I'm making a login system with 2 roles one for 'admin' and one for 'user'. I tried to make a else if statement for the login. This for the user login actually what happens now that every user is going to the admin_view right now.
In my database the row is called 'admin' which is a boolean so if the column 'admin' is 1 in the users table. The admin_view should be loaded if the value is 0 the user_view needs to be loaded.
I really don't know what to do now.
How do I need to seperate the roles between the admin and user?
Here is my controller: users.php
public function login() {
$this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[3]');
$this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[3]');
$this->form_validation->set_rules('confirm_password', 'Confirm Password', 'trim|required|min_length[3]|matches[password]');
if ($this->form_validation->run() == FALSE) {
$data = array(
'errors' => validation_errors()
);
$this->session->set_flashdata($data);
redirect('home');
} else {
$username = $this->input->post('username');
$password = $this->input->post('password');
$user_id = $this->user_model->login_user($username, $password);
if($user_id) {
$user_data = array(
'user_id' => $user_id,
'username' => $username,
'logged_in' => true
'admin' => 1;
);
$this->session->set_userdata($user_data);
$this->session->set_flashdata('login_success', 'You are now logged in');
$data['main_view'] = "admin_view";
$this->load->view('layouts/main', $data);
}
// Here I want the user_view to load op if the user haa a 0 value in
in the column admin.
else if($user_id) {
$user_data = array(
'user_id' => $user_id,
'username' => $username,
'logged_in' => true,
'admin' => 0;
);
$this->session->set_userdata($user_data);
$this->session->set_flashdata('login_success', 'You are now logged in');
$data['main_view'] = "user_view";
$this->load->view('layouts/main', $data);
} else {
$this->session->set_flashdata('login_failed', 'Sorry, you are not logged in');
redirect('home/index');
}
}
}
Here is my model: user_model.php
public function login_user($username, $password) {
$this->db->where('username', $username);
$result = $this->db->get('users');
$db_password = $result->row(2)->password;
$admin = $result->row(7)->admin;
if(password_verify($password, $db_password)) {
return $result->row(0)->id;
} else {
return false;
}
}
}
I apperciate the help.
First off, there is a typo in your array, the last one should not end with a ;.
In your user_model, instead of returning the ID, return some more information.
eg:
return $result->row(0);
Then, when you go back to your controller, you can do
$data = $this->user_model->login_user($username, $password);
array(
'user_id' => $data->id,
'username' => $username,
'logged_in' => true,
'admin' => $data->admin
);
From there, you could check in the session data whether admin is 0 or 1.
Then you can do :
if ($admin == 0) {
//send to wherever
} else {
//send some place else
}
Related
I am working on a basic blog application in Codeigniter 3.1.8 and Bootstrap 4.
The application allows Registration and Login.
The passwords used to be encrypted with the md5() function:
$enc_password = md5($this->input->post('password'));
In the Login controller I had:
public function login() {
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error-message">', '</p>');
if ($this->form_validation->run()) {
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->first_name,
'user_is_admin' => $current_user->is_admin,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
// After login, display flash message
$this->session->set_flashdata('user_signin', 'You have signed in');
//and redirect to the posts page
redirect('/');
} else {
// If the user found is NOT active
$this->session->set_flashdata("login_failure_activation", "Your account has not been activated yet.");
redirect('login');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("login_failure_incorrect", "Incorrect email or password.");
redirect('login');
}
}
else {
$this->index();
}
}
and in the model:
public function user_login($email, $password) {
$query = $this->db->get_where('authors', ['email' => $email, 'password' => $hashed_password]);
return $query->row();
}
I had security concerns so I replaced md5() with password_hash() in the Register controller:
$enc_password = password_hash($this->input->post('password'), PASSWORD_DEFAULT);
Registration works fine, with a more secure password string in the database then before.
I have updated the user_login in the User model to:
public function user_login($email, $password) {
$query = $this->db->get_where('authors', ['email' => $email, 'password' => $hashed_password]);
return $query->row();
}
where $hashed_password comes from the Login controller:
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
This password matching, to my surprise, does not work.
What is the minimal amount of change in my login code that I must make for it to work?
I have matched user-supplied password against password_hash(), with minimal diferences between the two versions of the code, by modifying user_login() to:
public function user_login($email, $password) {
$pass_hash_query = $this->db
->select('password')
->get_where('authors', ['email' => $email]);
$pass_hash = $pass_hash_query->row()->password;
if (password_verify($password, $pass_hash)) {
$query = $this->db->get_where('authors', ['email' => $email, 'password' => $pass_hash]);
return $query->row();
}
}
In the Login controller I have:
public function login() {
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error-message">', '</p>');
if ($this->form_validation->run()) {
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->first_name,
'user_is_admin' => $current_user->is_admin,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
// After login, display flash message
$this->session->set_flashdata('user_signin', 'You have signed in');
//and redirect to the posts page
redirect('/');
} else {
// If the user found is NOT active
$this->session->set_flashdata("login_failure_activation", "Your account has not been activated yet.");
redirect('login');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("login_failure_incorrect", "Incorrect email or password.");
redirect('login');
}
}
else {
$this->index();
}
}
I hope this is useful to many people other than me.
