I tried to make a change password function, but nothing happened.I actually adapted codeigniter change password code but again, nothing happened.Here I attached the code, any hep would be appreciated.
the controller -
function change_password_process()
{
$this->load->view('ubahpassword_view');
$this->load->library('form_validation');
$this->load->library('session');
$this->form_validation->set_rules('pass_lama','Password Lama','trim|required|min_length[4]|max_length[32]');
$this->form_validation->set_rules('pass_baru','Password Baru','trim|required|min_length[4]|max_length[32]');
$this->form_validation->set_rules('ulangpass_baru','Ulangi Password Baru','trim|required|min_length[4]|max_length[32]|matches[pass_baru]');
if ($this->form_validation->run() == FALSE)
{
redirect('ubahpassword');
}
else
{
$query = $this->rekammedis_model->change_password();
redirect('ubahpassword');
}
}
The model -
function change_password()
{
$this->db->select('id');
$this->db->where('username', $this->session->userdata('username'));
$this->db->where('id', $this->session->userdata('id'));
$this->db->where('password', md5($this->input->post('pass_lama')));
$query = $this->db->get('user');
if ($query->num_rows() > 0)
{
$row = $query->row();
if($row->id === $this->session->userdata('id'))
{
$data = array(
'password' => md5($this->input->post('pass_lama'))
);
$this->db->where('username', $this->session->userdata('username'));
$this->db->where('password', md5($this->input->post('pass_lama')));
if($this->db->update('user', $data))
{
return "Password berhasil diganti!";
}
else
{
return "Terdapat kesalahan, password tidak terganti";
}
}
else
{
return "Terdapat kesalahan, password tidak terganti";
}
}
else
{
return "Password lama salah";
}
}
Assuming baru means new and lama means old.
You were changing your old password with old password itself (pass_baru)
So Replace
$data = array('password' => md5($this->input->post('pass_lama')));
with
$data = array('password' => md5($this->input->post('pass_baru')));
UPDATE
Found Another Bug
if ($this->form_validation->run() == FALSE)
{
redirect('ubahpassword');
}
You can't redirect it, if you do, you won't get validated here.
Load your view here itself. Also update your code above if it does not work
Related
I am building a website wherein I have an admin and user page. I have a problem wherein I can access the admin page via URL even though I am logged in as a user. I have validation checks at the login page, however if I am already logged in as a user or as an admin, I can access all the pages. I want to restrict the pages to their roles only. Here's my code.
MY_Controller:
function __construct()
{
parent::__construct();
$this->is_logged_in();
$session_admin = $this->session->userdata('isAdmin');
$method = $this->router->fetch_method();
if(($session_admin == FALSE) && $method != 'login')
{
$this->session->set_flashdata( 'message', 'You need to login to access this location' );
redirect('user_home');
}
else
{
redirect('admin_ticketing/new_tickets');
}
}
function is_logged_in()
{
$is_logged_in = $this->session->userdata('is_logged_in');
if(!isset($is_logged_in) || $is_logged_in != true) {
redirect('login');
die();
}
}
Model:
function validate()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', $this->input->post('password'));
$query = $this->db->get('accounts');
$result = $query->row();
if($query->num_rows() == 1)
{
return true;
}
else
{
return false;
}
}
function check_role()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', $this->input->post('password'));
$this->db->where('role', 1);
$query = $this->db->get('accounts');
$result = $query->row();
if($query->num_rows() == 1)
{
$data = array(
'userid' => $result->userid,
'username' => $result->username,
'password' => $result->password,
'firstname' => $result->firstname,
'lastname' => $result->lastname,
'email' => $result->email,
'address' => $result->address,
'monthly_dues' => $result->monthly_dues,
'arrears' => $result->arrears,
'isAdmin' => true,
'contactnum' => $result->contactnum,
'role' => $result->role,
'is_logged_in' => true
);
$this->session->set_userdata($data);
return true;
}
else
{
return false;
}
}
function check_user()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', $this->input->post('password'));
$this->db->where('role', 0);
$query = $this->db->get('accounts');
$result = $query->row();
if($query->num_rows() == 1)
{
$data = array(
'userid' => $result->userid,
'username' => $result->username,
'password' => $result->password,
'firstname' => $result->firstname,
'lastname' => $result->lastname,
'email' => $result->email,
'address' => $result->address,
'monthly_dues' => $result->monthly_dues,
'arrears' => $result->arrears,
'isAdmin' => false,
'contactnum' => $result->contactnum,
'role' => $result->role,
'is_logged_in' => true
);
$this->session->set_userdata($data);
return true;
}
else
{
return false;
}
}
function check_active()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', $this->input->post('password'));
$this->db->where('isActive', 1);
$query = $this->db->get('accounts');
$result = $query->row();
if($query->num_rows() == 1)
{
return true;
}
else
{
return false;
}
}
Controller:
function validate_login()
{
$this->load->model('model_accounts');
$valid = $this->model_accounts->validate();
