I am using phpass for my login in codeigniter. But can not log on, there are know errors showing up I am not sure what the go is. Username and password correct. I have the library user in my system folder because I use multiple ci installs. I am just unsure why not letting me login. Even though username and password correct
Currently know errors are showing.
Library File
public function __construct() {
$this->CI =& get_instance();
$this->CI->load->database();
// Libraries
$this->CI->load->library('session');
$this->CI->load->library('security/rwdsecurity');
// Models
$file = dirname(FCPATH) . '/admin/application/modules/backend/models/user/user_model.php';
$file = dirname(FCPATH) . '/install/application/modules/setup/models/install_model.php';
if(file_exists($file)) {
return true;
} else {
echo "Can't find file located in: " . $file;
}
}
public function login($username, $password) {
$username = $this->CI->db->where('username', $this->CI->input->post('username'));
$password = $this->CI->db->where('password', $this->CI->input->post('password'));
$user_query = $this->CI->db->get('user');
if($user_query->num_rows() == 1) {
$data = array(
'username' => $this->CI->input->post('username'),
'isLogged' => true
);
$this->CI->sessions->set_userdata('user', $data);
$this->CI->rwdsecurity->check_password($password, $stored_hash);
return true;
} else {
return false;
}
}
Controller
public function index() {
if($this->session->userdata('isLogged') == false) {
$this->login();
} else {
redirect('dashboard');
}
}
function login_credentials() {
$this->form_validation->set_rules('username', 'Username', 'required|trim|min_length[3]|max_length[12]|xss_clean|callback_validate');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
if ($this->form_validation->run($this) == false) {
$data['action'] = site_url('login/login_credentials');
$this->load->view('template/common/login', $data);
} else {
$is_valid = $this->user->login($username, $password);
if($is_valid) {
$data = array(
'username' => $username,
'isLogged' => true
);
$this->session->set_userdata($data);
}
redirect('dashboard');
}
}
function validate($username, $password) {
if($this->user->login($username, $password)) {
return true;
} else {
$this->form_validation->set_message('validate', "Incorrect Username Or Password");
return false;
}
}
Related
The session is not set in the this case. It works earlier for me in an other project but now I am facing problem
This is my controller:
class Login extends CI_Controller {
public $username;
public $status;
public $user_id;
public $type = 0;
function index() {
$this->load->library('session');
$this->load->helper('url');
$this->load->helper(array('form', 'url'));
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('username', 'Username', 'required|callback_check_details');
$this->load->library('form_validation');
if ($this->session->userdata('loggedin') == 1) {//already done
redirect('/Exams');
} else if ($this->form_validation->run() == FALSE) {
$this->load->view('Login_form');
} else {
if (isset($_REQUEST['redirect']) && $_REQUEST['redirect'] != "") {//anyone wants to get back
redirect($_REQUEST['redirect']);
} else {
redirect('/Exams'); //otherwise
}
}
}
function check_details() {
$username = $this->db->escape($this->input->post('username'));
$this->username = $username;
$password = $this->input->post('password');
$query = $this->db->query("select * from users where username=$username or email=$username");
if ($query->num_rows() > 0) {
$row = $query->row();
if ($row->active == 0 || $row->active == 2) {
$this->form_validation->set_message('check_details', 'Your account has not activated yet. Please Check your email');
return FALSE;
}
if ($this->bcrypt->check_password($password, $row->password)) {
$this->user_id = $row->user_id;
$this->type = $row->type;
$this->status = 1;
$this->session->set_userdata('loggedin', 1);
$this->session->set_userdata('username', $this->username);
$this->session->set_userdata('user_id', $this->user_id);
$this->session->set_userdata('type', $this->type);
$this->session->set_userdata('full_name', $row->full_name);
$this->session->set_userdata('roll_number', $row->roll_number);
$this->session->set_userdata('phone_number', $row->phone_number);
$this->session->set_userdata('profile_picture', $row->profile_picture);
$this->session->set_userdata('level', $this->permissions->get_level());
$this->logger->insert('Logged in.', TRUE, TRUE);
return TRUE;
}
}
$this->form_validation->set_message('check_details', 'The username or password is incorrect ');
return FALSE;
}
}
When I check session in check_detail function it always print session is set
if($this->session->userdata('loggedin')!=true){
echo "session is not set";
} else {
