Login

kinje · 10-17-2017, 06:15 AM

I have an application built with codeigniter using the sessions class and storing session data in a database.but when I login into the system with different user and different COMPUTER and Browser, I wonder why all users have the same session data as the first login into the system.

SESSION CONFIGURATION

$config['sess_driver'] = 'database';

$config['sess_cookie_name'] = 'ci_session';

$config['sess_expiration'] = 600;

$config['sess_save_path'] = 'ci_sessions';

$config['sess_match_ip'] = FALSE;

$config['sess_time_to_update'] = 30;
$config['sess_regenerate_destroy'] = TRUE;

I attached a database file
please needs help

Attached Files Thumbnail(s)

**InsiteFX** · 10-18-2017, 04:11 AM

There is something wrong with your login code. You would need to post
some of your code here, so that we can see what your doing wrong.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )

kinje · 10-18-2017, 04:30 AM

(10-18-2017, 04:11 AM)InsiteFX Wrote: There is something wrong with your login code. You would need to post
some of your code here, so that we can see what your doing wrong.

LOGIN MODEL

Code:
public function login($email, $pass, $remember = FALSE) {

        // Remove cookies first

        $cookie = array(

            'name' => 'user',

            'value' => '',

            'expire' => time() - 3600,

            'path' => '/',

        );

        $this->CI->input->set_cookie($cookie);

        /*

         *

         * User Verification

         *

         * Removed or !ctype_alnum($pass) from the IF statement

         * It was causing issues with special characters in passwords

         * and returning FALSE even if the password matches.

         */

        if (!valid_email($email) OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max']) {

            $this->error($this->CI->lang->line('aauth_error_login_failed'));

            return FALSE;

        }

        $query = null;

        $query = $this->CI->db->where('email', $email);

        $query = $this->CI->db->get($this->config_vars['users']);

        $row = $query->row();

        // only email found and login attempts exceeded

        if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && !$this->update_login_attempts($row->email)) {

            $this->error($this->CI->lang->line('aauth_error_login_attempts_exceeded'));

            return FALSE;

        }

        //recaptcha login_attempts check

        $query = null;

        $query = $this->CI->db->where('email', $email);

        $query = $this->CI->db->get($this->config_vars['users']);

        $row = $query->row();

        if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $row->login_attempts >= $this->config_vars['recaptcha_login_attempts']) {

            $reCAPTCHA_cookie = array(

                'name' => 'reCAPTCHA',

                'value' => 'true',

                'expire' => time() + 7200,

                'path' => '/',

            );

            $this->CI->input->set_cookie($reCAPTCHA_cookie);

        }

        // if user is not verified

        $query = null;

        $query = $this->CI->db->where('email', $email);

        $query = $this->CI->db->where('banned', 1);

        $query = $this->CI->db->where('verification_code !=', '');

        $query = $this->CI->db->get($this->config_vars['users']);

        if ($query->num_rows() > 0) {

            $this->error($this->CI->lang->line('aauth_error_account_not_verified'));

            return FALSE;

        }

        // to find user id, create sessions and cookies

        $query = $this->CI->db->where('email', $email);

        $query = $this->CI->db->get($this->config_vars['users']);

        if ($query->num_rows() == 0) {

            $this->error($this->CI->lang->line('aauth_error_login_failed'));

            return FALSE;

        }

        $user_id = $query->row()->id;

        $query = null;

        $query = $this->CI->db->where('email', $email);

        // Database stores pasword hashed password

        $passwd = $this->hash_password($pass, $user_id);

        $query = $this->CI->db->where('pass', $passwd);

        //$query = $this->CI->db->where('pass', $this->hash_password($pass, $user_id));

        $query = $this->CI->db->where('banned', 0);

        $query = $this->CI->db->get($this->config_vars['users']);

        $row = $query->row();

        if ($this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') {

            $reCaptcha = new ReCaptcha($this->config_vars['recaptcha_secret']);

            $resp = $reCaptcha->verifyResponse($this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response"));

            if (!$resp->success) {

                $this->error($this->CI->lang->line('aauth_error_recaptcha_not_correct'));

                return FALSE;

