The follwing code is related to the signup part in my web application developed using codeigniter
<?php
class user extends CI_Controller
{
public function __construct()
{
parent::__construct();
$this->load->helper(array('form','url'));
$this->load->library(array('session', 'form_validation', 'email'));
$this->load->database();
$this->load->model('user_model');
}
function index()
{
$this->register();
}
function register()
{
//set validation rules
$this->form_validation->set_rules('fname', 'First Name', 'trim|required|alpha|min_length[3]|max_length[30]');
$this->form_validation->set_rules('lname', 'Last Name', 'trim|required|alpha|min_length[3]|max_length[30]');
$this->form_validation->set_rules('email', 'Email ID', 'trim|required|valid_email|is_unique[user.email]');
$this->form_validation->set_rules('password', 'Password', 'trim|required|matches[cpassword]|md5');
$this->form_validation->set_rules('cpassword', 'Confirm Password', 'trim|required');
//validate form input
if ($this->form_validation->run() == FALSE)
{
// fails
$this->load->view('user_registration_view');
}
else
{
//insert the user registration details into database
$data = array(
'fname' => $this->input->post('fname'),
'lname' => $this->input->post('lname'),
'email' => $this->input->post('email'),
'password' => $this->input->post('password')
);
// insert form data into database
if ($this->user_model->insertUser($data))
{
// send email
if ($this->user_model->sendEmail($this->input->post('email')))
{
// successfully sent mail
$this->session->set_flashdata('msg','<div class="alert alert-success text-center">You are Successfully Registered! Please confirm the mail sent to your Email-ID!!!</div>');
redirect('user/register');
}
else
{
// error
$this->session->set_flashdata('msg','<div class="alert alert-danger text-center">Oops! Error. Please try again later!!!</div>');
redirect('user/register');
}
}
else
{
// error
$this->session->set_flashdata('msg','<div class="alert alert-danger text-center">Oops! Error. Please try again later!!!</div>');
redirect('user/register');
}
}
}
function verify($hash=NULL)
{
if ($this->user_model->verifyEmailID($hash))
{
$this->session->set_flashdata('verify_msg','<div class="alert alert-success text-center">Your Email Address is successfully verified! Please login to access your account!</div>');
redirect('user/register');
}
else
{
$this->session->set_flashdata('verify_msg','<div class="alert alert-danger text-center">Sorry! There is error verifying your Email Address!</div>');
redirect('user/register');
}
}
}
?>
I have done the relevant validations for the relevant fields. But when trying to signup I get the error password does not match with the confirm password field though i entered same values for the password and confirm password fields! How can i correct it?
It's been a while since I used codeigniter(CI). I think you're hashing (md5) the first password but not the confirmation password. What happens if you try the following:
$this->form_validation->set_rules('password', 'Password', 'trim|required|matches[cpassword]');
$this->form_validation->set_rules('cpassword', 'Confirm Password', 'trim|required');
If this fixes your problem you can hash if afterwards, like so:
//insert the user registration details into database
$data = array(
'fname' => $this->input->post('fname'),
'lname' => $this->input->post('lname'),
'email' => $this->input->post('email'),
'password' => md5($this->input->post('password'))
# Replace md5 with cryptographic hashing function that isn't deprecated.
);
I'd recommend not using md5, especially not without a salt. You might want to check out crypt(), password_hash() and the top answer here.
Related
How to retrieve data from a session array with only one value for the registration session data only and how the example logic code implementation of the page contains sessions, the user is required to register first, so if the user tries to access by refreshing the page, there is no text output in the form of being required to register first with the following code
<?php
class Auth extends CI_Controller
{
public function index()
{
$variabelInpUtusername = $this->input->post("email");
$variabelInputPass = password_hash($this->input->post("password"), PASSWORD_DEFAULT);
$this->form_validation->set_rules(
'email',
'Email',
'required|is_unique[tb_register.username]',
array('is_unique' => 'Ini %s sudah terdaftar', 'required' => 'Anda harus input email')
);
$this->form_validation->set_rules('password', 'Password', 'required', array('required' => 'Anda harus input password'));
if ($this->form_validation->run() == FALSE) {
$this->load->view('templates/header');
$this->load->view('register');
$this->load->view('templates/footer');
} else {
$data = array('username' => $variabelInpUtusername, 'password' => $variabelInputPass);
// print_r($data);
// $this->modeluser->register($data);
$datasession['sessi'] = array('username' => $variabelInpUtusername, 'password' => $variabelInputPass);
$this->session->set_userdata($datasession);
// print_r($datasession);
$this->load->view('templates/header');
$this->load->view('sukses_register', $datasession);
// $this->session->set_userdata($datasession);
// print_r($datasession);
// var_dump($datasession);
}
}
i tried to save account to the db.
