
I have made few changes on what you have done as follows:
function get_pkg_length_by_id($data)
{
$this->db->where('id', $data['pkg_length_id']);
$query = $this->db->get('pkg_lengths');
/*
Just changed var name from $result to $query
since we have a $result var name as return var
*/
if($result->num_rows() > 0 ) {
$result = $query->row_array();
/*
$result holds the result array.
*/
$result['status'] = array(
'status' => '1',
'status_msg' => 'Record found'
);
//return $result->row();
/*
This will return $result->row() only which
doesn't include your $result['status']
*/
}
else {
$result['status'] = array(
'status' => '0',
'status_msg' => 'cannot find any record.'
);
//return $result->row();
/*
This is not required.
Returning just status message is enough.
*/
}
return $result;
}

Categories