password and username verification

password and username verification - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: password and username verification (/showthread.php?tid=47998)

password and username verification - El Forum - 12-31-2011

[eluser]terry101[/eluser]
I created a username/password check before and it worked fine for my login. I was trying to add a session with what i had before but i realized that now my password and username verification isnt work where it returns false. I don’t see any difference in what i had before, not sure where i could have messed it up. I dont get any errors but when i type in a valid username/password (already stored in database) it gives me

Code:
echo 'Username or password is invalid, try again';

i tried

Code:
$this->output->enable_profiler(1);

and i see the query in the model is correct, its doing its job. Assistance needed.

Controller

Code:
function login()    {

                $this->load->library('form_validation');

        $this->form_validation->set_rules('username', 'Username','required|xss_clean|trim');

        $this->form_validation->set_rules('password', 'Password','required|xss_clean|trim');

        if ($this->form_validation->run() == FALSE) {

            $this->load->view('loginview');

        }

        else { 

                $this->load->model('loginmodel');

                 $username = $this->input->post('username');

         $password = $this->input->post('password');

                if ($this->loginmodel->check_login($username, $password)){

                    echo 'your in';

                        //$this->userlogin->start_session();

                    } 

            else {

                echo 'Username or password is invalid, try again';

            }            

        }

    }

    function start_session() {

            // loading sessions

                $this->load->library('session');

                //$store_sess_data  = array ('logged_in' => TRUE, 'user_id' => $username, 'last_active' => 'timestamp')

                $this-> session->set_userdata(array (

                'logged_in' => TRUE, 

                'user_id' => $username, 

                'last_active' => 'timestamp')

                );

                  redirect('sessionview');

    }

Model

Code:
function check_login ($username, $password) {

        $en_password = MD5($password);

        $checklogin = array('username' => $username, 'password' => $en_password);

        $verifylogin = $this->db->get_where('tbregister',$checklogin);

        if ($verifylogin->num_rows() == 1) {

        var_dump($verifylogin); 

            return TRUE;

        }

        else {

            return FALSE;

        }

    }

password and username verification - El Forum - 01-25-2012

[eluser]jjDeveloper[/eluser]
Looks like your session_start is using an undefined variable. Try setting your variables to the global scope of the class using.

Code:
$this->username = 'username';

or pass the variable to the function.

I don't know that this will fix your issue because I am limited as to what I can see from your code but it is one problem I noticed.

password and username verification - El Forum - 01-25-2012

[eluser]JoostV[/eluser]
Could it be that you have more than one user with that usename/password combination in your db? If so, your model's check_login() will return false.

On a side note, you may want to run your username through xss filter.

Code:
 $username = $this->input->post('username', TRUE);

password and username verification - El Forum - 01-25-2012

[eluser]InsiteFX[/eluser]
Also you should autoload the session library for something like that!

And you do not need to use session_start...

Your problem is in the get_where you can not pass an associated array
to it with two parameters!

Something like this!

Code:
// --------------------------------------------------------------------

 /**

  * verify_user()

  *

  * Description:

  *

  * @access public

  * @param string

  * @param string

  * @return void

  */

 public function verify_user($user, $password)

 {

  $this->db->select('id, user_name, password');

  $this->db->where('user_name', $user);

  $this->db->where('password', $this->hash_password($user, $password));

  $this->db->where('status', 'active');

  $this->db->limit(1);

  $query = $this->db->get('admins');

  if ($query->num_rows() > 0)

  {

   $row = $query->row_array();

   $this->session->set_userdata('user_id', $row['id']);

   $this->session->set_userdata('user_name', $row['user_name']);

  }

  else

  {

   $this->session->set_flashdata('error', 'Sorry, your username or password is incorrect!');

  }

 }

 // -----------------------------------------------------------------------

 /**

  * hash_password()

  *

  * Hashes the users user_name, password and CI 32-bit encryption key

  * using SHA-512. I place this in my user_model.

  *

  * You can also pass in the user and password fields to

  * this method to generate the encryption key then echo the returned value.

  *

  * NOTE: The Database password field needs to be varchar(128)

  *

  * @access public

  * @param string - $user_name

  * @param string - $password

  * @retrun string - the 128 char encrypted password

  */

 public function hash_password($user_name, $password)

 {

  $salt = config_item('encryption_key');

  return hash('SHA512', $user_name . $password . $salt);

 }