when validating the form with form_validation, it always returning false, even when i tried to insert the correct value. heres the code
public function save(){
$params = $this->input->post();
if(!empty($params['id_account']) && !empty($params['password']) ){
$this->form_validation->set_rules('confPass', 'Confirmation Password', 'matches[password]');
}else{
$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('confPass', 'Confirmation Password', 'required|matches[password]');
}
$this->form_validation->set_data($params);
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('id_role', 'Role', 'required');
if ($this->form_validation->run() == TRUE) {
unset($params['confPass']);
$params['account_status'] = array_key_exists('account_status', $params) ? $params['account_status'] : ACCOUNT_STATUS_PENDING;
$this->load->model('user_model');
$this->user_model->save($params);
$this->session->set_flashdata('notif', '<div class="alert alert-success">Berhasil menyimpan data.</div>');
redirect('rbac/form/account');
} else {
$error = validation_errors();
echo '<pre>';
print_r($error);
echo '</pre>';
var_dump($params['password']);
var_dump($params['confPass']);
die();
// $this->session->set_flashdata('notif', '<div class="alert alert-danger">'.$error.'</div>');
// redirect('rbac/form/account');
}
}
i tried to returning the validation_errors(), $params['confPass'] & $params['password'] and here is the result :
The Confirmation Password field does not match the password field.
string(1) "e" string(1) "e"
as you can see $params['confPass'] and $params['password'] is match.
if(!empty($params['id_account']) && !empty($params['password']) ){
$this->form_validation->set_rules('confPass', 'Confirmation Password', 'matches[password]');
}else{
$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('confPass', 'Confirmation Password', 'required|matches[password]');
}
When the condition you wrote above is true i.e. control is in if (below) block
if(!empty($params['id_account']) && !empty($params['password']) )
you did not put a condition for the 'password' field you only have confirm password rule. Which does not match to anything and although the passwords match it always return false.
You need to add validation rule for password
$this->form_validation->set_rules('password', 'Password', 'required');
before confirm password rule which is looking to match the password.
If your condition states that it does not require password you can do something like,
$this->form_validation->set_rules('password', 'Password', 'min_length[5]');
anything which fulfills your condition but not "required" i.e trim or min_length
Hope it helps.
I am working in Codeigniter registration and login forms. I have created them all is working. now what i need to auto logged in user when it successful registered on the site.
Add user code:
public function add_user() {
$data = array(
'username' => $this->input->post('user_name'),
'email' => $this->input->post('email_address'),
'password' => md5($this->input->post('password'))
);
$this->db->insert('user', $data);
}
Registration and validation:
public function registration() {
$this->load->library('form_validation');
// field name, error message, validation rules
$this->form_validation->set_rules('user_name', 'User Name', 'trim|required|min_length[4]|xss_clean');
$this->form_validation->set_rules('email_address', 'Your Email', 'trim|required|valid_email');
$this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[4]|max_length[32]');
$this->form_validation->set_rules('con_password', 'Password Confirmation', 'trim|required|matches[password]');
if ($this->form_validation->run() == FALSE) {
$this->index();
} else {
$this->user_model->add_user();
$this->thank();
}
}
In else part,
else {
$id = $this->user_model->add_user();
// set session here like how you will set on login
$data["user_id"] = $id;
...// other required data for session
$this->session->set_userdata($data);
$this->thank();
}
In model return last insert id after inserting the data
$this->db->insert('user', $data);
return $this->db->insert_id();// <--- this line
This is the controller code for signing up:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Signup extends CI_Controller {
public function index(){
$data = array(
'title' => 'SignUp Page'
);
$this->load->view('header', $data);
$this->load->view('signup');
}
public function signup_validation(){
$this->load->library('form_validation');
$this->form_validation->set_rules('salutation', 'Salutation', 'required');
$this->form_validation->set_rules('fName', 'First Name', 'required|trim|alpha|xss_clean|strip_tags');
$this->form_validation->set_rules('lName', 'Last Name', 'required|trim|alpha|xss_clean|strip_tags');
if($this->form_validation->run()){
$month = $this->input->post('months');
$day = $this->input->post('days');
$year = $this->input->post('years');
$birthday = date("d-m-Y",mktime(0,0,0,$month,$day,$year));
}
$this->form_validation->set_rules('address', 'Address', 'required|trim|xss_clean|strip_tags|min_length[10]');
$this->form_validation->set_rules('contact', 'Contact No', 'required|trim|xss_clean|strip_tags|numeric|min_length[8]|max_length[8]');
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email|is_unique[users.email]|xss_clean|strip_tags');
$this->form_validation->set_rules('username', 'Username', 'required|trim|alpha_numeric|xss_clean|strip_tags|min_length[3]|max_length[20],is_unique[users.username');
$this->form_validation->set_rules('password', 'Password', 'required|trim|min_length[8]|xss_clean|strip_tags|alpha_numeric');
$this->form_validation->set_rules('cpassword', 'Confirm Password', 'required|trim|matches[password]|xss_clean|strip_tags|alpha_numeric');
if ($this->form_validation->run()){
$key = md5(uniqid());
$this->load->library('email', array('mailtype'=>'html'));
$this->load->model('model_users');
$this->email->from('admin#snt.website', "SWAP");
$this->email->to($this->input->post('email'));
$this->email->subject("Confirm your account.");
$message = "<p>Thank you for signing up!</p>";
$message .= "<p><a href='".base_url()."main/register_user/$key'>Click Here</a> to confirm your account</p>";
$this->email->message($message);
if ($this->model_users->add_temp_users($key, $birthday)){
if ($this->email->send()){
echo "The email has been sent!";
} else echo "Could not send the mail";
} else echo "problem adding to database";
} else {
$this->index;
}
}
}
I have checked through my codes and have no idea why does this error keep showing up:
If i am to remove all the validations it will work perfectly fine.Can someone help me with this problem please?