$isAdmin = $this->model_accounts->check_role();
$isUser = $this->model_accounts->check_user();
$isActive = $this->model_accounts->check_active();
if($valid && $isAdmin && $isActive) // Active Admin
{
redirect('admin_ticketing/new_tickets');
}
else if($valid && $isActive && $isUser) // Active User
{
redirect('user_home');
}
else if(($valid && $isAdmin) && $isActive == false) //Deactivated Admin
{
redirect('login/admindeact');
}
else if($valid && ($isActive && $isAdmin) == false) //Deactivated User
{
redirect('login/userdeact');
}
else if($valid == false) //Invalid Account
{
$data['message'] = "Sorry, the username and password you entered did not match our records. Please double-check and try again. ";
$this->template->load('template', 'view_login', $data);
}
}
You can check this in your controller, See this code,
function __construct()
{
parent::__construct();
$session_admin = $this->session->userdata('admin'); //getting admin session
$method = $this->router->fetch_method(); // get the current method
if(empty($session_admin) && $method != 'login'){ // check for admin session and methos is login
$this->session->set_flashdata( 'message', 'You need to login to access this location' );
redirect('admin/users/login');
}
}
If you only want to set roles for admin and front-user simply at the time of login, set a session value 'is_admin'
Then you can check if($is_admin) like that.
Whenever i run this code, i recieve a blank screen on submission. The code does not seem to work and i'm unsure why. Can anyone see an issue? I've checked it for syntax already mutliple times.
Controller:
public function changepwd(){
$this->form_validation->set_rules('oldpassword','Old Password','required|trim|xss_clean|callback_change');
$this->form_validation->set_rules('password1','New Password','required|trim');
$this->form_validation->set_rules('password2','Confirm Password','required|trim|matches[password1]');
if($this->form_validation->run()= true){
redirect('admin');
}else{
$this->form_validation->set_message('change','info is wrong');
redirect('admin');
}
}
public function change(){
$this->load->view('error_display');
$oldpass = $this->input->post('oldpassword');
if(isset($oldpass)){
if($this->input->post('password1') == $this->input->post('password2')){
$session=$this->session->userdata("logged_in");
$username= $session['username'];
$query = "SELECT * FROM database where username='$username'";
$result = $this->db->query($query);
$row=$result->row();
$pass = $row->password;
$s= $row->salt;
$user_old_pass = sha1($s.$oldpass);
if($pass == $user_old_pass){
$new = substr(uniqid(rand(), true), 0, 20);
$users_password = $this->input->post('pass1');
$new_password = sha1($new.$user_password);
$data = array($new,$new_password);
$this->update_model->insert_model($data);
$this->form_validation->set_message('change','saved');
$this->load->view('admin');
}else{
$this->form_validation->set_message('change','<p class="error">Incorrect Password</p>');
return false;
redirect('admin');
}
}else{
$this->form_validation->set_message('change','passwords dont match');
return false;
redirect('admin');
};
}else{
$this->form_validation->set_message('change','old password is not entered');
return false;
redirect('admin');
}
model:
function login($data)
{
$this->db->update('database', $data);
}
your
if($this->form_validation->run()= true){
should be
if($this->form_validation->run() == FALSE) {
because you are redirecting every time to 'admin'
I'm using php codeigniter for my project. In my login page if username and password is invalid just load the login page, else load the home. if invalid, First time it loads the login page again given the wrong details for login one controller name is added in url like local turns like localhost/project name/administrator/administrator/login_authentication
my code is
function index()
{
if($this->session->userdata('usertype') != '')
{
redirect('administrator/administrator_view');
}
else
{
$this->load->view('login');
}
}
function login_authentication()
{
$username=$this->input->post('username');
$password=$this->input->post('password');
$user = $this->administrator->admin_authentication($username,$password);
if(count($user) == 1)
{
foreach($user as $admin_value)
{
$user_name=$admin_value['UserName'];
$usertype=$admin_value['UserType'];
}
$session_data = array(
'username' => $user_name,
'usertype' => $usertype,
);
$this->session->set_userdata($session_data);
if($usertype == 1)
{
redirect('administrator/administrator_view');
}
}
else
{
$data['Invalid_Login']="Invalid Username and Password";
$this->load->view('login',$data);
}
}
function administrator_view()
{
if($this->session->userdata('usertype') == '')
{
redirect('administrator');
}
else
{
$data['heading'] = '';
$this->load->view('header', $data);
$this->load->view('dashboard', $data);
$this->load->view('footer');
}
}
Admin authentication function
function admin_authentication($username, $password)
{
$this->db->select('*');
$this->db->from('user');
$this->db->where('UserName',$username);
$this->db->where('Password',$password);
$query = $this->db->get();
return $query->result_array();
}
I'm trying more than one time given not correct information for login everytime one controller name added in url. Please help me.
