I have the following controller, which works fine in terms of validating the form and displaying the error.
The user attempts to login from: http://mydomain.com/index.php/login
However, when the user enters the wrong credentials, it loads the login view properly (as it should) and displays the error "Invalid Login" properly, but the URI in the browser window shows:
http://mydomain.com/index.php/verify_login (as opposed to the one above).
How do I redirect after the failed validation to just ".../index.php/login"
Here is the code in question:
<?
class Login extends CI_Controller {
public function index()
{
$this->load->helper(array('form'));
$this->load->helper('url');
$this->load->view('login_page');
}
function verify_login()
{
$this->load->model('login_model','',TRUE);
$this->load->library('form_validation');
$this->form_validation->set_error_delimiters('<label class="error">', '</label>');
$this->form_validation->set_rules('username', 'Login', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
if($this->form_validation->run() == FALSE)
{
//Field validation failed. User redirected to login page
$this->index();
}
else
{
//Go to private area
redirect('private_area', 'refresh');
}
}
function check_database($password)
{
//Field validation succeeded. Validate against database
$username = $this->input->post('username');
//query the database
$result = $this->login_model->login($username, $password);
if($result)
{
$sess_array = array();
foreach($result as $row)
{
$sess_array = array(
'id' => $row->id,
'username' => $row->username
);
$this->session->set_userdata('logged_in', $sess_array);
}
return TRUE;
}
else
{
$this->form_validation->set_message('check_database', '<div class="alert alert-error">Invalid username or password</div>');
return false;
}
}
}
UPDATE: Cyrode's solution fixes that issue, but now it's not displaying the "Invalid Login" error message (set_message) from the check_database() function on loading the view. Any ideas what I am doing wrong here?
UPDATE 2:
Here you go:
class Login extends CI_Controller {
public function index()
{
$this->load->helper(array('form'));
$this->load->helper('url');
$this->load->view('login_page');
$this->load->model('login_model','',TRUE);
$this->load->library('form_validation');
$this->form_validation->set_error_delimiters('<label class="error">', '</label>');
$this->form_validation->set_rules('username', 'Login', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
if($this->form_validation->run() == FALSE)
{
$this->load->view('login_page');
}
else
{
//Go to private area
redirect('private_area', 'refresh');
}
}
function check_database($password)
{
//Field validation succeeded. Validate against database
$username = $this->input->post('username');
//query the database
$result = $this->login_model->login($username, $password);
if($result)
{
$sess_array = array();
foreach($result as $row)
{
$sess_array = array(
'id' => $row->id,
'username' => $row->username
);
$this->session->set_userdata('logged_in', $sess_array);
}
return TRUE;
}
else
{
$this->form_validation->set_message('check_database', '<div class="alert alert-error">Invalid username or password</div>');
return false;
}
}
}
Just do all of your form processing in the index() method.
public function index()
{
$this->load->model('login_model','',TRUE);
$this->load->library('form_validation');
$this->load->helper('url');
$this->form_validation->set_error_delimiters('<label class="error">', '</label>');
$this->form_validation->set_rules('username', 'Login', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
if ($this->form_validation->run() == false)
{
$this->load->view('login_page');
}
else
{
redirect('private_area', 'refresh');
}
}
Then, make sure your form's action goes to login and not verify_login.
By the way, don't xss_clean password fields, because it may change their value, and your user will be left wondering why their perfectly-typed password isn't working. You should be hashing the password, anyway, which will eliminate security issues.
Related
I have a registration system with CodeIgniter but currently I have no control on email and password. A user can register without putting email or a password.
I have an index() and a register_user function() in my Signup controller but the redirection is not working on success
At the moment I have the following code:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Signup extends CI_Controller {
public function index()
{
if(!isset($this->session->userdata['sessiondata']['user_id']))
{
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->form_validation->set_rules('email', 'Email', 'required');
$this->form_validation->set_rules('password', 'Password', 'required',
array('required' => 'You must provide a %s.')
