Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Validating username and password using fourm validation.
Validating username and password using fourm validation.
  • El Forum
    Guest
  •  
#1
01-31-2010, 10:40 PM

[eluser]distortednet[/eluser]
basically my problem is, everything checks for a username, password, and checks the username to see if the user is an admin. The problem im having is lets say i have

username1:password1
username2:password2

username1 can login with password 2 and visa versa. how do i make it where it checks username1 for password1? Id like to be able to do this without any extra plugins, just what comes with code igniter. the controller file is below.

edit: now my code works...what the hell?

Code:
<?php
class Main extends Controller {
    function main() {
        parent::Controller();
        $this->load->database();
        $this->load->helper('form');
        $this->load->helper('url');
        $this->load->library('form_validation');
        $this->load->view('header');
        // $this->load->scaffolding('users');
    }
    function index() {
        $this->db->order_by("id", "desc");
        $data['query'] = $this->db->get('blog');
        $this->load->view('home', $data);
        $this->load->view('footer');
    }
    function about() {
        $this->load->view('about');
        $this->load->view('footer');
    }
    function resume() {
        $this->load->view('resume');
        $this->load->view('footer');
    }
        function services() {
        $this->load->view('services');
        $this->load->view('footer');
    }
    function login() {
        $this->form_validation->set_rules('username', 'Username', 'required|xss_clean|callback__username_check');
        $this->form_validation->set_rules('password', 'Password', 'required|xss_clean|callback__password_check');
            if ($this->form_validation->run() == FALSE) {
                $this->load->view('logincenter');
            }
            else {
                $data['query'] = $this->db->get('users');
                    if ( $this->_is_admin( $this->input->post('username') ) ) {
                        $this->load->view('debug', $data);
                    }
                    else {
                        echo "err";
                    }
            }
            $this->load->view('footer');
    }
    function _is_admin($adminstr = NULL) {
        if (isset($adminstr)) {
               $this->db->where('name', $adminstr);
               $this->db->where('is_admin', 1);
            $query = $this->db->get('users');
            if ($query->num_rows() > 0) return TRUE;
               return FALSE;
        }
    }
    function _username_check($str) {
        $query = $this->db->get('users');
        $this->db->where('name', $str);
        if ($query->num_rows() > 0) return TRUE;
        return FALSE;
    }
    function _password_check($str) {
        $this->db->where('password', $str);;
        $query = $this->db->get('users');
        if ($query->num_rows() > 0) return TRUE;
        return FALSE;
    }
}
?>
  • El Forum
    Guest
  •  
#2
02-01-2010, 02:22 AM

[eluser]JoostV[/eluser]
You seem to be overengineering it a bit. Also, you keep a lot of business logic in your controller.

First, the login logic. Move this to a model, so you can reuse it. Hope it's bug-free, did not test it Wink
model users.php
Code:
if (! defined('BASEPATH')) exit('No direct script access allowed');

class Users extends Model
{

    function __construct ()
    {
        parent::Model();
    }

    /**
     * Login a user and store user data in session.
     * @param $username Username, unfiltered
     * @param $password Password, unfiltered
     * @return boolean
     */
    function login ($username, $password)
    {
        // Filter input
        $login = mysql_real_escape_string(strip_tags(substr($this->input->post('username'), 0, 16)));
        $password = mysql_real_escape_string(strip_tags(substr($this->input->post('password'), 0, 16)));
        
        // Hash password, we do not want to store plain text passwords in DB
        // We throw the username into the hash as well, making both username and password case sensitive.
        $password = md5($login . $password);
        
        // Check if a user exists with this login/password combination
        $this->db->where('name', $login);
        $this->db->where('password', $password);
        $this->db->limit(1);
        $query = $this->db->get('users');
        
        if ($query->num_rows() > 0) {
            // We have a valid user. Store user data in session.
            $user = $query->row_array();
            $this->session->set_userdata($user);
            return true;
        }
        else {
            // We do not have a valid user. Login failed.
            return false;
        }
    }

}

Now for the controller login method. Make sure you have a field 'is_admin' in your user table, so you can check if this user is an admin. I'll do some ugly nested elseif statements below, you'll have to clean that up yourself Smile
Code:
function login ()
{
    // Set validation    
    $this->form_validation->set_rules('username', 'Username', 'required|max[16]|xss_clean');
    $this->form_validation->set_rules('password', 'Password', 'required|max[16]|xss_clean');
    
    if ($this->form_validation->run() == TRUE) {
        
        // Try to log in user
        $this->load->model('users');
        if ($this->users->login() == true) {
            if ($this->session->userdata('is_admin')) {
                echo 'Hooray, you are an admin!';
            }
            else {
                show_error('You are logged in, but you are not an admin, sorry.');
            }
        }
        else {
            show_error('This user does not exist');
        }
    }
    else {
        show_error('Form did not validate');
    }
}

General tips:
1. Load your helpers, libraries and database in autoload.php
2. Do not forget to autoload the session class.
3. use the database for sessions, not the cookies.
4. Create a main view and load subviews such as 'header' from there.
5. You do not need functions '_is_admin', '_username_check' and '_password_check' in this setup
  • El Forum
    Guest
  •  
#3
02-01-2010, 04:28 AM

[eluser]distortednet[/eluser]
haha, limit(1).....durrrrr..... i feel a bit tarded. oh well live n learn. im somewhat new to the way CI does things, and honestly, 100% new to OOP, and mysql. i have never had a use for mysql, and honestly, fond it a hassle before CI.

edit, also, im doing somthing i have not seen done. I know scaffolding is generally used for
rapid prototyping in a development enviroment, but with almost little effort, it can be adapted for fairly simple backend tasks in a live enviroment. I have already implimented a login system for scaffolding, next step is to make it dynamic so i can switch tables on the fly instead of editing a file then firing up the scaffolding system. would be quite intresting to see when its complete...hopefully somthing becomes of it




Theme © iAndrew 2016 - Forum software by © MyBB