Thanks in advance.
change
$this->session->set_userdata($session_data);
to
$this->session->set_userdata(('some_name', $session_data);
and change
if($this->session->userdata('usertype') == '')
in all area to
$ses = $this->session->userdata('some_name');
if($ses['usertype'] == '')
and try....
first of all check if there is an post request in your function login_authentication() like this:
function login_authentication()
{
if( $this->input->post(null) ){
//your authentication code here
}else{
//load the login view here
}
}
Here is your function:
function login_authentication(){
if( $this->input->post(null) ){ //check if there is an post request
$username=$this->input->post('username');
$password=$this->input->post('password');
$user = $this->administrator->admin_authentication($username,$password);
print_r( $user );die(); //the user array as returned from the model see if its correct or not
if(count($user) == 1)
{
foreach($user as $admin_value)
{
$user_name=$admin_value['UserName'];
$usertype=$admin_value['UserType'];
}
$session_data = array(
'username' => $user_name,
'usertype' => $usertype,
);
print_r( $session_data );die; //see if it builds the correct array or not
//$this->session->set_userdata($session_data);
$this->session->set_userdata('user_info',$session_data); //to read the username use like $this->session->userdata['user_info']['username'];
if($usertype == 1)
{
redirect('administrator/administrator_view');
}
}else{ //invalid credentials load the login view
$this->session->set_flashdata('Invalid_Login', 'Invalid username or password!'); //to echo in view use $this->session->flashdata('Invalid_Login');
redirect('administrator', 'refresh');
}
}else{ //redirect to index function now
redirect('administrator', 'refresh');
}
}
In your function administrator_view(),
function administrator_view(){
if( !$this->session->userdata('user_info') ){
print_r( $this->session->all_userdata() );die('no session set redirecting'); //the session is not set here
redirect('administrator');
}
else{
$data['heading'] = '';
$this->load->view('header', $data);
$this->load->view('dashboard', $data);
$this->load->view('footer');
}
}
I am trying to make a change password code using the active records. That works fine but I need to know whether the password was successfully changed or that the current password was actually wrong.
I am using affected rows to see how many records were affected. The value should be 1 or 0, 1 when the password has been successfully changed and 0 when it hasn't changed (that is entered current password was wrong.) The affected rows would never return more than 1 because the username is unique. So it should work the way I am approaching it.
But it doesn't seem to work, because the affected rows function is always returning 1.
Here are the Codes
Controller:
function changepass() {
$this->form_validation->set_rules('pass', 'Password', 'required|matches[passconf]|min_length[6]|max_length[12]');
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'required');
if ($this->form_validation->run() == false) {
//if not valid
$this->session->set_flashdata('message', validation_errors());
redirect('profile');
} else {
//if valid
$current = $this->input->post('current');
$change = $this->input->post('pass');
$id = $this->input->post('id');
$flag = $this->profile_model->update_pass($current, $change, $id);
if ($flag = true) {// If Successful
$this->session->set_flashdata('message', $flag);
} else { // If Unsuccessful
$this->session->set_flashdata('message', 'Current Password is not valid');
}
redirect('profile');
}
}
Model:
function update_pass($current,$change,$id) {
$data = array('pass'=>$change);
$this->db->where('id',$id);
$this->db->where('pass',$current);
$this->db->update('users',$data);
return ($this->db->affected_rows());
}
change your model like this
function update_pass($current, $change, $id) {
$data = array('pass' => $change);
$this->db->where('id', $id);
$this->db->where('pass', $current);
$this->db->update('users', $data);
if ($this->db->affected_rows() > 0) {
return true;
} else {
return false;
}
}
And change your controller if statement by adding '==' instead of '='
if($flag == TRUE)// If Successful
{
$this->session->set_flashdata('message', $flag);
}
May be its due to query caching.Turn of query caching for this particular query and try.
