OK I am trying to build a user profile where there first_name, password and username are shown in the view.
because password and username are set in the model its very easy to set the session userdata in the controller then have it shown in the view.
how could I also set a sessions to get first_name without puting it in the validation function ?
thank you, im new to codeigniter and MVC,
thanks for any help.
Model
function validate()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('membership');
if($query->num_rows() == 1)
{
return true;
}
}
controler
function validate_credentials()
{
$this->load->model('member_model');
$query = $this->member_model->validate();
if ($query) // if user cred validate the user session start
{
$data = array(
'username' => $this->input->post('username'),
'password' => $this->input->post('password'),
'is_logged_in' => true
);
$this->session->set_userdata($data);
redirect('members/members_area');
} else {
$this->index();
echo 'Incorrect Password or Username';
}
}
view
<h2>Welcome Back, <?php echo $this->session->userdata('username'); ?>!</h2>
<h2>your password, <?php echo $this->session->userdata('password'); ?>!</h2>
Validation Function
function validate()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('membership');
if($query->num_rows() == 1)
{
return $query->row();
}
else
{
return false;
}
}
In Controller
function validate_credentials()
{
$this->load->model('member_model');
$query = $this->member_model->validate();
if ($query) // if user cred validate the user session start
{
$data = array(
'username' => $query->username,
'password' => $query->password,
'first_name'=>$query->firstname
'is_logged_in' => true
);
$this->session->set_userdata($data);
redirect('members/members_area');
} else {
$this->index();
echo 'Incorrect Password or Username';
}
}
Related
Using codeigniter hashed my password with BCRYPT, seems that everytime I login I redirect to the success page. So I am figuring password verify is not working, even if I enter the incorrect login it still redirects, does not throw the form_validation errors either.
I used the documentation to set it up along with the guides on SO. Will eventually go to Ion Auth but want to know how to fix this. As I am still learning code igniter mvc.
Model
class user_model extends CI_Model{
public function register($encrypt_pass){
$data = array(
'name'=> $this->input->post('name'),
'email'=> $this->input->post('email'),
'username'=> $this->input->post('username'),
'password'=>password_hash($encrypt_pass,PASSWORD_BCRYPT)
);
return $this->db->insert('customers',$data);
}
public function login($username,$password){
//validate the inputs from form
$this->db->where('username',$username);
$query = $this->db->get('customers'); //customers is the table
$result = $query->row_array();
if(!empty($result) && password_verify($password, $result['password'])){
return $result;
}
else{
return "false";
}
}
}
Controller
public function login()
{
$this->form_validation->set_rules('username','Username','required');
$this->form_validation->set_rules('password','Password','required');
if($this->form_validation->run()=== FALSE){
$this->load->view('templates/header');
$this->load->view('users/login',$data);
$this->load->view('templates/footer');
}
else {
//Getting username
$username = $this->input->post('Username');
//Getting and ecrypting password
$password = $this->input->post('Password');//password hashed
$user_id = $this->user_model->login($result);
//checking for user/pass correct will set session if so
if($user_id){
$this->session->set_flashdata('user_loggedin','You are now logged in');
redirect('posts');
}
// If combo is incorrect will redirect
else{
$this->session->set_flashdata('user_loggedin','Login Failed, Please Try
Again');
redirect('users/login');
}
}
}
}
Here is a simple working login code, there are many ways how to do it, it's just an example.
ON YOUR MODEL
Create a function that will check/get the username's password.
public function _getUserPassword($user_name){
$data = array();
$this->db->select('PASSWORD');
$this->db->from('tbl_user');
$this->db->where('USER_NAME', $user_name);
$query = $this->db->get();
if($query->num_rows() > 0){
foreach($query->result_array() as $field_name => $field_value){
$data = $field_value;
}
return $data;
}
else{
return false;
}
}
I've seen your's just selecting it.
We need to use that _getUserPassword function on we call it verify function
function verify($username, $password){
$data = array();
$userNameExists = $this->_getUserPassword($username);
if(password_verify($password, $userNameExists['PASSWORD'])){
$this->db->select('*');
$this->db->from('tbl_user AS user');
$this->db->where('USER_NAME', $username);
$query = $this->db->get();
if($query->num_rows() > 0){
foreach($query->result_array() as $field_name => $field_value){
$data = $field_value;
}
return $data;
}
else{
return false;
}
}
else{
return false;
}
}
So if the verification is success it will return the data to your controller, Let's use your controller.
