Login

Marcolino92 · 08-15-2017, 11:25 PM

Hi guys, I created a very simple login form for a small administrative area. Unfortunately, it is currently very basic, in fact the password is not encrypted and there is no verification.

I tried with password_hash and then password_verify, but I missed something in the code.

You could help me improve my login, I'm not going to make it super safe, but also the least.

At this time, this is the files in the controller and the model:

PHP Code:
   public function index() {
        $this->admin_model->isLoggedIn();
        $this->load->view('admin/index');
    }
    
    public function login(){

        $username = $this->input->post('username');
        $password = $this->input->post('password');
        
        //call the model for auth
        if($this->admin_model->login($username, $password)){
            redirect('admin/index');
        }

        else {
            $this->load->view('admin/login');
        }
    } 

admin_model.php

PHP Code:
   public function login($username, $password) { 
        $this->db->where('username', $username);
        $this->db->where('password', $password);
        $query = $this->db->get('user');
        if($query->num_rows()==1){
            foreach ($query->result() as $row){
                $data = array(
                            'username'=> $row->username,
                            'logged_in'=>TRUE
                        );
            }
            $this->session->set_userdata($data);
            return TRUE;
        }
        else{
            return FALSE;
      }    
    }
        
    public function isLoggedIn(){
            $is_logged_in = $this->session->userdata('logged_in');
            if(!isset($is_logged_in) || $is_logged_in!==TRUE)
            {
                redirect('admin/login');
                exit;
            }
    } 

Thanks for your help