);
if ($this->form_validation->run() == FALSE)
{
$this->load->view('signup-view');
}
else
{
$this->load->view('home-view');
}
}else{
if (intval($this->session->userdata['sessiondata']['user_type']) == 1) {
redirect(base_url().'admin');
} else {
redirect(base_url().'home');
}
}
}
function register_user(){
$this->load->library('custom_u_id');
$data = array('user_id' => $this->custom_u_id->construct_id('USR'),
'name' => $_POST['name'],
'email' => $_POST['email'],
'password' => $_POST['password'],
);
$this->load->model('signup_model');
$user_details = $this->signup_model->register_user($data);
if (!empty($user_details)){
$user_data = array
(
'user_id' => $user_details['user_id'],
'email' => $user_details['email'],
'name' => $user_details['name'],
'user_type' => $user_details['user_type'],
);
$this->session->set_userdata('sessiondata',$user_data);
if (intval($user_details['user_type']) == 1) {
redirect(base_url().'admin');
} else {
redirect(base_url().'home');
}
} else{
redirect('login');
}
}// end of function login
}
Do I need to put the form_validation in my register_user function ? I've tried but the check doesn't work anymore...
I also have in my view the <?php validation_errors();?> function and the <?php form_open(base_url().'signup');?>
looking by your code, i think you want to put register_user() inside validation TRUE since the query is in that method.
so try to change your code to this :
public function index()
{
if(!isset($this->session->userdata['sessiondata']['user_id']))
{
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->form_validation->set_rules('email', 'Email', 'required');
$this->form_validation->set_rules('password', 'Password', 'required',
array('required' => 'You must provide a %s.')
);
if ($this->form_validation->run() == FALSE)
{
$this->load->view('signup-view');
}
else
{
$this->register_user();
}
}else{
if (intval($this->session->userdata['sessiondata']['user_type']) == 1) {
redirect(base_url().'admin');
} else {
redirect(base_url().'home');
}
}
}
and be sure your form action to like this :
<form action="<?=site_url('/signup/index');?>">
# table name is users#
## model name is user_model##
### controller name is get_password ###
issue - no change on the password , remain as old
> model(user_model)
public function updatePassword($email,$data)
{
$data1=array('password'=>$data);
$this->db->where('email','$email');
$this->db->update('users','password');
$success = $this->db->affected_rows();
if(!$success){
error_log('Unable to updatePassword');
return false;
}
return true;
}
> controller(get_password)
public function index($rs=FALSE)
{
$this->load->database();
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->load->model('user_model');
$this->load->library('session');
$this->form_validation->set_rules('email', 'Email', 'required|valid_email');
$this->form_validation->set_rules('password', 'password', 'required');
$this->form_validation->set_rules('passconf', 'password Confirmation', 'required|matches[password]');
if ($this->form_validation->run() == FALSE)
{
echo form_open();
$this->load->view('users/fpre');
}
else
{
$data = array(
'password' => md5($this->input->post('password')),
);
$email =array(
'email' =>$this->input->post('email')
);
$this->user_model->updatePassword($data,$email);
echo "Congratulations!";
}
}
it shows no error but the password is not updated remain same at users table..i can't find the problem is, please help me to find it out ..
