CodeIgniter Forums

Full Version: where clause
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]huangxiao[/eluser]
Hi can i ask some help i could not loging in...can you please help me on my code

Code:
class User_model extends CI_Model{


     function checklogin(){

         $sql = "select username,password from users where username= ? and password = ?";
         $query = $this->db->query($sql,array('username'=>$this->input->post('username'),'password'=>$this->input->post('password')));
         if($query->num_rows==1){
             return true;
         }

     }


}




?>

Thank you in advance

El Forum

[eluser]ivantcholakov[/eluser]
1. The username and the password should be passed explicitly as method's parameters. If you get them inside the body of the method - this is a side effect, you loose flexibility and maintainability this way.

2. You store passwords within the database in plain text. This is not well. Choose a hashing function and use it.

3.
Code:
if ($query->num_rows > 0) {
is better than
Code:
if($query->num_rows==1){

4. You return TRUE on succes and NULL on failure. Better return FALSE on failure.

5. You don't pass the query parameters correctly, see http://ellislab.com/codeigniter/user-gui...eries.html, the section "Query Bindings".

6. A suggestion: Use the query builder for database server abstraction.

7. I suppose, in a real application the check would depend also on a flag for enabled/disabled account at least.

El Forum

[eluser]ivantcholakov[/eluser]
You may examine the following model and adapt it for your system:

Code:
<?php defined('BASEPATH') OR exit('No direct script access allowed');

// Ivan Tcholakov, 2013, MIT license.

class Current_user_model extends CI_Model {

    // Configuration properties
    protected $table_users = 'users';
    protected $session_key_user_id = 'current_user_id';

    // Auxilary properties
    protected $session = null;
    protected $ci = null;

    public function __construct() {

        parent::__construct();

        $this->ci = get_instance();

        $this->session = $this->ci->session;
    }

    // User ID getter
    public function id() {

        return $this->session->userdata($this->session_key_user_id);
    }

    // Username getter
    public function username() {

        $row = $this->db
            ->select('username')
            ->from($this->table_users)
            ->where('id', $this->id())
            ->limit(1)
            ->get()
            ->row_array();

        return empty($row) ? NULL : $row['username'];

    }

    // User login
    public function login($username, $password) {

        $this->logout();

        $row = $this->db
            ->select('id')
            ->from($this->table_users)
            ->where('username', $username)
            ->where('password', md5($password))
            //->where('enabled', 1)
            ->limit(1)
            ->get()
            ->row_array();

        if (!empty($row)) {

            $this->session->set_userdata($this->session_key_user_id, (int) $row['id']);

            return true;
        }

        return false;
    }

    // User logout
    public function logout() {

        $this->session->unset_userdata($this->session_key_user_id);
    }

    // Check whether current user has logged
    public function is_logged() {

        $user_id = $this->id();
        return !empty($user_id);
    }

}

For managing users (CRUD operations, etc) make a separate model Users_model that is to work with the same table 'users'. By this separation code would be easier to be read.

El Forum

[eluser]huangxiao[/eluser]
Hi thank you for the quick reply and thank you for this,Okay i will try this.

Thank you Smile

El Forum

[eluser]huangxiao[/eluser]
Hi ivantcholakov,I forgot to ask why you call the logout() in your login() ?

Thank you in avdvance.

El Forum

[eluser]ivantcholakov[/eluser]
[quote author="huangxiao" date="1378547006"]Hi ivantcholakov,I forgot to ask why you call the logout() in your login() ?

Thank you in avdvance.[/quote]

It is possible in some sites the user login form to be accessible after a user has been logged. So, you can login successfully as user1. Then, while logged as user1 you may go to the login form and to try to login as user2. Imagine that login as user2 fails. Then you will stay logged as user1. This would be a weird situation. The right logic is nobody to be logged after a failed login attempt.

Before a login attempt, session information about the previous login (if there is any) should be cleared. This is what logout() does.