Let's assume that you changed the models
ON YOUR CONTROLLER
public function login()
{
$this->form_validation->set_rules('username','Username','required');
$this->form_validation->set_rules('password','Password','required');
if($this->form_validation->run()=== FALSE){
$this->load->view('templates/header');
$this->load->view('users/login',$data);
$this->load->view('templates/footer');
}else {
//Getting username
$username = $this->input->post('Username');
//Getting and ecrypting password
$password = $this->input->post('Password');
$user_id = $this->user_model->verify($username,$password);
//checking for user/pass correct will set session if so
if($user_id){
$this->session->set_userdata('user_loggedin','You are now logged in');
redirect('posts');
}else{
//DO NOT SET USER DATA SESSION HERE UNLESS IT WILL AUTOMATICALLY LOGGED IN.
redirect('users/login');
}
}
}
Hope this helps!
where you are checking that password is matching or not.
try this in your controller.after user check.
if($user>0){
if (password_verify($this->input->post('Password'), $user_id['password'])) {
//success message
}
else{
//error message.password is invalid
}
I found other people with the same issue but couldn't find the solution to my problem. My error message is not displayed when the login fails if using the callback function.
loginController.php
public function validate_credentials () {
$this->load->model('users_model');
$query = $this->users_model->validate();
if($query)
{
$data = array(
'username' => $this->input->post('username'),
'is_logged_in' => true
);
$this->session->set_userdata($data);
redirect('/member/homes');
}
else
{
$this->form_validation->set_rules('username', 'Username', 'trim|required|callback_check_username_exists'); //test
$data['lofin_failed'] = 'Wrong usename or password'; // I added this line in the meantime to display an error message.
$this->load->view('header');
$this->load->view('navbar');
$this->load->view('loginForm', $data);
$this->load->view('footer');
}
}
public function check_username_exists()
{
$this->form_validation->set_message('check_username_exists', 'Wrong username or password!!');
return false;
}
users_model.php
public function validate() {
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('game_players');
if($query -> num_rows() == 1) { // if we have one match
return true;
}
}
There is form validation rule :
is_unique[table.field]
that checks database if the username is unique, you don't need callback.
You can check it here https://ellislab.com/codeigniter/user-guide/libraries/form_validation.html
And you can use session flashdata instead of $data['lofin_failed']
you can check that here https://ellislab.com/codeigniter/user-guide/libraries/sessions.html
I found the problem. I simply forgot to add echo validation_errors(); at the beginning of the page....
What I'd like to do is on validating a CI user, when setting their session data, pull some data from a field set in the db.
At the moment I have this within my controller;
function validate()
{
$query = $this->model_auth->validate();
if ($query) // if the user's credentials validated
{
$data = array(
'username' => $this->input->post('username'),
'is_logged_in' => TRUE
);
$this->session->set_userdata($data);
redirect('dashboard/');
} else {
$data['error'] = 'Invalid User Id and Password combination';
$this->load->view('view_login',$data);
}
}
and this is my model
function validate() {
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('users');
if($query->num_rows == 1) { return TRUE; }
}//validate
What I'd like to do is set something like this;
$data = array(
'username' => $this->input->post('username'),
'user_level' => $ThisIsSomethingWithinTheDB,
'is_logged_in' => TRUE
);
Within my controller, with $ThisIsSomethingWithinTheDB relating to the relevant entry within the db under the user_level column.
I'm currently still very much learning as I go so any help would be very much appreciated.
If you want to set something equal to something from your database you're going to have to retrieve it first.
I'm not too familiar going with CI's ActiveRecord as I prefer to use Laravel and Eloquent but from what I can tell looking at the docs:
$this->db->get('users')
... would be equivalent to:
SELECT * FROM users
and if that's the case, you should be able to set:
$data['user_level'] = $ThisIsSomethingWithinTheDB
or
$this->session->set_userdata('user_level') = $ThisIsSomethingWithinTheDB
Modify your validate() function, to return the DB results.
function validate()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', $this->input->post('password'));
$query = $this->db->get('users');
if ( $query->num_rows() > 0 )
{
$result = $query->result();
return $result[0];
}
else
{
return false;
}
}
Now, you can access the DB results, like this in your controller...
if ($query)
{
$data = array(
'username' => $this->input->post('username'),
'user_level' => $query->user_level, // This is "user_level" row from your DB
'is_logged_in' => true
);
}
Hope this helps.
Thanks for your help both,
I was able to achieve this as follows;
model;
function validate() {
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('users');
if($query->num_rows == 1)
{
return $query;
}
else
{
return FALSE;
}
}
Controller;
function validate()
{
$query = $this->model_auth->validate();
if ($query) // if the user's credentials validated
{
$user_data = $query->row();
$data = array(
'username' => $this->input->post('username'),
'user_level' => $user_data->user_level,
'is_logged_in' => TRUE
);
$this->session->set_userdata($data);
redirect('dashboard/');
} else {
$data['error'] = 'Invalid User Id and Password combination';
$this->load->view('view_login',$data);
}
}
Thanks again for your help!
