CodeIgniter Forums

Full Version: [SOLVED] login
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Hello,

I am having trouble login eventhough I already input the correct username and password.  I wonder why nothing happens after I input the username and password.  Is there any other way to solve this problem so that I can login as usual ?

Gionda CMS Login

Username :  [ username  ]
Password  :  [ password  ]


controllers/Cpages.php

PHP Code:
public function ceklogin() {
        
        
$username $this->input->post('username'TRUE);
        
$password $this->input->post('password'TRUE);
        
$this->db->where('username'$username);
        
$this->db->where('password'$password);
        
$query=$this->db->get('login');
        if (
$query->num_rows() == 1)
            {
                
// echo 'LOGIN BERHASIL !';
                
                
$this->load->model('Mpages');
                
$data['login']=$this->db->get('login');
                
$data['login'] = $this->Mpages->login();
                
$this->load->view('index'$data);
            }
        else
            {
                
// echo 'LOGIN GAGAL !';
                
$data['warning']='Your username and password are wrong !';
                
$this->load->view('login'$data);
            }            
        
    } 


models/Mpages.php

PHP Code:
    public function add_user()
    {    
            
        
$data = array(
            
'username' => $this->input->post('username'),
            
'email' => $this->input->post('email'),
            
'password' => $this->input->post('password'),
            
'role' => form_dropdown('roles'$options'administrator')        
        );        
        
        return 
$this->db->insert('login'$data);
        
    } 


views/login.php

PHP Code:
<?php $this->load->library('form_validation'); ?>
                        
<?php echo validation_errors(); ?>
                        
<?php echo form_open('cpages/ceklogin'); ?>
                        
<div class="login-card">
    <h2>Gionda CMS Login</h2><br>
  <form>
    <div class="login"><input type="text" name="username" placeholder="Username"></div>
    <div class="login"><input type="password" name="password" placeholder="Password"></div>
    <br>
    <input type="submit" name="login" class="login login-submit" value="login">
  </form>

  <div class="login-help">
    <a href="#">Register</a> • <a href="#">Forgot Password</a>
  </div>
</div> 
How many times do you need the same question answered before you understand?
Not trying to be blunt but considering your other questions here on the forum I believe you are not experienced enough to create a secure login.

PHP Code:
$this->db->where('username'$username);
$this->db->where('password'$password); 

For example, you are storing the password as plaintext in your database, this is bad practice. Always store a (salted) hash of the password and compare the hash of the user input to the stored hash.

I suggest you try to integrate an existing (and proven) solution like community auth or ion auth.
I agree with @Diederik

I would use something like php password_hash the password column must be varchar 255

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/function.password-verify.php

Controller

Filename Example.php

PHP Code:
<?php

class Example extends CI_Controller {

    public function __construct() {
        parent::__construct();
        $this->load->library('form_validation');
        $this->load->model('user_model');
    }

    public function index() {
 
       // You can place the data variables above the form like here

        $data['some_data'] = 'Hello';

        $this->form_validation->set_rules('username''Username''trim|required');
        $this->form_validation->set_rules('password''Password''trim|required|callback_validate[password]');

        if ($this->form_validation->run() == false) {

 
           $this->load->view('header'); // You can add the $data variable to header if you which to pass any thing through to header view.
            $this->load->view('login'$data);
 
           $this->load->view('footer');

        } else {

 
           // Set the session data 

            redirect('success_controller');
        }

    }

    public function validate($str) {
        $password $str;
        $stored_password $this->user_model->stored_password($this->input->post('username')); 
        
        if 
(password_verify($password$stored_password)) {
            return true;
        } else {
            $this->form_validation->set_message('validate''Opps login is incorrect!');
            return false;
        }
    }



Model

Filename: User_model.php

Also I have noticed you were still having form_dropdown() in your model function the form_dropdown() is for view out put do not have it in models read the user guide fully.