Controller (get_password):
public function index() {
$this->load->database();
$this->load->helper(array('form', 'url'));
$this->load->library(array('form_validation', 'session'));
$this->load->model('user_model');
$this->form_validation->set_rules('email', 'Email', 'required|valid_email');
$this->form_validation->set_rules('password', 'Current password', 'required');
$this->form_validation->set_rules('newpassword', 'password', 'required');
$this->form_validation->set_rules('newpassconf', 'password Confirmation', 'required|matches[newpassword]');
$email = $this->input->post('email');
$success = false;
$msg = '';
if ($this->form_validation->run() !== FALSE) {
$password = md5($this->input->post('password'));
if ($this->user_model->checkPassword($email, $password)){
$newpassword = md5($this->input->post('newpassword'));
if ($this->user_model->updatePassword($email, $newpassword)){
$success = true;
}else{
$msg = 'Unable to updatePassword';
}
}else{
$msg = 'Incorrect password';
}
}
if ($success){
echo 'Congratulations!';
}else{
$this->load->view('users/fpre', array(
'email'=>$email,
'msg'=>$msg
));
}
}
Model (user_model):
public function checkPassword($email, $password) {
$users = $this->db->get_where('users', array('email'=>$email))->row();
return $users->password === $password;
}
public function updatePassword($email, $newpassword) {
$data = array('password' => $newpassword);
$this->db->where('email', $email)
->update('users', $data);
$success = $this->db->affected_rows();
if (!$success) {
error_log('Unable to updatePassword');
}
return $success;
}
View (users/fpre):
if ($msg){
echo 'Message: '.$msg;
}
echo form_open();
echo form_input('email', $email);
echo form_password('password');
echo form_password('newpassword');
echo form_password('newpassconf');
echo form_submit('', 'Enviar');
echo form_close();
Changes to compare:
Your model function shows the parameters are expected to be email and then password, but your controller is passing them through be other way around.
$this->user_model->updatePassword($data,$email);
Should be:
$this->user_model->updatePassword($email,$data);
I also believe the data needs to be passed differently. The where() function expects either where(field_name, value) or where(array(field_name => value)). Looking at your code, you seem to be mixing both of those.
Using set() should help with this too, so instead of
$data1=array('password'=>$data);
$this->db->where('email','$email');
$this->db->update('users','password');
Use:
$this->db->set($data);
$this->db->where($email);
$this->db->update('users');
Note: code untested.
I believe this line $this->db->update('users','password'); should be $this->db->update('users', $data);.
Right now you are not passing the password to the update function. You are passing the string "password".
May I know why my insert function will display the validation message first even i do not insert any data yet.once I enter the insert page,it display the validation message.i have try to move the form validation to the below of the if else statement,it do not show the validation message but it cannot submit the data to the database. below is my controller function.
public function Insert_Result($Course_ID=null)
{
$this-load-helper('form');
$this-load-library('form_validation');
/* Model */
$this-load-model('ResultEvaluation');
/* Session */
$session_data = $this-session-userdata('logged_in');
$data['Ins_ID'] = $session_data['Ins_ID'];
$this-session-set_userdata($data);
/* Form Validation*/
//$this-form_validation-set_rules('Course_ID', 'Course_ID', 'required');
$this-form_validation-set_rules('Matric_No', 'Matric_No','required');
$this-form_validation-set_rules('Student_Name', 'Student_Name', 'required');
$this-form_validation-set_rules('Result_Mark_1', 'Result_Mark_1', 'required');
$this-form_validation-set_rules('Result_Mark_2', 'Result_Mark_2', 'required');
$this-form_validation-set_rules('Result_Mark_3', 'Result_Mark_3', 'required');
$this-form_validation-set_rules('Result_Mark_4', 'Result_Mark_4', 'required');
$this-form_validation-set_rules('Result_Mark_5', 'Result_Mark_5', 'required');
if ($this-form_validation-run() === FALSE)
{
$data['results'] = $this-ResultEvaluation-get_record();
$data['query'] = $this-ResultEvaluation-view($Course_ID);
$this-load-view('templates/header');
$this-load-view('Insert_Result', $data);
$this-load-view('templates/footer');
}
else
{
$my_action = $this-input-post('submit');
if ($my_action == 'Submit')
{
$this-ResultEvaluation-insert_record($Course_ID);
redirect('Result_Evaluation/Student_Result_List/'.$Course_ID,
'refresh');
}
}
$my_action = $this-input-post('submit');
if ($my_action == 'Cancel')
{
redirect('Result_Evaluation/Student_Result_List/'.$Course_ID,
'refresh');
}
}
I think this should help
public function index(){
$this->load->library(array('form_validation'));
$this->form_validation->set_rules('field_name', 'Text','trim|required');
if($this->form_validation->run()==TRUE){
// do something
}else{
// validation error
redirect("to/your/controller");
break;
}
}
for more information visit : http://ellislab.com/codeigniter/user-guide/libraries/form_validation.html
I just create login class that check the valid user, after that user enter in his/her home section. But now i need to change the destination of the user's home conditionally, Unable to
attach switch case in url redirection.
