Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion session problem
session problem
  • El Forum
    Guest
  •  
#1
12-17-2009, 11:20 PM

[eluser]paulon[/eluser]
i got problem, i don't know if its from session.. i have a login form, it checks data from database then stores data in session

Code:
function log_in_credential()
    {
        
        $this->db->where('username', $this->input->post('username'));
        $this->db->where('password', $this->input->post('password'));
        $query = $this->db->get('members');
        
        if($query->num_rows > 0){
            
            $row = $query->row();        
            $data = array(
                'username' => $this->input->post('username'),
                'member_id' => $row->member_id,
                'is_logged_in' => true,
                'login_time' => date('Y-m-d H:i:s'),
                'last_msg_recieved_lobby' =>  date('Y-m-d H:i:s'),
                'accountstatus' => $row->accountstatus                
            );
            $this->session->set_userdata($data);
            redirect('generals/index');
            
        }else{
            redirect('generals/forgot_password/invalid_account');                    
        }
    }

i autoload the libraries

Code:
$autoload['libraries'] = array('database','session');

in a login process everything works fine, but the problem is when it check that there is no such user or should i say log-in fails the browser keeps offering to remember the password even though log-in fails...?

what should i do? tnx in advance.. ^_^
  • El Forum
    Guest
  •  
#2
12-18-2009, 12:03 AM

[eluser]Cro_Crx[/eluser]
This page looks fine. I can spot a few security issues, but generally fine. On the generals/index page you'll need to make sure that the user details are fine and log them out if they aren't correct.
  • El Forum
    Guest
  •  
#3
12-18-2009, 12:07 AM

[eluser]paulon[/eluser]
yes code is fine but the problem here is that if the "if($query->num_rows > 0) statement" returns false then it redirect to some invalid form but the browser offers to remember a password.. which is not appropriate.
  • El Forum
    Guest
  •  
#4
12-18-2009, 12:12 AM

[eluser]paulon[/eluser]
log_in_credintial call from form_open..

Code:
$this->load->helper('form');            
echo form_open('generals/log_in_credential');
echo form_label('Username :','username');
echo form_input('username', 'Username').'<br /><br />';        
echo form_label('Password :','password');
echo form_password('password', 'Password').'<br /><br />';
echo form_submit('submit', 'Login','width:100px').'<br /><br />';
echo anchor('generals/forgot_password', 'Forgot Password');            
echo form_close();
  • El Forum
    Guest
  •  
#5
12-18-2009, 01:00 AM

[eluser]paulon[/eluser]
up ^
  • El Forum
    Guest
  •  
#6
12-18-2009, 01:22 AM

[eluser]flaky[/eluser]
I really recommend you use Form Validation Class, it can be very helpful even in login forms.
As to your question why the browser offers to remember the password even though the login fails, it's because the browser has no idea the login failed (as I know there is no way to tell the browser the login has failed), so it's no big deal, don't worry about that. At least you can do let the user know about the failed login.
  • El Forum
    Guest
  •  
#7
12-18-2009, 01:28 AM

[eluser]Cro_Crx[/eluser]
[quote author="paulon" date="1261138029"]yes code is fine but the problem here is that if the "if($query->num_rows > 0) statement" returns false then it redirect to some invalid form but the browser offers to remember a password.. which is not appropriate.[/quote]

That's because the browser can see that you have been redirected to a new page which would indicate a successful login. If you don't want this to occur on the end of your if statement instead of redirecting you should display the login form again with errors. This will fix your problem
  • El Forum
    Guest
  •  
#8
12-18-2009, 01:29 AM

[eluser]paulon[/eluser]
ok.. using redirect on error login is not a good idea... how to return to the pagecaller?
  • El Forum
    Guest
  •  
#9
12-18-2009, 02:16 AM

[eluser]paulon[/eluser]
[quote author="Cro_Crx" date="1261142933"][quote author="paulon" date="1261138029"]yes code is fine but the problem here is that if the "if($query->num_rows > 0) statement" returns false then it redirect to some invalid form but the browser offers to remember a password.. which is not appropriate.[/quote]

That's because the browser can see that you have been redirected to a new page which would indicate a successful login. If you don't want this to occur on the end of your if statement instead of redirecting you should display the login form again with errors. This will fix your problem[/quote]

ok.. i replace the redirect from else statement i replace it with echo "error login";
there is no directing of anypage but still browser is offering to remember a password on log-in error...
problem not solve...
=(
  • El Forum
    Guest
  •  
#10
12-18-2009, 05:14 AM

[eluser]paulon[/eluser]
up ^




Theme © iAndrew 2016 - Forum software by © MyBB