PHP Code:
<?php

class User_model extends CI_Model {

 
   public function add_user() {
 
       $options = [
          'cost' => 12,
 
       ];

 
       $hash password_hash($this->input->post('password'), , PASSWORD_BCRYPT$options);
 
 
       $data = array(
 
           'username' => $this->input->post('username'),
 
           'password' => $hash,
 
           'email' => $this->input->post('email'),
 
           'role' => $this->input->post('roles')
 
       );

 
       
        $this
->db->set($data);
        $this->db->insert('login');
    }

    public function getUser() {
        $this->db->select('*');
        $this->db->from($this->db->dbprefix 'user');
        $this->db->where('username'$username);
        $query $this->db->get();

        if ($query->num_rows() > 0) {
            return $query->row_array();
        } else {
            return false;
        }
    }
    
    public 
function stored_hash($username) {
        $this->db->select('password');
        $this->db->from($this->db->dbprefix 'user');
        $this->db->where('username'$username);
        $query $this->db->get();

        if ($query->num_rows() > 0) {
            return $query->row()->password;
        } else {
            return false;
        }
    }

Thanks for advice about the secure login. I already add the secure login with hashing.

And I am still having trouble by passing the username and password so that I can login. I wonder why?

Can anyone help me out?
Maybe you should look up the password_hash and its other methods on php.net maybe you will learn something
(09-03-2016, 06:20 AM)davy_yg Wrote: [ -> ]Thanks for advice about the secure login.  I already add the secure login with hashing.  

And I am still having trouble by passing the username and password so that I can login.  I wonder why?

Can anyone help me out?

Make sure you are submitting to correct url use the form helper for form like form_open and form_close()

Also make sure you have your file and classes like https://codeigniter.com/userguide3/gener...ile-naming

And make sure you have set your base_url on config.php $config['base_url'] = 'http://localhost/yourprojectname/';

Maybe start of will smaller test projects so you can learn a bit more be for embarking on big projects
(09-01-2016, 03:27 AM)wolfgang1983 Wrote: [ -> ]I agree with @Diederik

I would use something like php password_hash the password column must be varchar 255

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/function.password-verify.php

Controller

Filename Example.php

PHP Code:
<?php

class Example extends CI_Controller {

    public function __construct() {
        parent::__construct();
        $this->load->library('form_validation');
        $this->load->model('user_model');
    }

    public function index() {
 
       // You can place the data variables above the form like here

        $data['some_data'] = 'Hello';

        $this->form_validation->set_rules('username''Username''trim|required');
        $this->form_validation->set_rules('password''Password''trim|required|callback_validate');

        if ($this->form_validation->run() == false) {

 
           $this->load->view('header'); // You can add the $data variable to header if you which to pass any thing through to header view.
            $this->load->view('login'$data);
 
           $this->load->view('footer');

        } else {

 
           // Set the session data 

            redirect('success_controller');
        }

    }

    public function validate() {
        $password $this->input->post('password');
        $stored_password $this->user_model->stored_password($this->input->post('username')); 
        
        if 
(password_verify($password$stored_password)) {
            return true;
        } else {
            $this->form_validation->set_message('validate''Opps login is incorrect!');
            return false;
        }
    }



Model

Filename: User_model.php

Also I have noticed you were still having form_dropdown() in your model function the form_dropdown() is for view out put do not have it in models read the user guide fully.


PHP Code:
<?php

class User_model extends CI_Model {

 
   public function add_user() {
 
       $options = [
          'cost' => 12,
 
       ];

 
       $hash password_hash($this->input->post('password'), , PASSWORD_BCRYPT$options);
 
 
       $data = array(
 
           'username' => $this->input->post('username'),
 
           'password' => $hash,
 
           'email' => $this->input->post('email'),
 
           'role' => $this->input->post('roles')
 
       );

 
       