Note: I think varibale not properly passed in function.Plz help me
My code as Follow:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class VerifyLogin extends CI_Controller {
function __construct()
{
parent::__construct();
$this->load->model('userp','',TRUE);
}
function index($dest)
{
$this->load->view('header');
//This method will have the credentials validation
$this->load->library('form_validation');
$this->form_validation->set_rules('email', 'Email', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');
if($this->form_validation->run() == FALSE)
{
//Field validation failed. User redirected to login page
$data['msg'] = "";
$this->load->view('login',$data);
}
$this->load->view('footer');
}
function check_database()
{
//Field validation succeeded. Validate against database
$email = $this->input->post('email');
//query the database
$password= $this->input->post('password');
$result = $this->userp->login($email,$password);
if($result!==FALSE)
{
$sess_array = array();
foreach($result as $row)
{
$sess_array = array(
'id' => $row->id,
'username' =>$row->email,
'fname' =>$row->first_name,
'lname' =>$row->last_name,
'pic'=>$row->pic
);
$this->session->set_userdata('logged_in',$sess_array);
}
switch($dest){
case 'NULL':{
redirect('home','refresh');
break;
}
case 'part1':{
redirect('subhome','refresh');
break;
}
case 'part2':{
redirect('subhome1','refresh');
break;
}
default :{
redirect('mainhome','refresh');
break;
}
}
return TRUE;
}
else
{
$data['msg'] = "Something Wrong Username/Password";
$this->load->view('login',$data);
//return false;
}
}
};
?>
The problem is that you are passing $dest to the index() function but you are attempting to use it in your check_database() function. So either you want to move your switch into the index function or you want to pass $dest to check_database() like
function check_database($dest)
{
//You can use $dest in here
}
If you want to pass an extra parameter to your callback function you need to put it in brackets like
$this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database[parameter]');
or
$this->form_validation->set_rules("password", "Password", "trim|required|xss_clean|callback_check_database[$parameter]");
I am trying to register a user with Ion Auth, but the register() function does not seem to report any error messages. How does one register with Ion Auth? I've already read various tutorials like this one and this one (and the documentation), but they do not seem to be working.
function register()
{
// do not allow registration if logged in
if ($this->ion_auth->logged_in())
{
redirect('/');
}
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$this->form_validation->set_rules('name', 'Name', 'trim|required|xss_clean');
$this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email|callback_email_check');
$this->form_validation->set_rules('email2', 'Email Confirmation', 'trim|required|valid_email|matches[email]');
$this->form_validation->set_rules('password', 'Password', 'trim|required|md5');
if ($this->form_validation->run() == FALSE)
{
$this->data['message'] = (validation_errors()) ? validation_errors() : $this->session->flashdata('message');
$this->load->view('header');
$this->load->view('register', $this->data);
$this->load->view('footer');
}
else
{
$username = $this->input->post('email');
$password = $this->input->post('password');
$email = $username;
$additional_data = array(
'first_name' => $this->input->post('name'),
'last_name' => '',
);
if (!$this->ion_auth->email_check($email))
{
$group_name = 'users';
$uId = $this->ion_auth->register($username, $password, $email, $additional_data, $group_name);
if ($uId == FALSE)
{
$this->session->set_flashdata('message', $this->ion_auth->errors());
redirect("home/register", 'refresh');
}
else
{
redirect('/'); // registration success
}
}
}
}
function email_check($str)
{
if ($this->ion_auth->email_check($str))
{
$this->form_validation->set_message('email_check', 'This email is already registered.');
return FALSE;
}
return TRUE;
}