You can not directly check the strings if password_hash is used. Because it gives different string every time.
In order to check equality of your password, you need to use password_verify method.
You can get the whole document here.
LINK BELOW:
securely-hash-passwords-with-php
I am having a trouble on displaying my admin's full name, like for example admin full name is John Doe, it is not displaying. I am still learning codeigniter please give me advice thank you!
here is my controller
//Get username
$username = $this->input->post('username');
//Get and encrypt the password
$password = $this->input->post('password');
// Login user
$user_id = $this->role_model->login($username, $password);
if ($user_id) {
// Create session
$user_data = array(
'user_id' => $user_id,
'name' => $user_id->name,
'username' => $username,
'logged_in' => true
);
$this->session->set_userdata($user_data);
//Set message
$this->session->set_flashdata('user_loggedin','You are now logged in');
redirect('pages/index');
here is my View - where I would like to display my full name, as you can see 'name' is the data field I have to display but it is does not show anything, it gives an error that says name is not defined.
<li><a> Welcome, <?php echo $this->session->name ?> </a></li>
Model
public function login($username, $password){
//Validate
$this->db->where('username',$username);
$this->db->where('password',$password);
$result = $this->db->get('users');
if ($result->num_rows() == 1) {
return $result->row(0)->id;
}else{
return false;
}
}
Your method login() returns only id = digit (return $result->row(0)->id;), not object (in controller your get $user_id->name).
Do this, in the model:
if ($result->num_rows() == 1) {
return $result->row(0); // fix
}else{
return false;
}
In the controller:
$user = $this->role_model->login($username, $password);
$user_data = array(
'user_id' => $user->id, // fix
'name' => $user->name, // fix
'username' => $username,
'logged_in' => true
);
It shows undefined because it is indeed undefined.
In your view your're trying to echo the returning value of a function called userdata(), does that function actually exist? Or is $this->session->userdata an array? in which that case, you need to use [ index ] to acces a member within an array. i.e. $this->session->userdata['name'], but also, that member needs to exist first.
controller :
if($this->Login_model->login_valid($email,$password))
{
$sessiondata = array(
'username' => $email
);
$this->session->set_userdata('logged_in', $sessiondata);
redirect('narson');
}
else
{
$this->session->set_flashdata('error',"Invalid Username And password");
redirect('login');
}
model:
public function login_valid($username,$password)
{
$this->db->where('username',$username);
$this->db->where('password',$password);
$query = $this->db->get('admin');
if($query->num_rows() > 0)
{
return true;
}
else
{
return false;
}
}
I am developing a login method in my project. I can not keep all my user data in the session after login. I can only keep the data which I used for my login.
Like I can keep email and type in my session But I can not keep the name of the user in the session.
My controller
public function login()
{
$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email');
$this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[3]|alpha_dash');
$this->form_validation->set_rules('type', 'Type', 'trim|required');
if($this->form_validation->run() == FALSE)
{
/*=== LOAD DYNAMIC CATAGORY ===*/
$this->load->model('admin_model');
$view['category'] = $this->admin_model->get_category();
/*==============================*/
$view['user_view'] = "users/login";
$this->load->view('layouts/user_layout', $view);
}
else
{
$this->load->model('user_model');
$email = $this->input->post('email');
$password = $this->input->post('password');
$type = $this->input->post('type');
$user_data = $this->user_model->login_user($email, $password, $type);
if($user_data)
{
$login_data = array(
'user_data' => $user_data,
'email' => $email,
'type' => $type,
'name' => $name,
'logged_in' => true
);
$this->session->set_userdata($login_data);
My model
public function login_user($email, $password, $type)
{
$this->db->where('email', $email);
$this->db->where('type', $type);
$result = $this->db->get('users');
$db_password = $result->row('password');
if(password_verify($password, $db_password))
{
return $result->row(0)->id;
}
else
{
return false;
}
}
I want to keep all data of a user into the session after login. How I can do that?
You are close to having what you want. The biggest problem is with this line
return $result->row(0)->id;
Because that returns only the value of the 'id' column. Fix that (and make the code more compact) like this
public function login_user($email, $password, $type)
{
$result = $this->db
->where(array('email' => $email, 'type' => $type))
->get('users')
->row(0); //$result is the whole row - all the columns
if($result && password_verify($password, $result->password))
{
return $result;
}
return false;
}
Then the important part of the controller makes use of getting the whole row with this.
