Login

09-12-2012, 10:48 AM

[eluser]roguedogg[/eluser]
Ok so I think I have a work around solution based on your suggestions.

Controller:

Code:
public function validate_credentials(){

  $this->load->library('form_validation');

  $this->form_validation->set_rules('email', 'Email', 'required|xss_clean');

  $this->form_validation->set_rules('pword', 'Password', 'required|md5');

  if($this->form_validation->run() == FALSE) {

   $this->index();

  } else {

  $pword = $this->input->post('pword');

  $email = $this->input->post('email');

  $this->load->model('users_model');

  $query = $this->users_model->validate($email,$pword);

  if($query){

   $data = array(

    'email' => $this->input->post('email'),

    'fname' => 'Yahoo',

    'is_logged_in' => TRUE

   );

   $this->session->set_userdata($data);

   redirect('main/members_area');

  } else {

   $this->load->view('restricted');

  }

 }

}

Model:

Code:
public function validate($email,$pword){

  $this->db->where('email', $email);

    $this->db->where('pword', $pword);

  $query = $this->db->get('users');

  if($query->num_rows == 1){

   return true;

  } else {

   return false;

  }

 }

Now my question is...Is this OK OR are there inherit security issues?

Thanks for your help so far...BTW!!