I found other people with the same issue but couldn't find the solution to my problem. My error message is not displayed when the login fails if using the callback function.
loginController.php
public function validate_credentials () {
$this->load->model('users_model');
$query = $this->users_model->validate();
if($query)
{
$data = array(
'username' => $this->input->post('username'),
'is_logged_in' => true
);
$this->session->set_userdata($data);
redirect('/member/homes');
}
else
{
$this->form_validation->set_rules('username', 'Username', 'trim|required|callback_check_username_exists'); //test
$data['lofin_failed'] = 'Wrong usename or password'; // I added this line in the meantime to display an error message.
$this->load->view('header');
$this->load->view('navbar');
$this->load->view('loginForm', $data);
$this->load->view('footer');
}
}
public function check_username_exists()
{
$this->form_validation->set_message('check_username_exists', 'Wrong username or password!!');
return false;
}
users_model.php
public function validate() {
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('game_players');
if($query -> num_rows() == 1) { // if we have one match
return true;
}
}
There is form validation rule :
is_unique[table.field]
that checks database if the username is unique, you don't need callback.
You can check it here https://ellislab.com/codeigniter/user-guide/libraries/form_validation.html
And you can use session flashdata instead of $data['lofin_failed']
you can check that here https://ellislab.com/codeigniter/user-guide/libraries/sessions.html
I found the problem. I simply forgot to add echo validation_errors(); at the beginning of the page....
Related
Using codeigniter hashed my password with BCRYPT, seems that everytime I login I redirect to the success page. So I am figuring password verify is not working, even if I enter the incorrect login it still redirects, does not throw the form_validation errors either.
I used the documentation to set it up along with the guides on SO. Will eventually go to Ion Auth but want to know how to fix this. As I am still learning code igniter mvc.
Model
class user_model extends CI_Model{
public function register($encrypt_pass){
$data = array(
'name'=> $this->input->post('name'),
'email'=> $this->input->post('email'),
'username'=> $this->input->post('username'),
'password'=>password_hash($encrypt_pass,PASSWORD_BCRYPT)
);
return $this->db->insert('customers',$data);
}
public function login($username,$password){
//validate the inputs from form
$this->db->where('username',$username);
$query = $this->db->get('customers'); //customers is the table
$result = $query->row_array();
if(!empty($result) && password_verify($password, $result['password'])){
return $result;
}
else{
return "false";
}
}
}
Controller
public function login()
{
$this->form_validation->set_rules('username','Username','required');
$this->form_validation->set_rules('password','Password','required');
if($this->form_validation->run()=== FALSE){
$this->load->view('templates/header');
$this->load->view('users/login',$data);
$this->load->view('templates/footer');
}
else {
//Getting username
$username = $this->input->post('Username');
//Getting and ecrypting password
$password = $this->input->post('Password');//password hashed
$user_id = $this->user_model->login($result);
//checking for user/pass correct will set session if so
if($user_id){
$this->session->set_flashdata('user_loggedin','You are now logged in');
redirect('posts');
}
// If combo is incorrect will redirect
else{
$this->session->set_flashdata('user_loggedin','Login Failed, Please Try
Again');
redirect('users/login');
}
}
}
}
Here is a simple working login code, there are many ways how to do it, it's just an example.
ON YOUR MODEL
Create a function that will check/get the username's password.
public function _getUserPassword($user_name){
$data = array();
$this->db->select('PASSWORD');
$this->db->from('tbl_user');
$this->db->where('USER_NAME', $user_name);
$query = $this->db->get();
if($query->num_rows() > 0){
foreach($query->result_array() as $field_name => $field_value){
$data = $field_value;
}
return $data;
}
else{
return false;
}
}
I've seen your's just selecting it.
We need to use that _getUserPassword function on we call it verify function
function verify($username, $password){
$data = array();
$userNameExists = $this->_getUserPassword($username);
if(password_verify($password, $userNameExists['PASSWORD'])){
$this->db->select('*');
$this->db->from('tbl_user AS user');
$this->db->where('USER_NAME', $username);
$query = $this->db->get();
if($query->num_rows() > 0){
foreach($query->result_array() as $field_name => $field_value){
$data = $field_value;
}
return $data;
}
else{
return false;
}
}
else{
return false;
}
}
So if the verification is success it will return the data to your controller, Let's use your controller.