            }

        }

        // if email and pass matches and not banned

        if ($query->num_rows() > 0) {

            // If email and pass matches

            // create session

            //get user_group

            $group = $this->get_user_groups($row->id);

            $mygroup = $group[0]->group_name;

            $data = array(

                'user_id' => $row->id,

                'firstname' => $row->firstname,

                'lastname' => $row->lastname,

                'phone' => $row->phone,

                'email' => $row->email,

                'centre_id' => $row->centre_id,

                'zone_id' => $row->zone_id,

                'mygroup' => $mygroup,

                'loggedin' => TRUE

            );

            $this->CI->session->set_userdata($data);

            // if remember selected

            if ($remember) {

                $expire = $this->config_vars['remember'];

                $today = date("Y-m-d");

                $remember_date = date("Y-m-d", strtotime($today . $expire));

                $random_string = random_string('alnum', 16);

                $this->update_remember($row->id, $random_string, $remember_date);

                $cookie = array(

                    'name' => 'user',

                    'value' => $row->id . "-" . $random_string,

                    'expire' => time() + 99 * 999 * 999,

                    'path' => '/',

                );

                $this->CI->input->set_cookie($cookie);

            }

            $reCAPTCHA_cookie = array(

                'name' => 'reCAPTCHA',

                'value' => 'false',

                'expire' => time() - 3600,

                'path' => '/',

            );

            $this->CI->input->set_cookie($reCAPTCHA_cookie);

            // update last login

            $this->update_last_login($row->id);

            $this->update_activity();

            $this->reset_login_attempts($row->id);

            return TRUE;

        }

        // if not matches

        else {

            $this->error($this->CI->lang->line('aauth_error_login_failed'));

            return FALSE;

        }

    }

LOGIN CONTROLLER

Code:
   function authentication() {

        $email = $this->input->post('email');

        $password = $this->input->post('password');

        $login = $this->aauth->login($email, $password);

        if ($login):

            redirect('dashboard/');

        else:

            $data['msg'] = $this->aauth->get_errors_array();

            $this->load->view('auth/login', $data);

        endif;

    }

**InsiteFX** · 10-19-2017, 03:18 AM

For one I would refactor your code and move a lot of it to a library.

You did not show your logout method, so this would be the way to do it.

PHP Code:
// unset one session item
$this->session->unset_userdata('some_name');

// unset multiple session items
$array_items = array(
    'username',
    'firstname',
    'lastname',
    'phone',
    'email',
    'centre_id',
    'zone_id',
    'mygroup',
    'loggedin'
);

$this->session->unset_userdata($array_items);

// destroy the session should be the last called.
$this->session->sess_destroy(); 

Try that in your logout method and see if it will work.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )

kinje · 10-19-2017, 03:36 AM

(10-19-2017, 03:18 AM)InsiteFX Wrote: For one I would refactor your code and move a lot of it to a library.

You did not show your logout method, so this would be the way to do it.

PHP Code:
// unset one session item $this->session->unset_userdata('some_name'); // unset multiple session items $array_items = array( 'username', 'firstname', 'lastname', 'phone', 'email', 'centre_id', 'zone_id', 'mygroup', 'loggedin' ); $this->session->unset_userdata($array_items); // destroy the session should be the last called. $this->session->sess_destroy();

Try that in your logout method and see if it will work.

ok let me try it

kinje · 10-19-2017, 03:52 AM

(10-19-2017, 03:18 AM)InsiteFX Wrote: For one I would refactor your code and move a lot of it to a library.

You did not show your logout method, so this would be the way to do it.

PHP Code:
// unset one session item $this->session->unset_userdata('some_name'); // unset multiple session items $array_items = array( 'username', 'firstname', 'lastname', 'phone', 'email', 'centre_id', 'zone_id', 'mygroup', 'loggedin' ); $this->session->unset_userdata($array_items); // destroy the session should be the last called. $this->session->sess_destroy();

Try that in your logout method and see if it will work.

Still the same problems

**InsiteFX** · 10-19-2017, 08:56 AM

I can not message you back because you have Private Messages turned on in your profile.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )