-
kirasiris
Junior Web Developer
-
Posts: 62
Threads: 26
Joined: Dec 2016
Reputation:
0
So I'm not the type of guy who likes to type buch of line of non-sense. I will go straight to the reason for which I'm writing this post.
I'm working on a function in which the user logs in and can access to its views but only if his/her account is activated. So far I think it should already work but it does not.
Here is my function on my controller:
PHP Code: public function login(){
//Check if logged in
$this->User_model->session_comprobate_member();
//Set rules
$this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[4]');
$this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[4]');
if ($this->form_validation->run() == FALSE) {
//Load View Into Template
$this->template->load('public', 'login', 'users/login');
} else {
// Get Post Data
$username = $this->input->post('username');
$password = $this->input->post('password');
$active = $this->input->post('active', 0);
$enc_password = md5($password);
$user_id = $this->User_model->login($username, $enc_password, $active);
/////// Check if banned
if($user_id->active == 0){
// Create Error
$this->session->set_flashdata('error', 'This account is suspended');
// Redirect to pages
redirect('dashboard/login');
} else {
/////
//Check if variables are true
if ($user_id->active == 1) {
$user_data = array(
'user_id' => $user_id,
'username' => $username,
'is_member' => true
);
// Set Session Data
$this->session->set_userdata($user_data);
// Create Message
$this->session->set_flashdata('success', 'You are logged in');
// Redirect to pages
redirect('dashboard');
} else {
// Create Error
$this->session->set_flashdata('error', 'Invalid Login');
// Redirect to pages
redirect('dashboard/login');
}
}
}
}
Right now the only thing it does is trowing me the error which I created with the set_flashdata "This account has been suspended."
Here is where I control whether or not an account is suspended(edit.php):
PHP Code: <h2 class="page-header">Edit User</h2>
<!--Display form validation errors-->
<?php echo validation_errors('<p class="alert alert-dismissable alert-danger">'); ?>
<?php echo form_open('admin/users/edit/'.$item->id); ?>
<!-- Is it Actived? -->
<?php
if($item->active == 1){
$yes = TRUE;
$no = FALSE;
} else {
$yes = FALSE;
$no = TRUE;
}
?>
<div class="form-group">
<?php echo form_label('Activate', 'active'); ?>
<?php echo form_radio('active', 1, $yes); ?> Yes
<?php echo form_radio('active', 0, $no); ?> No
</div>
<?php echo form_submit('mysubmit', 'Update User', array('class' => 'btn btn-primary')); ?>
<?php echo form_close(); ?>
and here is the view in which I register a new account:
PHP Code: <h2 class="page-header">Add User</h2>
<!--Display form validation errors-->
<?php echo validation_errors('<p class="alert alert-dismissable alert-danger">'); ?>
<?php echo form_open('admin/users/add'); ?>
<!-- Is it Actived? -->
<div class="form-group">
<?php echo form_label('Activate?', 'active'); ?>
<?php echo form_radio('active', 1, TRUE); ?> Yes
<?php echo form_radio('active', 0, FALSE); ?> No
</div>
<?php echo form_submit('mysubmit', 'Add User', array('class' => 'btn btn-primary')); ?>
<?php echo form_close(); ?>
Can somebody help me; am I missing something?,
Thanks.
I do Front-End development most of the time
-
ivantcholakov
Senior Member
-
Posts: 668
Threads: 17
Joined: Oct 2014
Reputation:
37
At first glance I've got a problem with this:
Code: $active = $this->input->post('active', 0);
I think the database knows the active status as a fact, why do you pass it through POST where it could manipulated.
The second problem:
Code: $enc_password = md5($password);
Everybody knows that this is a problem, you know this is a problem, don't ask me why. :-)
Third:
Code: $user_id = $this->User_model->login($username, $enc_password, $active);
Hm, I would pass only a username and a password and nothing more. This method returns the user id, but maybe it would be better, if the method deals inside its body about storing the session data on success. The name "login" of the method is semantically misleading, because you save the necessary session data not within its body, but in the controller. Also, you may add another method $this->User_model->current_user_id() which would return the id of the logged user at any needed place. Let the method login return an error code instead of the user id, i.e.:
0 - No error, logged in;
1 - Wrong username/password;
2 - The user is not activated;
......
Using this return result would help you to construct your feedback message in the login form.
You say that you are learning. From where? What led you to this piece of code?
-
kirasiris
Junior Web Developer
-
Posts: 62
Threads: 26
Joined: Dec 2016
Reputation:
0
12-08-2017, 05:06 AM
(This post was last modified: 12-08-2017, 05:17 AM by kirasiris.)
(12-08-2017, 04:02 AM)ivantcholakov Wrote: At first glance I've got a problem with this:
Code: $active = $this->input->post('active', 0);
I think the database knows the active status as a fact, why do you pass it through POST where it could manipulated.
The second problem:
Code: $enc_password = md5($password);
Everybody knows that this is a problem, you know this is a problem, don't ask me why. :-)
Third:
Code: $user_id = $this->User_model->login($username, $enc_password, $active);
Hm, I would pass only a username and a password and nothing more. This method returns the user id, but maybe it would be better, if the method deals inside its body about storing the session data on success. The name "login" of the method is semantically misleading, because you save the necessary session data not within its body, but in the controller. Also, you may add another method $this->User_model->current_user_id() which would return the id of the logged user at any needed place. Let the method login return an error code instead of the user id, i.e.:
0 - No error, logged in;
1 - Wrong username/password;
2 - The user is not activated;
......
Using this return result would help you to construct your feedback message in the login form.
You say that you are learning. From where? What led you to this piece of code?
Yes, I noticed that few hours ago. I actually got it confused with another function; I wanted to add the active,0 to an "add" function.
I figured out how to make it work. Here is my new login function(with this I can control what users can access to their views using a "super account (is_admin)":
PHP Code: public function login(){
//Check if logged in
$this->User_model->session_comprobate_member();
//Set rules
$this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[4]');
$this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[4]');
if ($this->form_validation->run() == FALSE) {
//Load View Into Template
$this->template->load('public', 'login', 'users/login');
} else {
// Get Post Data
$username = $this->input->post('username');
$password = $this->input->post('password');
$enc_password = md5($password);
$data_user = $this->User_model->login($username, $enc_password);
/////// Check if banned
if($data_user == true){
$user_id = $this->User_model->get_username($username);
$users = $this->User_model->get_userid($user_id);
if($users->active == 0){
// Create Error
$this->session->set_flashdata('error', 'This account is suspended');
// Redirect to pages
redirect('dashboard/login');
} else {
//Check if variables are true
$user_data = array(
'user_id' => $user_id,
'username' => $username,
'is_member' => true
);
// Set Session Data
$this->session->set_userdata($user_data);
// Create Message
$this->session->set_flashdata('success', 'You are logged in');
// Redirect to pages
redirect('dashboard');
}
} else {
// Create Error
$this->session->set_flashdata('error', 'Invalid Login');
// Redirect to pages
redirect('dashboard/login');
}
}
}
I do Front-End development most of the time
|
