Login

02-15-2011, 08:28 AM

[eluser]Ortonruk[/eluser]
Hello

I am developing an application in CI v1.73 (as I was already a significant way into it when v2.0 was released) but I am hoping you may be able to help me.

I have a callback function that checks my database to ensure the email/password entered into a login form match and are correct. The problem I am having is, is that when an email address is entered that is in the database, it allows you to gain access to the members area no matter what password you enter (as long as it meets the validation requirements). If you try and login with an email address that is not in the database, it throws up the correct error. I believe therefore the problem lies with it retrieving the password field from the database and matching it up with what was posted by the form?

Here is the code from my controller:

Code:
function login()

{

    $this->form_validation->set_rules('login_email', 'email', 'xss_clean|required|valid_email');

    $this->form_validation->set_rules('login_password', 'password', 'xss_clean|required|min_length[6]|max_length[12]|sha1|callback_password_check');

    $this->_email = $this->input->post('login_email');

    $this->_password = sha1($this->_salt . $this->input->post('login_password'));

    if($this->form_validation->run() == FALSE)

    {

        $this->load->view('account_view');

    }

    else

    {

        $this->front_model->login();

        $this->load->view('members_view');

    }

}

function password_check()

{

    $this->db->where('email', $this->_email);

    $query = $this->db->get('users');

    $result = $query->row_array();

    if($query->num_rows() == 0)

    {

        $this->form_validation->set_message('password_check', 'Invalid email/password.');

        return FALSE;

    }

    if($result['password'] == $this->_password);

    {

        return TRUE;

    }

}

Thanks!