• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to check if user is banned.

#1
So I'm not the type of guy who likes to type buch of line of non-sense. I will go straight to the reason for which I'm writing this post.

I'm working on a function in which the user logs in and can access to its views but only if his/her account is activated. So far I think it should already work but it does not.

Here is my function on my controller:

PHP Code:
   public function login(){
        
        
//Check if logged in
        
$this->User_model->session_comprobate_member();
        
        
//Set rules
 
       $this->form_validation->set_rules('username''Username''trim|required|min_length[4]');
 
       $this->form_validation->set_rules('password''Password''trim|required|min_length[4]');


 
       if ($this->form_validation->run() == FALSE) {
 
           //Load View Into Template
 
           $this->template->load('public''login''users/login');
 
       } else {
 
           // Get Post Data
 
           $username $this->input->post('username');
 
           $password $this->input->post('password');
            
$active      =    $this->input->post('active'0);
 
           $enc_password md5($password);
 
           $user_id $this->User_model->login($username$enc_password$active);
            
/////// Check if banned
            
if($user_id->active == 0){

 
               // Create Error
 
               $this->session->set_flashdata('error''This account is suspended');

 
               // Redirect to pages
 
               redirect('dashboard/login');

                } else {
            
/////
            
            //Check if variables are true
 
           if ($user_id->active == 1) {
 
               $user_data = array(
 
                   'user_id'   => $user_id,
 
                   'username'  => $username,
 
                   'is_member' => true
                
);
                
 
               // Set Session Data
 
               $this->session->set_userdata($user_data);

 
               // Create Message
 
               $this->session->set_flashdata('success''You are logged in');

 
               // Redirect to pages
 
               redirect('dashboard');
 
           } else {
 
               // Create Error
 
               $this->session->set_flashdata('error''Invalid Login');

 
               // Redirect to pages
 
               redirect('dashboard/login');
 
           }
        }
    }


Right now the only thing it does is trowing me the error which I created with the set_flashdata "This account has been suspended."
Here is where I control whether or not an account is suspended(edit.php):

PHP Code:
<h2 class="page-header">Edit User</h2>
<!--
Display form validation errors-->
<?
php echo validation_errors('<p class="alert alert-dismissable alert-danger">'); ?>
<?php 
echo form_open('admin/users/edit/'.$item->id); ?>

    <!-- Is it Actived? -->
    <?php
        
if($item->active == 1){
            
$yes TRUE;
            
$no FALSE;
        } else {
            
$yes FALSE;
            
$no TRUE;
        }
    
?>
    <div class="form-group">
        <?php echo form_label('Activate''active'); ?>
        <?php echo form_radio('active'1$yes); ?> Yes 
        <?php echo form_radio('active'0$no); ?> No
    </div>

    <?php echo form_submit('mysubmit''Update User', array('class' => 'btn btn-primary')); ?>

<?php echo form_close(); ?>
and here is the view in which I register a new account:
PHP Code:
<h2 class="page-header">Add User</h2>
<!--
Display form validation errors-->
<?
php echo validation_errors('<p class="alert alert-dismissable alert-danger">'); ?>
<?php 
echo form_open('admin/users/add'); ?>

    <!-- Is it Actived? -->
    <div class="form-group">
        <?php echo form_label('Activate?''active'); ?>
        <?php echo form_radio('active'1TRUE); ?> Yes 
        <?php echo form_radio('active'0FALSE); ?> No
    </div>

    <?php echo form_submit('mysubmit''Add User', array('class' => 'btn btn-primary')); ?>

<?php echo form_close(); ?>

Can somebody help me; am I missing something?,
Thanks.
I do Front-End development most of the time, but I'm trying to get more into being a full-stack developer, so I'm now learning all what I need to do!  Smile 
Reply

#2
At first glance I've got a problem with this:

Code:
$active      =    $this->input->post('active', 0);

I think the database knows the active status as a fact, why do you pass it through POST where it could manipulated.