I am creating a login form but it does not do the validation rightly against the value in the database. when I put in the wrong password it still redirects me to the page that needs login access
CONTROLLER
public function login() {
$this->form_validation->set_rules('username', 'Username', 'trim|required|alpha_numeric|min_length[6]|max_length[12]|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|alpha_numeric|min_length[6]|max_length[6]|xss_clean');
if ($this->form_validation->run() == FALSE) {
// return main page if submitted form is invalid.
$this->load->view('abt_login');
} else {
$this->load->model('abt_db');
$q = $this->abt_db->check_login();
if($q)
{
$data = array(
'email' => $this->input->post('email'),
'password' => $this->input->post('password'),
);
$this->session->set_userdata($data);
redirect('index.php/abovetheblues/abt-abovetheblues');
}
else
{
redirect('index.php/abovetheblues/abt_selfhelp');
}
}
}
MODEL
function check_login() {
$this->load->database();
$this->db->where('email', $this->input->post('email'));
$this->db->where('password', $this->input->post('password'));
$q = $this->db->get('user');
if ($q->num_rows == 1) {
return true;
}
}
num_rows is a function and you not call the function
Try to change this:
if ($q->num_rows == 1) {
return true;
}
to this:
if ($q->num_rows() == 1) {
return true;
}
Consider passing the two variables to the function instead of trying to grab them from the input class:
Controller:
$this->load->model('abt_db');
$q = $this->abt_db->check_login($this->input->post('email'), $this->input->post('password'));
Model:
function check_login($email, $password) {
$this->load->database();
$this->db->where('email', $email);
$this->db->where('password', $password); ## VERY UNSECURE - SEE BELOW
$q = $this->db->get('user');
if ($q->num_rows() == 1) { ## as seen in the previous answer
return true;
}
return false; ## You NEED to have this.
}
PLEASE NOTE:
You are checking the password directly with the database in plaintext. This is a terrible idea and will lead to your application getting compromised.
I strongly recommend you read this excellent primer on password security:
Salting Password Hashing
I am using codeigniter framework. I have a login model and a controller with a view. I have admin as username and admin as password set in the users table in my db for test purpose.
But when ever I use admin13356 or admindsgsd or adminWHATEVER with admin as password, the login is successful. I dont understand why.
My controller function is as follows.
function check(){
$this->load->model('loginModel');
$query = $this->loginModel->validate();
if($query){
$data = array('username' => $this->input->post('username'),
'is_logged_in' => true
);
$this->session->set_userdata($data);
//redirecting to appropriate page
redirect('success');
}else{
$this->session->set_flashdata('loginCheck','Username/Password Comination Incorrect!');
redirect('login');
}
}
And my model is as below.
function validate(){
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('users');
if($query->num_rows() == 1){
return true;
}
}
function validate(){
// dump all post variables recieved
echo '<pre>';
print_r($this->input->post());
echo '</pre><br>';
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('users');
// Dump what the query result is
echo '<br><pre>';
print_r($query->result());
echo '</pre>';
//if($query->num_rows() == 1){
// return true;
//}
}
Your code seems fine, but can you check if it is passing the right data correctly try dumping it first. like the code above to check the data and the query result.
how many records do you have in the table
try this code
function validate($username,$password){
$this->select('*');
$this->from('table_name');
$this->db->where('username', $username);
$this->db->where('password', md5($password));
$query = $this->db->get();
if($query->num_rows() == 1){
return true;
}
}
pass your username and password to the function
What version of PHP are you running? I've had problems with PHP before where it returns TRUE for non returns.
Try adding return false to your validate() method:
function validate(){
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('users');
if($query->num_rows() == 1){
return true;
}
return false;
}
Also, Model's should be input agnostic. Definitely think about moving the $this->input->post() to the controller and pass the values in as parameters:
This allows you to use the validate() method in other scenarios. For example (re-validating the password when the username isn't supplied via post but via session).
Controller
function check(){
$this->load->model('loginModel');
$query = $this->loginModel->validate($this->input->post('username'), $this->input->post('password'));
if($query){
$data = array(
'username' => $this->input->post('username'),
'is_logged_in' => true
);
$this->session->set_userdata($data);
//redirecting to appropriate page
redirect('success');
}else{
$this->session->set_flashdata('loginCheck', 'Username/Password Combination Incorrect!');
redirect('login');
}
}
Model
function validate($username, $password){
$this->db->where('username', $username);
$this->db->where('password', md5($password));
$query = $this->db->get('users');
if($query->num_rows() == 1){
return true;
}
return false;
}