Login

wolfgang1983 · 09-01-2016, 03:27 AM

I agree with @Diederik

I would use something like php password_hash the password column must be varchar 255

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/function.password-verify.php

Controller

Filename Example.php

PHP Code:
<?php

class Example extends CI_Controller {

    public function __construct() {
        parent::__construct();
        $this->load->library('form_validation');
        $this->load->model('user_model');
    }

    public function index() {
        // You can place the data variables above the form like here

        $data['some_data'] = 'Hello';

        $this->form_validation->set_rules('username', 'Username', 'trim|required');
        $this->form_validation->set_rules('password', 'Password', 'trim|required|callback_validate[password]');

        if ($this->form_validation->run() == false) {

            $this->load->view('header'); // You can add the $data variable to header if you which to pass any thing through to header view.
            $this->load->view('login', $data);
            $this->load->view('footer');

        } else {

            // Set the session data 

            redirect('success_controller');
        }

    }

    public function validate($str) {
        $password = $str;
        $stored_password = $this->user_model->stored_password($this->input->post('username')); 
        
        if (password_verify($password, $stored_password)) {
            return true;
        } else {
            $this->form_validation->set_message('validate', 'Opps login is incorrect!');
            return false;
        }
    }
} 

Model

Filename: User_model.php

Also I have noticed you were still having form_dropdown() in your model function the form_dropdown() is for view out put do not have it in models read the user guide fully.

PHP Code:
<?php

class User_model extends CI_Model {

    public function add_user() {
        $options = [
          'cost' => 12,
        ];

        $hash = password_hash($this->input->post('password'), , PASSWORD_BCRYPT, $options);
 
        $data = array(
            'username' => $this->input->post('username'),
            'password' => $hash,
            'email' => $this->input->post('email'),
            'role' => $this->input->post('roles')
        );

        
        $this->db->set($data);
        $this->db->insert('login');
    }

    public function getUser() {
        $this->db->select('*');
        $this->db->from($this->db->dbprefix . 'user');
        $this->db->where('username', $username);
        $query = $this->db->get();

        if ($query->num_rows() > 0) {
            return $query->row_array();
        } else {
            return false;
        }
    }
    
    public function stored_hash($username) {
        $this->db->select('password');
        $this->db->from($this->db->dbprefix . 'user');
        $this->db->where('username', $username);
        $query = $this->db->get();

        if ($query->num_rows() > 0) {
            return $query->row()->password;
        } else {
            return false;
        }
    }
} 

There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!