CodeIgniter Forums
problem with password checking - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: problem with password checking (/thread-42299.html)



problem with password checking - El Forum - 06-02-2011

[eluser]Unknown[/eluser]
i am writing a controller like this in user login module.but here the password is not checking with the database.That means if any password will given it automatically login.So plz give me the suggestions.The controller code is like this


<?php
class Account extends Controller
{
function Account()
{
parent::Controller();
$this->load->library(array('form_validation', 'session'));
$this->load->helper(array('url', 'form'));
$this->load->model('account_model');
$this->_salt = "123456789987654321";
}
function index()
{
if($this->account_model->logged_in() === TRUE)
{
$this->dashboard(TRUE);
}
else
{
$this->load->view('account/details');
}
}
function dashboard($condition = FALSE)
{
if($condition === TRUE OR $this->account_model->logged_in() === TRUE)
{
$this->load->view('account/dashboard');
}
else
{
$this->load->view('account/details');
}
}
function login()
{
$this->form_validation->
set_rules('username', 'Username',
'xss_clean|required|callback_username_check');
$this->form_validation->
set_rules('password', 'Password',
'xss_clean|required|min_length[4]|max_length[12]|
sha1|callback_password_check');
$this->_username = $this->input->post('username');
$this->_password =
sha1($this->_salt.$this->input->post('password'));
if($this->form_validation->run() == FALSE)
{
$this->load->view('account/login');
}
else
{

$this->account_model->login();
$data['message'] =
"You are logged in! Now go take a look at the "
. anchor('account/dashboard', 'Dashboard');
$this->load->view('account/success', $data);
}
}
function register()
{
$this->form_validation->
set_rules('username', 'Username', 'xss_clean|required');
$this->form_validation->
set_rules('email', 'Email Address',
'xss_clean|required|valid_email|callback_email_exists');
$this->form_validation->set_rules('password', 'Password', 'xss_clean|required|min_length[4]|max_length[12]|matches[password_conf]|sha1');
$this->form_validation->
set_rules('password_conf', 'Password Confirmation',
'xss_clean|required|matches[password]');
if($this->form_validation->run() == FALSE)
{
$this->load->view('account/register');
}
else
{
$data['username'] = $this->input->post('username');
$data['email'] = $this->input->post('email');
$data['password'] =
sha1($this->_salt . $this->input->post('password'));
if($this->account_model->create($data) === TRUE)
{
$data['message'] =
"The user account has now been created! You can login "
. anchor('account/login', 'here') . ".";
$this->load->view('account/success', $data);
}
else
{
$data['error'] =
"There was a problem when adding your account to the database.";
$this->load->view('account/error', $data);
}
}
}
function logout()
{
$this->session->sess_destroy();
$this->load->view('account/logout');
}
function password_check()
{
$this->db->where('username', $this->_username);

$query = $this->db->get('users');
$result = $query->row_array();
if($query->num_rows() == 0)
{
$this->form_validation->
set_message('password_check', 'username not found!');

return FALSE;
}
if($result['password']==$this->_password);
{
return TRUE;
}

}
function user_exists($user)
{
$query = $this->db->get_where('users', array('username' => $user));
if($query->num_rows() > 0)
{
$this->form_validation->
set_message('user_exists',
'The %s already exists in our database, please use a different one.');
return FALSE;
}
$query->free_result();
return TRUE;
}
function email_exists($email)
{
$query = $this->db->get_where('users', array('email' => $email));
if($query->num_rows() > 0)
{
$this->form_validation->
set_message('email_exists',
'The %s already exists in our database, please use a different one.');
return FALSE;
}
$query->free_result();

return TRUE;
}
}
?>


problem with password checking - El Forum - 06-02-2011

[eluser]InsiteFX[/eluser]
Maybe if you use code tags to wrap your code in that I might read your code!

InsiteFX


problem with password checking - El Forum - 06-02-2011

[eluser]osci[/eluser]
[quote author="InsiteFX" date="1307068843"]Maybe if you use code tags to wrap your code in that I might read your code!

InsiteFX[/quote]

+1


problem with password checking - El Forum - 06-02-2011

[eluser]cideveloper[/eluser]
Also don't post all your code. Only post the relevant sections. That is just lazy. Also you post every single line but I don't see a function that is called when calling "callback_username_check"

P.S. This is a fix for the question not the answer

Code:
<?php
class Account extends Controller
{
    function Account()
    {
        parent::Controller();
        $this->load->library(array('form_validation', 'session'));
        $this->load->helper(array('url', 'form'));
        $this->load->model('account_model');
        $this->_salt = "123456789987654321";
    }


    function login()
    {
        $this->form_validation->set_rules('username', 'Username','xss_clean|required|callback_username_check');
        $this->form_validation->set_rules('password', 'Password','xss_clean|required|min_length[4]|max_length[12]|sha1|callback_password_check');
        $this->_username = $this->input->post('username');
        $this->_password =sha1($this->_salt.$this->input->post('password'));

        if($this->form_validation->run() == FALSE)
        {
            $this->load->view('account/login');
        }
        else
        {
            $this->account_model->login();
            $data['message'] = "You are logged in! Now go take a look at the ". anchor('account/dashboard', 'Dashboard');
            $this->load->view('account/success', $data);
        }
    }


    function password_check()
    {
        $this->db->where('username', $this->_username);

        $query = $this->db->get('users');
        $result = $query->row_array();
        if($query->num_rows() == 0)
        {
            $this->form_validation->set_message('password_check', 'username not found!');
            return FALSE;
        }
        if($result['password']==$this->_password);
        {
            return TRUE;
        }
    }

}
?>