Let's assume that you changed the models
ON YOUR CONTROLLER
public function login()
{
$this->form_validation->set_rules('username','Username','required');
$this->form_validation->set_rules('password','Password','required');
if($this->form_validation->run()=== FALSE){
$this->load->view('templates/header');
$this->load->view('users/login',$data);
$this->load->view('templates/footer');
}else {
//Getting username
$username = $this->input->post('Username');
//Getting and ecrypting password
$password = $this->input->post('Password');
$user_id = $this->user_model->verify($username,$password);
//checking for user/pass correct will set session if so
if($user_id){
$this->session->set_userdata('user_loggedin','You are now logged in');
redirect('posts');
}else{
//DO NOT SET USER DATA SESSION HERE UNLESS IT WILL AUTOMATICALLY LOGGED IN.
redirect('users/login');
}
}
}
Hope this helps!
where you are checking that password is matching or not.
try this in your controller.after user check.
if($user>0){
if (password_verify($this->input->post('Password'), $user_id['password'])) {
//success message
}
else{
//error message.password is invalid
}
I'm trying to achieve to login implementation in CodeIgniter, I'm hashing password while registration like password_hash($this->input->post('password'),PASSWORD_DEFAULT) in my Controller and in the same Controller I'm trying to write a login method which is as followed :
public function loginValidation() {
$this->form_validation->set_rules('email', 'Email', 'trim|required');
$this->form_validation->set_rules('password', 'Password', 'trim|required');
if ($this->form_validation->run()) {
// true
$email = $this->input->post('email');
$password = $this->input->post('password');
// User Model Loaded in constructor
if ($this->user->canLogin($email, $password)) {
$session_data = array('email' => $email );
$this->session->set_userdata($session_data);
redirect('profile/personal','Refresh');
} else {
$this->session->set_flashdata('error', 'Invalid Username or Password');
//redirect('login','Refresh');
}
} else {
// try again to login
//redirect('login','Refresh');
}
}
My user Model function is
public function canLogin($email, $password) {
$this->db->where('email',$email);
$this->db->where('password',$password);
$query = $this->db->get($this->tableName);
if ($query->num_rows() > 0) {
return true;
} else {
return false;
}
}
I know I have to password_verify($string,$hash) at some point but I'm unable to figure out.
How do I validate the password against email and redirect to the desired view i.e. personal/profile and I'm making request via AJAX call.
What you need to do is fetch the record from the DB where only the email matches (assuming it is the Unique key). Then you compare the returned value using password_verify().
This is very rough and untested, but should give you an idea:
public function canLogin($email, $password) {
$this->db->where('email',$email);
// $this->db->where('password',$password);
$query = $this->db->get($this->tableName);
$row = $query->row();
return $row ? password_verify($password, $row->password) : false;
}
I'm getting error when login to my project and then goto the base url. The below is the error which i get
My Login page [ see the url ]
After logging in , if i remove the highlighted segments[pls see below image] after which i get the above error
I know these error are due to headers so can somebody help me in saying what error am i making in header. An also say how to make good use of session so that the form is to resubmitted when i refresh after logging in. Below are the header codes.
login header
<?php if(isset($this->session->userdata['logged'])){
header("location: http://localhost/capacity_planner/login/login_check");
}
?>
admin dashboard[after logging in header]
<?php if(isset($this->session->userdata['logged'])){
$email = ($this->session->userdata['logged']['email']);
}else{
header("location: http://localhost/capacity_planner/login");
}
?>
controller side
public function login_check(){
$data['base_url'] = base_url();
$this->form_validation->set_rules('email', 'Email', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
if ($this->form_validation->run($this) == false) {
$this->index();
} else {
if(isset($this->session->userdata['logged'])) {
$data['login_bg'] = $this->input->post('login_bg');
$this->load->view("admin_db", $data);
}
}
function check_database($password){
$email= $this->input->post('email');
$user = $this->user->loginCheck($email, $password);
if($user[1] == 1){
$result = $this->user->user_details($email);
if($result != false) {
$session_data = array(
'id' => $result[0]->id,
'email' => $result[0]->cp_email,
);
$this->session->set_userdata('logged', $session_data);
return true;
}
} else{
$this->form_validation->set_message('check_database', $user[0]);
return false;
}
}
ERR_TOO_MANY_REDIRECTS is caused when strucked up in a conditional loop
I assume you want to redirect to admin dashboard if you go to index after logged in..