$user_data = $this->user_model->login_user($email, $password, $type);
if($user_data)
{
$login_data = array(
'user_data' => $user_data, //all the columns from row(0)
'email' => $user_data->email, //email column from row(0)
'type' => $type,
'name' => $user_data->name, // name column from row(0)
'logged_in' => true
);
$this->session->set_userdata($login_data);
}
Please I have created a login and passed email and id and I can access them in my view. But I am unable to access other userdata like name, phone, etc. Am only able to access email, id and session id. Your help is appreciated.
here is my model
public function login($email, $password){
$this->db->select('*');
$this->db->from($this->table);
$this->db->where('email', $email);
$this->db->where('passwd', $password);
$this->db->limit(1);
$query = $this->db->get();
if ($query->num_rows() == 1) {
return $query->row()->uid;
}
else {
return FALSE;
}
}
here is my controller
public function login(){
$this->form_validation->set_rules('email', 'Email', 'trim|required');
$this->form_validation->set_rules('password', 'Password', 'trim|required');
if($this->form_validation->run() == FALSE) {
echo validation_errors('<p class="alert alert-dismissable alert-danger">');
}
else{
//Get post data
$email = $this->input->post('email');
$password = $this->input->post('password');
$enc_pwd = sha1($password);
$id = $this->User_model->login($email, $enc_pwd);
if($id){
$userdata = array(
'id' => $id,
'email' => $email,
'logged_in' => TRUE
);
//Set session data
$this->session->set_userdata($userdata);
//Redirect to Users page
redirect('site/dashboard');
}
else{
//Create Error
$this->session->set_flashdata('error', 'Login credentials are incorrect');
//Redirect to Users page
redirect('site/login');
}
//Add activity
//$this->Activity_model->add($data);
}
//Load the login template
$this->load->view('public/login');
}
You can set your sesssion in the Model
Refer the code below.Check how to set other variables in session
Model
function login($email, $password)
{
$this -> db -> select('*');
$this -> db -> from($this->table);
$this->db->where('email', $email);
$this->db->where('passwd', $password);
$this->db->limit(1);
$query = $this -> db -> get();
if($query -> num_rows() == 1)
{
$row = $query->row();
$data = array(
'email'=> $email,
'id' => $row->id,
'name' => $row->name,
'phone' => $row->phone,
'logged_in' => TRUE
);
$this->session->set_userdata($data);
return true;
}
else
{
return false;
}
}
Anywhere you can call that session variable.
I have installed ion auth and everything is up and functional. The only problem I have is I want to change the login to use the visitors username instead of e-mail. I change the CONFIG option in the ion_auth.php config file and it still doesnt work. Is there an extra step Im missing??
ion_auth config
/**
* A database column which is used to
* login with.
**/
$config['identity'] = 'username';
login() in the controller
//log the user in
function login()
{
$this->data['title'] = "Login";
//validate form input
$this->form_validation->set_rules('email', 'E-mail Address', 'required|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == true)
{ //check to see if the user is logging in
//check for "remember me"
$remember = (bool) $this->input->post('remember');
if ($this->ion_auth->login($this->input->post('email'), $this->input->post('password'), $remember))
{ //if the login is successful
//redirect them back to the home page
$this->session->set_flashdata('message', $this->ion_auth->messages());
redirect($this->config->item('base_url'), 'refresh');
}
else
{ //if the login was un-successful
//redirect them back to the login page
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect('auth/login', 'refresh'); //use redirects instead of loading views for compatibility with MY_Controller libraries
}
}
else
{ //the user is not logging in so display the login page
//set the flash data error message if there is one
$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
$this->data['email'] = array('name' => 'email',
'id' => 'email',
'type' => 'text',
'value' => $this->form_validation->set_value('email'),
);
$this->data['password'] = array('name' => 'password',
'id' => 'password',
'type' => 'password',
);
$this->load->view('auth/login', $this->data);
}
}
login() model
public function login($identity, $password, $remember=FALSE)
{
if (empty($identity) || empty($password) || !$this->identity_check($identity))
{
return FALSE;
}
$query = $this->db->select($this->identity_column.', id, password, group_id')
->where($this->identity_column, $identity)
->where('active', 1)
->where($this->ion_auth->_extra_where)
->limit(1)
->get($this->tables['users']);
$result = $query->row();
if ($query->num_rows() == 1)
{
$password = $this->hash_password_db($identity, $password);
if ($result->password === $password)
{
$this->update_last_login($result->id);
$group_row = $this->db->select('name')->where('id', $result->group_id)->get($this->tables['groups'])->row();
$session_data = array(
$this->identity_column => $result->{$this->identity_column},
'id' => $result->id, //kept for backwards compatibility
'user_id' => $result->id, //everyone likes to overwrite id so we'll use user_id
'group_id' => $result->group_id,
'group' => $group_row->name
);
$this->session->set_userdata($session_data);
if ($remember && $this->config->item('remember_users', 'ion_auth'))
{
$this->remember_user($result->id);
}
return TRUE;
}
}
return FALSE;
}
Why are you still processing email in the controller (instead of username)?
You need to change your controller since it is still grabbing email from POST and using it to try to login.
You should add an index in the users table of username column