echo "session is set";
}
but when I check in index it always print session is not set
and I also tried to set session in index function but still facing same problem
You should include session library in autoload.php or session library in check_details function also. try this code
<?php
class Login extends CI_Controller {
public $username;
public $status;
public $user_id;
public $type = 0;
function index() {
$this->load->library('session');
$this->load->helper('url');
$this->load->helper(array('form', 'url'));
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('username', 'Username', 'required|callback_check_details');
$this->load->library('form_validation');
if ($this->session->userdata('loggedin') == 1) {//already done
redirect('/Exams');
} else if ($this->form_validation->run() == FALSE) {
$this->load->view('Login_form');
} else {
if (isset($_REQUEST['redirect']) && $_REQUEST['redirect'] != "") {//anyone wants to get back
redirect($_REQUEST['redirect']);
} else {
redirect('/Exams'); //otherwise
}
}
}
function check_details() {
$this->load->library('session');
$username = $this->db->escape($this->input->post('username'));
$this->username = $username;
$password = $this->input->post('password');
$query = $this->db->query("select * from users where username=$username or email=$username");
if ($query->num_rows() > 0) {
$row = $query->row();
if ($row->active == 0 || $row->active == 2) {
$this->form_validation->set_message('check_details', 'Your account has not activated yet. Please Check your email');
return FALSE;
}
if ($this->bcrypt->check_password($password, $row->password)) {
$this->user_id = $row->user_id;
$this->type = $row->type;
$this->status = 1;
$this->session->set_userdata('loggedin', 1);
$this->session->set_userdata('username', $this->username);
$this->session->set_userdata('user_id', $this->user_id);
$this->session->set_userdata('type', $this->type);
$this->session->set_userdata('full_name', $row->full_name);
$this->session->set_userdata('roll_number', $row->roll_number);
$this->session->set_userdata('phone_number', $row->phone_number);
$this->session->set_userdata('profile_picture', $row->profile_picture);
$this->session->set_userdata('level', $this->permissions->get_level());
$this->logger->insert('Logged in.', TRUE, TRUE);
return TRUE;
}
}
$this->form_validation->set_message('check_details', 'The username or password is incorrect ');
return FALSE;
}
}
I can hash the password during user registration,but comparing them from the user input during login with the one in the database isn't working.getting errors.
This is the insert for registration.Kindly show me where i'm going wrong
public function insert_client($codeDigits)
{
$options = ['cost'=>12];
$response = $this->taken_email($_POST['Email']);
if($response){
$returned = false;
}else{
$this->FirstName = $_POST['FirstName'];
$this->LastName = $_POST['LastName'];
$this->Email = $_POST['Email'];
$this->Role_Id = 2;
$this->Password = password_hash($_POST['Password'],PASSWORD_BCRYPT,$options);
$this->PhoneNo = $_POST['PhoneNo'];
$this->confirmCode = $codeDigits;
$this->db->insert('users', $this);
$returned = true;
}
return $returned;
}
This is the login model,the query for login
public function login_model2($email,$password)
{
$options = ['cost'=>12];
$this->db->select('*');
$this->db->from('users');
$this->db->where('Email',$email);
//$this->db->where('Password',$password);
$this->db->where('Role_Id !=',1);
$query = $this->db->get();
if($query->num_rows() > 0)
{
$data = $query->row();
// storing the results in the variable $data
if(password_verify($password,$data->password))
{
return true;
}
else
{
return false;
}
}
else
{
return false;
}
}
This is the login controller function when logging in
public function post_login2()
{
$this->form_validation->set_rules('Email', 'Email', 'trim|required|min_length[6]');
$this->form_validation->set_rules('Password', 'Password', 'trim|required|min_length[6]');
if($this->form_validation->run() == TRUE ){
if($this->Users_model->login_model2($_POST['Email'],$_POST['Password']))
{
//test for redirect
if ($_SESSION['role'] == 2) {
redirect("Client/welcome");
} else if ($_SESSION['role'] == 3) {
redirect("Pro/welcome");
}
// test for redirect
}else{
//
$this->session->set_flashdata('err', true);
redirect("Welcome/login");
}
}else{
$this->login();
}
}
Simply change $data->password to $data->Password
In model login_model2(), password_verify should be like this :
if(password_verify($password,$data->Password))
{
return true;
}
else
{
return false;
}
I am new to codeigniter, I am trying to login after registration... I enter correct user name and password, but error is "No such account exists in database" which set message in else part if its false.