I think you wanted to write:
$this->index();
//^^ So you actually call the function index and not the property
instead of:
$this->index;
I have the following controller, which works fine in terms of validating the form and displaying the error.
The user attempts to login from: http://mydomain.com/index.php/login
However, when the user enters the wrong credentials, it loads the login view properly (as it should) and displays the error "Invalid Login" properly, but the URI in the browser window shows:
http://mydomain.com/index.php/verify_login (as opposed to the one above).
How do I redirect after the failed validation to just ".../index.php/login"
Here is the code in question:
<?
class Login extends CI_Controller {
public function index()
{
$this->load->helper(array('form'));
$this->load->helper('url');
$this->load->view('login_page');
}
function verify_login()
{
$this->load->model('login_model','',TRUE);
$this->load->library('form_validation');
$this->form_validation->set_error_delimiters('<label class="error">', '</label>');
$this->form_validation->set_rules('username', 'Login', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
if($this->form_validation->run() == FALSE)
{
//Field validation failed. User redirected to login page
$this->index();
}
else
{
//Go to private area
redirect('private_area', 'refresh');
}
}
function check_database($password)
{
//Field validation succeeded. Validate against database
$username = $this->input->post('username');
//query the database
$result = $this->login_model->login($username, $password);
if($result)
{
$sess_array = array();
foreach($result as $row)
{
$sess_array = array(
'id' => $row->id,
'username' => $row->username
);
$this->session->set_userdata('logged_in', $sess_array);
}
return TRUE;
}
else
{
$this->form_validation->set_message('check_database', '<div class="alert alert-error">Invalid username or password</div>');
return false;
}
}
}
UPDATE: Cyrode's solution fixes that issue, but now it's not displaying the "Invalid Login" error message (set_message) from the check_database() function on loading the view. Any ideas what I am doing wrong here?
UPDATE 2:
Here you go:
class Login extends CI_Controller {
public function index()
{
$this->load->helper(array('form'));
$this->load->helper('url');
$this->load->view('login_page');
$this->load->model('login_model','',TRUE);
$this->load->library('form_validation');
$this->form_validation->set_error_delimiters('<label class="error">', '</label>');
$this->form_validation->set_rules('username', 'Login', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
if($this->form_validation->run() == FALSE)
{
$this->load->view('login_page');
}
else
{
//Go to private area
redirect('private_area', 'refresh');
}
}
function check_database($password)
{
//Field validation succeeded. Validate against database
$username = $this->input->post('username');
//query the database
$result = $this->login_model->login($username, $password);
if($result)
{
$sess_array = array();
foreach($result as $row)
{
$sess_array = array(
'id' => $row->id,
'username' => $row->username
);
$this->session->set_userdata('logged_in', $sess_array);
}
return TRUE;
}
else
{
$this->form_validation->set_message('check_database', '<div class="alert alert-error">Invalid username or password</div>');
return false;
}
}
}
Just do all of your form processing in the index() method.
public function index()
{
$this->load->model('login_model','',TRUE);
$this->load->library('form_validation');
$this->load->helper('url');
$this->form_validation->set_error_delimiters('<label class="error">', '</label>');
$this->form_validation->set_rules('username', 'Login', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
if ($this->form_validation->run() == false)
{
$this->load->view('login_page');
}
else
{
redirect('private_area', 'refresh');
}
}
Then, make sure your form's action goes to login and not verify_login.
By the way, don't xss_clean password fields, because it may change their value, and your user will be left wondering why their perfectly-typed password isn't working. You should be hashing the password, anyway, which will eliminate security issues.