Login

Paradinight · 08-15-2017, 11:38 PM

(08-15-2017, 11:25 PM)Marcolino92 Wrote: Hi guys, I created a very simple login form for a small administrative area. Unfortunately, it is currently very basic, in fact the password is not encrypted and there is no verification.

I tried with password_hash and then password_verify, but I missed something in the code.

You could help me improve my login, I'm not going to make it super safe, but also the least.

At this time, this is the files in the controller and the model:

PHP Code:
public function index() { $this->admin_model->isLoggedIn(); $this->load->view('admin/index'); } public function login(){ $username = $this->input->post('username'); $password = $this->input->post('password'); //call the model for auth if($this->admin_model->login($username, $password)){ redirect('admin/index'); } else { $this->load->view('admin/login'); } }

admin_model.php

PHP Code:
public function login($username, $password) { $this->db->where('username', $username); $this->db->where('password', $password); $query = $this->db->get('user'); if($query->num_rows()==1){ foreach ($query->result() as $row){ $data = array( 'username'=> $row->username, 'logged_in'=>TRUE ); } $this->session->set_userdata($data); return TRUE; } else{ return FALSE; } } public function isLoggedIn(){ $is_logged_in = $this->session->userdata('logged_in'); if(!isset($is_logged_in) || $is_logged_in!==TRUE) { redirect('admin/login'); exit; } }

Thanks for your help

https://community-auth.com/
https://github.com/benedmunds/CodeIgniter-Ion-Auth

Back to the problem:
- save the hash in the database.
- select the user by the username/email and not by the password
- check the password with password_verify