// Turn caching off for this one query
$this->db->cache_off();
$data = array('pass'=>$change);
$this->db->where('id',$id);
$this->db->where('pass',$current);
$this->db->update('users',$data);
return ($this->db->affected_rows());
function update_pass($current, $change, $id)
{
$data = array('pass'=>$change);
$this->db->where('id',$id);
$this->db->where('pass',$current);
$this->db->update('users',$data);
//comment the return
//return ($this->db->affected_rows());
// echo formatted last query
echo '<pre>';
echo $this->db->last_query();
echo '</pre>';
die();
}
Are you sure you are supplying the right variables to do the update? Try this on you're model then test on you're phpmyadmin Or turn on profiler to see what queries are being run and what parameters are being passed on.
Or you can try
var_dump($this->db->affected_rows());
To see what is it returning.
try this code
function update_pass($current,$change,$id){
$data = array('pass'=>$change);
$this->db->where('id',$id);
$this->db->where('pass',$current);
$this->db->update('users',$data);
$query = $this->db->affected_rows();
if($query > 0){
return true;
}else{
return false;
}
}
This question already has answers here:
CI - show database error or fail
(2 answers)
Closed 9 years ago.
I've developed a simple login system which works OK but fails, and I need to know why.
QUESTION: How to show what is causing the fail?
Here's the database function:
function login($email,$password)
{
$this->db->where("email",$email);
$this->db->where("password",$password);
$query=$this->db->get("users");
if($query->num_rows()>0)
{
foreach($query->result() as $rows)
{
//add all data to session
$newdata = array(
'user_id' => $rows->id,
'user_name' => $rows->username,
'user_email' => $rows->email,
'logged_in' => TRUE,
);
}
$this->session->set_userdata($newdata);
return true;
}
return false;
}
And here's the logic:
public function login()
{
$this->load->library('form_validation');
// field name, error message, validation rules
$this->form_validation->set_rules('email', 'Your Email', 'trim|required|valid_email');
$this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[4]|max_length[32]');
if($this->form_validation->run() == FALSE)
{
$this->signin();
}
else
{
$email=$this->input->post('email');
$password=md5($this->input->post('pass'));
$result=$this->user_model->login($email,$password);
if($result)
{
$this->dash();
}
else
{
$data['title']= 'Login Error';
$this->load->view('nav/header', $data);
$this->load->view('login', $data);
$this->load->view('nav/footer', $data);
}
}
}
I know the error is happening as I redirect back to the login page if it fails and change the title text to show me (only in testing mode for right now). But how can I find out what is going wrong?
This is the check database function:
function login($email,$password)
{
$this->db->where("email",$email);
$this->db->where("password",$password);
$query=$this->db->get("users");
if($query->num_rows()>0)
{
foreach($query->result() as $rows)
{
//add all data to session
$newdata = array(
'user_id' => $rows->id,
'user_name' => $rows->username,
'user_email' => $rows->email,
'logged_in' => TRUE,
);
}
$this->session->set_userdata($newdata);
return true;
}
return false;
}
I assume all your php code is fine, then what you need is set custom form-validation-message for each input to know which input went wrong and echo them:
<?php echo validation_errors(); ?>
write below code in your view file
<section id="notification" >
<?php
if(validation_errors() !== '' ) {
echo "<div class='alert-msg error'>";
echo validation_errors();
echo "</div>";
}
$error = $this->session->flashdata('error');
$success = $this->session->flashdata('success');
if($error)
{
echo "<div class='alert-msg error'>";
echo $this->session->flashdata('error');
echo "</div>";
}
if($success)
{
echo "<div class='alert-msg success'>";
echo $this->session->flashdata('success');
echo "</div>";
}
?>
</section>
and set success/error message conditionally in flash data in controller ( see below)
if($result) {
$this->dash();
$this->session->set_flashdata('success', 'Login successfully.');
} else {
$this->session->set_flashdata('error', 'Login failed');
}
Read more Flashdata in CI
For your changed answer:
use below logic in your model
$qry = $this->db->get_where('users', array('username' => $this->_username ));
if ($qry->num_rows() == 1) {
$user = $qry->row_array();
$submitted_pass = md5($this->_password);
$db_pass = $user['password'];
if ($submitted_pass === $db_pass) {
return $user;
} else {
// wrong username/password
$this->session->set_flashdata('error', $this->errorList[10]);
return FALSE;
}
} else {
// no such username exist
$this->session->set_flashdata('error', $this->errorList[15]);
return FALSE;
}