Try adding these lines in your public function index()
public function index(){
if(isset($this->session->userdata['logged'])) {
//admin_db display function eg.redirect('admindashboard');
}
else{
//load your index view
this->load->view('your_index_view');
}
}
or you can check reverse way in admin dashboard function like this
public function dashboard(){
if($this->session->userdata('logged') == ''){
redirect('index');
}
else{
$this->load->view('dashboard view');
}
}
This is my assumption.Kindly check it.
OK I am trying to build a user profile where there first_name, password and username are shown in the view.
because password and username are set in the model its very easy to set the session userdata in the controller then have it shown in the view.
how could I also set a sessions to get first_name without puting it in the validation function ?
thank you, im new to codeigniter and MVC,
thanks for any help.
Model
function validate()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('membership');
if($query->num_rows() == 1)
{
return true;
}
}
controler
function validate_credentials()
{
$this->load->model('member_model');
$query = $this->member_model->validate();
if ($query) // if user cred validate the user session start
{
$data = array(
'username' => $this->input->post('username'),
'password' => $this->input->post('password'),
'is_logged_in' => true
);
$this->session->set_userdata($data);
redirect('members/members_area');
} else {
$this->index();
echo 'Incorrect Password or Username';
}
}
view
<h2>Welcome Back, <?php echo $this->session->userdata('username'); ?>!</h2>
<h2>your password, <?php echo $this->session->userdata('password'); ?>!</h2>
Validation Function
function validate()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('membership');
if($query->num_rows() == 1)
{
return $query->row();
}
else
{
return false;
}
}
In Controller
function validate_credentials()
{
$this->load->model('member_model');
$query = $this->member_model->validate();
if ($query) // if user cred validate the user session start
{
$data = array(
'username' => $query->username,
'password' => $query->password,
'first_name'=>$query->firstname
'is_logged_in' => true
);
$this->session->set_userdata($data);
redirect('members/members_area');
} else {
$this->index();
echo 'Incorrect Password or Username';
}
}
I am creating a login form but it does not do the validation rightly against the value in the database. when I put in the wrong password it still redirects me to the page that needs login access
CONTROLLER
public function login() {
$this->form_validation->set_rules('username', 'Username', 'trim|required|alpha_numeric|min_length[6]|max_length[12]|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|alpha_numeric|min_length[6]|max_length[6]|xss_clean');
if ($this->form_validation->run() == FALSE) {
// return main page if submitted form is invalid.
$this->load->view('abt_login');
} else {
$this->load->model('abt_db');
$q = $this->abt_db->check_login();
if($q)
{
$data = array(
'email' => $this->input->post('email'),
'password' => $this->input->post('password'),
);
$this->session->set_userdata($data);
redirect('index.php/abovetheblues/abt-abovetheblues');
}
else
{
redirect('index.php/abovetheblues/abt_selfhelp');
}
}
}
MODEL
function check_login() {
$this->load->database();
$this->db->where('email', $this->input->post('email'));
$this->db->where('password', $this->input->post('password'));
$q = $this->db->get('user');
if ($q->num_rows == 1) {
return true;
}
}
num_rows is a function and you not call the function
Try to change this:
if ($q->num_rows == 1) {
return true;
}
to this:
if ($q->num_rows() == 1) {
return true;
}
Consider passing the two variables to the function instead of trying to grab them from the input class:
Controller:
$this->load->model('abt_db');
$q = $this->abt_db->check_login($this->input->post('email'), $this->input->post('password'));
Model:
function check_login($email, $password) {
$this->load->database();
$this->db->where('email', $email);
$this->db->where('password', $password); ## VERY UNSECURE - SEE BELOW
$q = $this->db->get('user');
if ($q->num_rows() == 1) { ## as seen in the previous answer
return true;
}
return false; ## You NEED to have this.
}
PLEASE NOTE:
You are checking the password directly with the database in plaintext. This is a terrible idea and will lead to your application getting compromised.
I strongly recommend you read this excellent primer on password security:
Salting Password Hashing