        $this
->db->set($data);
        $this->db->insert('login');
    }

    public function getUser() {
        $this->db->select('*');
        $this->db->from($this->db->dbprefix 'user');
        $this->db->where('username'$username);
        $query $this->db->get();

        if ($query->num_rows() > 0) {
            return $query->row_array();
        } else {
            return false;
        }
    }
    
    public 
function stored_hash($username) {
        $this->db->select('*');
        $this->db->from($this->db->dbprefix 'user');
        $this->db->where('username'$username);
        $query $this->db->get();

        if ($query->num_rows() > 0) {
            return $query->row()->password;
        } else {
            return false;
        }
    }


1. you code miss the rehash function.
http://php.net/manual/en/function.passwo...rehash.php

2.
$this->db->select('*'); <- you use only password, why get all userdata?
(09-04-2016, 12:20 PM)Paradinight Wrote: [ -> ]
(09-01-2016, 03:27 AM)wolfgang1983 Wrote: [ -> ]I agree with @Diederik

I would use something like php password_hash the password column must be varchar 255

http://php.net/manual/en/function.password-hash.php

http://php.net/manual/en/function.password-verify.php

Controller

Filename Example.php

PHP Code:
<?php

class Example extends CI_Controller {

    public function __construct() {
        parent::__construct();
        $this->load->library('form_validation');
        $this->load->model('user_model');
    }

    public function index() {
 
       // You can place the data variables above the form like here

        $data['some_data'] = 'Hello';

        $this->form_validation->set_rules('username''Username''trim|required');
        $this->form_validation->set_rules('password''Password''trim|required|callback_validate');

        if ($this->form_validation->run() == false) {

 
           $this->load->view('header'); // You can add the $data variable to header if you which to pass any thing through to header view.
            $this->load->view('login'$data);
 
           $this->load->view('footer');

        } else {

 
           // Set the session data 

            redirect('success_controller');
        }

    }

    public function validate() {
        $password $this->input->post('password');
        $stored_password $this->user_model->stored_password($this->input->post('username')); 
        
        if 
(password_verify($password$stored_password)) {
            return true;
        } else {
            $this->form_validation->set_message('validate''Opps login is incorrect!');
            return false;
        }
    }



Model

Filename: User_model.php

Also I have noticed you were still having form_dropdown() in your model function the form_dropdown() is for view out put do not have it in models read the user guide fully.


PHP Code:
<?php

class User_model extends CI_Model {

 
   public function add_user() {
 
       $options = [
          'cost' => 12,
 
       ];

 
       $hash password_hash($this->input->post('password'), , PASSWORD_BCRYPT$options);
 
 
       $data = array(
 
           'username' => $this->input->post('username'),
 
           'password' => $hash,
 
           'email' => $this->input->post('email'),
 
           'role' => $this->input->post('roles')
 
       );

 
       
        $this
->db->set($data);
        $this->db->insert('login');
    }

    public function getUser() {
        $this->db->select('*');
        $this->db->from($this->db->dbprefix 'user');
        $this->db->where('username'$username);
        $query $this->db->get();

        if ($query->num_rows() > 0) {
            return $query->row_array();
        } else {
            return false;
        }
    }
    
    public 
function stored_hash($username) {
        $this->db->select('*');
        $this->db->from($this->db->dbprefix 'user');
        $this->db->where('username'$username);
        $query $this->db->get();

        if ($query->num_rows() > 0) {
            return $query->row()->password;
        } else {
            return false;
        }
    }


1. you code miss the rehash function.
http://php.net/manual/en/function.passwo...rehash.php

2.
$this->db->select('*'); <- you use only password, why get all userdata?

Good idea on the select('password') but not sure if he would need rehash
I wonder why not changing stored_hash name into something else like:  call_password($username) { } -  Will it works?

It has the same meaning right?

Code:
public function stored_hash($username) {
        $this->db->select('*');
        $this->db->from($this->db->dbprefix . 'user');
        $this->db->where('username', $username);
        $query = $this->db->get();

        if ($query->num_rows() > 0) {
            return $query->row()->password;
        } else {
            return false;
        }
    }
Pages: 1 2