The second problem:

Code:
$enc_password = md5($password);

Everybody knows that this is a problem, you know this is a problem, don't ask me why. :-)

Third:

Code:
$user_id = $this->User_model->login($username, $enc_password, $active);

Hm, I would pass only a username and a password and nothing more. This method returns the user id, but maybe it would be better, if the method deals inside its body about storing the session data on success. The name "login" of the method is semantically misleading, because you save the necessary session data not within its body, but in the controller. Also, you may add another method $this->User_model->current_user_id() which would return the id of the logged user at any needed place. Let the method login return an error code instead of the user id, i.e.:
0 - No error, logged in;
1 - Wrong username/password;
2 - The user is not activated;
......

Using this return result would help you to construct your feedback message in the login form.

You say that you are learning. From where? What led you to this piece of code?
Reply

#3
(12-08-2017, 05:02 AM)ivantcholakov Wrote: At first glance I've got a problem with this:

Code:
$active      =    $this->input->post('active', 0);

I think the database knows the active status as a fact, why do you pass it through POST where it could manipulated.

The second problem:

Code:
$enc_password = md5($password);

Everybody knows that this is a problem, you know this is a problem, don't ask me why. :-)

Third:

Code:
$user_id = $this->User_model->login($username, $enc_password, $active);

Hm, I would pass only a username and a password and nothing more. This method returns the user id, but maybe it would be better, if the method deals inside its body about storing the session data on success. The name "login" of the method is semantically misleading, because you save the necessary session data not within its body, but in the controller. Also, you may add another method $this->User_model->current_user_id() which would return the id of the logged user at any needed place. Let the method login return an error code instead of the user id, i.e.:
0 - No error, logged in;
1 - Wrong username/password;
2 - The user is not activated;
......

Using this return result would help you to construct your feedback message in the login form.

You say that you are learning. From where? What led you to this piece of code?

Yes, I noticed that few hours ago. I actually got it confused with another function; I wanted to add the active,0 to an "add" function.

I figured out how to make it work. Here is my new login function(with this I can control what users can access to their views using a "super account (is_admin)":

PHP Code:
   public function login(){
        
        
//Check if logged in
        
$this->User_model->session_comprobate_member();
        
        
//Set rules
 
       $this->form_validation->set_rules('username''Username''trim|required|min_length[4]');
 
       $this->form_validation->set_rules('password''Password''trim|required|min_length[4]');


 
       if ($this->form_validation->run() == FALSE) {
 
           //Load View Into Template
 
           $this->template->load('public''login''users/login');
 
       } else {
 
           // Get Post Data
 
           $username $this->input->post('username');
 
           $password $this->input->post('password');
 
           $enc_password md5($password);
 
           $data_user $this->User_model->login($username$enc_password);
            
/////// Check if banned
            
if($data_user == true){
     
           $user_id $this->User_model->get_username($username);
 
               $users   $this->User_model->get_userid($user_id);
                
            
            if(
$users->active == 0){

 
               // Create Error
 
               $this->session->set_flashdata('error''This account is suspended');

 
               // Redirect to pages
 
               redirect('dashboard/login');

            } else {
            
//Check if variables are true
 
               $user_data = array(
 
                   'user_id'   => $user_id,
 
                   'username'  => $username,
 
                   'is_member' => true
                
);
                
 
               // Set Session Data
 
               $this->session->set_userdata($user_data);

 
               // Create Message
 
               $this->session->set_flashdata('success''You are logged in');

 
               // Redirect to pages
 
               redirect('dashboard');
                }
            } else {
 
               // Create Error
 
               $this->session->set_flashdata('error''Invalid Login');
                
// Redirect to pages
 
               redirect('dashboard/login');
        }
    }

I do Front-End development most of the time, but I'm trying to get more into being a full-stack developer, so I'm now learning all what I need to do!  Smile 
Reply

#4
You should be using the php password_hash methods.
What did you Try? What did you Get? What did you Expect?

Joined the CodeIgniter Community in 2009.          ( Skype: insitfx )
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.