[eluser]Medikal[/eluser]
Hey guys, I've managed to get a simple registration working, I'm using sha256 encryption against a password.salt combination, their user-specific salt is stored in the database and then added onto their post password to verify, though that's a bit off topic since that bit works.
My code is posted below, and well the main issue is it doesn't set an error up if something is wrong. As you can see if the user doesn't exist, if the password is wrong, I want the same error to be pretty vague for security reasons. The entire script is function since it echos nothing if it's wrong, and echos valid if it's valid. So just need help with the error setting, thanks guys!
Code:
// Set parameters for registration
$this->form_validation->set_rules("username", "Username", "required|min_length[4]|max_length[20]");
$this->form_validation->set_rules("password", "Password", "required|min_length[6]|max_length[16]");
// If the form validation runs, or it hasn't been submitted yet
if ($this->form_validation->run() == FALSE)
{
$template['mainContent'] = "login_view";
$this->load->view("layout", $template);
} else {
$specificSalt = $this->db->get_where(USERS, array("username" => $this->input->post("username")), 1);
$specificSalt = $specificSalt->row_array();
// If no result for that username...
if (empty($specificSalt))
{
$this->form_validation->set_message("failedAttempt", "Login attempt failed, Invalid username or password.");
} else {
$this->db->where("password", $this->user->saltPassword($this->input->post("password"), $specificSalt["salt"]));
$this->db->from(USERS);
$validInfo = $this->db->count_all_results();
if ($validInfo==0)
{
$this->form_validation->set_message("failedAttempt", "Login attempt failed, Invalid username or password.");
} elseif ($validInfo==1) {
// set session
echo "valid";
}
}
}