For checking I used echo num_rows() it's showing 0 (which is wrong), total 5 records are there but echo num_fields is showing 8 fields (which is correct).
controller login code:
public function login() {
$this->form_validation->set_rules('username', 'User Name', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() === FALSE) {
$this->load->view('login');
} else {
//get user name
$username = $this->input->post('username');
//get encrypt password
$password = md5($this->input->post('password'));
//login user
$user_id = $this->auth_model->login($username, $password);
if ($user_id) {
//create session
$user_data = array(
'user_id' => $user_id,
'username' => $username,
'logged_in' => true
);
$this->session->set_userdata($user_data);
//set message
$this->session->set_flashdata("success", "your are logged in");
redirect('index.php/users/profile');
} else {
$this->session->set_flashdata("error", "No such account exists in database");
redirect('index.php/auth/login');
}
}
}
model login code:
public function login($username, $password) {
$this->db->where('username', $username);
$this->db->where('password', $password);
$result = $this->db->get('tblLogin');
if ($result->num_rows() == 1) {
return $result->row(0)->id;
} else {
return false;
}
}
public function login($username, $password) {
$this->db->where('username', $username);
$this->db->where('password', $password);
$result = $this->db->get('tblLogin');
$ret = $result->row();
if ($ret) {
return $ret;
} else {
return false;
}
}
row() function get is single and check in if condition.
print your query using $this->db->last_query();
and check your mysql database.
You can try this solution for your problem :
Changes your modal function:
Modal.php
public function login($username, $password) {
$this->db->where('username', $username);
$this->db->where('md5(password)', $password);
$result = $this->db->get('tblLogin');
$ret = $result->row();
if (!empty($ret)) {
return $ret;
} else {
return false;
}
}
Please changes your controller file.
LoginController.php
public function login() {
$this->form_validation->set_rules('username', 'User Name', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() === FALSE) {
$this->load->view('login');
} else {
//get user name
$username = $this->input->post('username');
//get encrypt password
$password = $this->input->post('password');
//login user
$user_id = $this->auth_model->login($username, $password);
if ($user_id) {
//create session
$user_data = array(
'user_id' => $user_id,
'username' => $username,
'logged_in' => true
);
$this->session->set_userdata($user_data);
//set message
$this->session->set_flashdata("success", "your are logged in");
redirect('index.php/users/profile');
} else {
$this->session->set_flashdata("error", "No such account exists in database");
redirect('index.php/auth/login');
}
}
}
Controller:
// log in user
public function login() {
$this->form_validation->set_rules('username', 'User Name', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() === FALSE) {
$this->load->view('users/login');
} else {
//get user name
$username = $this->input->post('username');
//get encrypt password
$password = $this->input->post('password');
//login user
$user_id = $this->auth_model->login($username, $password);
if ($user_id) {
//create session
$user_data = array(
'user_id' => $user_id,
'username' => $username,
'logged_in' => true
);
$this->session->set_userdata($user_data);
//set message
$this->session->set_flashdata("loggedin", "your are logged in");
redirect('dashboard');
} else {
$this->session->set_flashdata("log_failed", "Login invalid");
redirect('login');
}
}
}
Model:
public function login($username, $password) {
$this->db->where('username', $username);
$result = $this->db->get('tbllogin');
$db_password = $result->row(0)->password;
if (password_verify($password,$db_password)) {
return $result->row(0)->id;
} else {
return false;
}
}
I don't know if this is a problem with Codeigniter or not but password_verify works on my other website (which doesn't have any frameworks). However in Codeigniter password_verify always returns false, despite the password being correct. I have yet to find a solution, here is my code:
public function login()
{
$this->form_validation->set_rules('username','Username','required|trim|max_length[50]|alpha_numeric');
$this->form_validation->set_rules('password','Password','required|trim');
if($this->form_validation->run() == false)
{
$data['errors'] = validation_errors();
$this->load->view('templates/header');
$this->load->view('user/login',$data);
} else {
$username = $this->input->post('username',true);
$password = $this->input->post('password');
$query = $this->db
->select("*")
->from("users")
->where("username", $username)
->get();
if($query->num_rows() != 1) throw new UnexpectedValueException("Wrong user!");
$row = $query->row();
if(!password_verify($password,$row->password)) throw new UnexpectedValueException('22' . $row->password);
}
public function register()
{
//fields username,email,password1,password2
// $this->load->view('templates/header');
// $this->load->view('user/register');
$this->form_validation->set_rules('username','Username','required|max_length[50]|is_unique[users.username]|trim|alpha_numeric');
$this->form_validation->set_rules('email','Email', 'trim|required|valid_email|is_unique[users.email]');
$this->form_validation->set_rules('password1', 'Password', 'required|trim');
$this->form_validation->set_rules('password2','Confirm password','required|matches[password1]');
if($this->form_validation->run() == false)
{
$data['errors'] = validation_errors();
$this->load->view('templates/header');
$this->load->view('user/register',$data);
} else {
$username = $this->input->post('username',true);
$email = $this->input->post('email',true);
$password = $this->input->post('password');
if($this->user_model->create_user($username,$email,$password))
{
echo $password;
}
}
}
and whenever I enter the correct password the unexpected value exception is thrown:
I have this code while registering the form:
function register()
{
$this->form_validation->set_rules('txt_username', 'Username', 'trim|required');
$this->form_validation->set_rules('cpassword', 'Confirm Password', 'trim|required|matches[txt_password]|md5');
$this->form_validation->set_rules('txt_password', 'Password', 'trim|required|md5');
//other codes
$data = array('username' => $this->input->post('txt_username'),
'password' => $this->input->post('txt_password')
);
// insert form data into database
if ($this->account_model->insertUser($data));
{
$this->session->set_flashdata('msg','successfully registered!');
redirect('account/register');
}
}
the password matches here.
but when i use same data to username and password to login: it displays invalid username or password:
the login function is as follows:
function login()
{
//set validations
$this->form_validation->set_rules("txt_username", "Username", "trim|required");
$this->form_validation->set_rules("txt_password", "Password", "trim|required");
$username = $this->input->post("txt_username");
$password = $this->input->post("txt_password");
$usr_result = $this->account_model->get_user($username, $password);
if ($usr_result > 0) //active user record is present
{
$this->account_model->login();
$data['message'] ="You are logged in!";
}
else
{
$this->session->set_flashdata('msg', 'Invalid username and password!');
}
}
}
I have this model for inserting registration form data to database:
function insertUser($data)
{
return $this->db->insert('user', $data);
}
and i have this model to retreive data to login:
function get_user($usr, $pwd)
{
$sql = "select * from user where username = '" . $usr . "' and password = '".md5($pwd). "'";
$query = $this->db->query($sql);
return $query->num_rows();
}
The best method instead of MD5 is use base64 in Codeigniter. That means decode() and encode().
Encoding
$password = 'mYp#ssw0rd'; // or $password
$encriptKey = 'super-secret-key';
$encrypted_string = $this->encrypt->encode($password, $encriptKey);
Decoding
$password = 'mYp#ssw0rd'; // or $password
$encriptKey = 'super-secret-key';
$decrypted_string = $this->encrypt->decode($password, $encriptKey);
In Addition
Load library as well $this->load->library('encrypt');
You could do this in your model:
public function login()
{
$user = $this->get_by(array(
'email' => $this->input->post('email'),
'password' => $this->hash($this->input->post('password')),
), TRUE);
if (count($user))
{
// Log in user
$data = array(
'name' => $user->name,
'email' => $user->email,
'id' => $user->id,
'user_type'=>$user->user_type,
'emp_id'=>$user->emp_id,
'loggedin' => TRUE,
);
$this->session->set_userdata($data);
return TRUE;
}
return FALSE;
}
public function logout ()
{
$this->session->sess_destroy();
$this->session->unset_userdata('logged_in','id','name','email');
}
public function loggedin ()
{
return (bool) $this->session->userdata('loggedin');
}
public function hash ($string)
{
return hash('sha512', $string . config_item('encryption_key'));
}
And can let a user login. Use CI Session for login which would be a better option.
Read More here
For Controller Do this:
public function login()
{
$dashboard ='admin/dashboard';
$rules = $this->secure_m->rules;
$this->form_validation->set_rules($rules);
if ($this->form_validation->run() == TRUE)
{
if ($this->secure_m->login() == TRUE)
{
$this->secure_m->loggedin() == FALSE || redirect($dashboard);
redirect($dashboard);
}
else
{
$this->session->set_flashdata('error', 'That email/password combination does not exist');
redirect('secure/login', 'refresh');
}
}
$this->load->view("Your View");
}
Please store encrypted password at insert time.
for example:
$data['password'] = md5($data['password']);
I think it will resolve your problem.
Other code is working fine for me.