[eluser]fiziklgrfiti[/eluser]
**EDIT** see, my reply; issue resolved. :-) :coolsmile:
Hi I'm new to codeigniter. I've read through the Encryption class documentation and am somewhat stumped as to what's going wrong.
I've created a simple login form that takes an email and password. It matches the email addresss against a users database table and then matches the password against a decoded() password.
The form and database from what I can tell are working. The issue I'm having is the passwords arn't matching.
My understanding of encode(); is that I should be able to decode() what ever was encoded (using the key in my cfg). I should then be able to compare the decoded "msg" against another "plaintext" (strcmp(msg, plaintext)). Is this false?
I could use a hash function instead of encode, I could do many a things different, what I'm interested in is where I went wrong with this approach.
Below are code samples, configs and debug output.
Here's the CreateUser controller (encodes the password)
Code:
<?php
class CreateUser extends CI_Controller {
public function __construct()
{
parent::__construct();
$this->load->model('users_model');
$this->load->model('articles_model');
}
public function index()
{
$this->load->helper('form');
$this->load->library('form_validation');
$createdata = array( ... );
$this->form_validation->set_rules('name', 'Name', 'required');
$this->form_validation->set_rules('email', 'Email', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
$this->form_validation->set_rules('title', 'Title', 'required');
$this->form_validation->set_rules('linkedinurl', 'LinkedIn URL', 'required');
$this->form_validation->set_rules('profileimgurl', 'Profile Image URL', 'required');
if ($this->form_validation->run() === FALSE)
{
$this->load->view('templates/header', $createdata);
$this->load->view('users/create');
$this->load->view('templates/footer');
}
else
{
$password = $this->input->post('password');
$hash = $this->encrypt->encode($password);
$data = array(
'email' => $this->input->post('email'),
'hash' => $hash,
'title' => $this->input->post('title'),
'linkedin_url' => $this->input->post('linkedinur
'profileimg_url' => $this->input->post('profilei
'name' => $this->input->post('name')
);
$this->users_model->set_users($data);
$this->load->view('users/sucess');
}
}
}
Here's the user_model (decodes the password)
Code:
<?php
class Users_model extends CI_Model
{
public function set_users($userarray){
$data = $userarray;
return $this->db->insert('users', $data);
}
public function authenticate($email, $suppliedpassword)
{
// get stored password
$query = $this->db->query("SELECT hash FROM users WHERE email='$email';");
$row = $query->row();
$securepassword = $row->hash;
$storedpassword = $this->encrypt->decode($securepassword);
$check = strcmp($storedpassword, $suppliedpassword);
$debugdata = array(
'err_msg' => "unsecuredDB pass = ".$storedpassword." eDB pass = ".$securepassword."
);
$this->db->insert('error_log', $debugdata);
if($check == 0){
return true;
}
else{
return false;
}
}
}
Here's the debug output that's saved to the database.
Code:
error_id - err_msg
| 27 | unsecuredDB pass = )?v?@F<M`?q??x9h?F?0N?#?&*????w eDB pass = CuPCEK4FIVqMeJpNE3uldgmGBT/9MOJ1wYFkqIqtoibW+/ZsWjptV/K/GMFfLcVT usr pass = bdaypassword check result = -57 end |
| 28 | unsecuredDB pass = )?v?@F<M`?q??x9h?F?0N?#?&*????w eDB pass = CuPCEK4FIVqMeJpNE3uldgmGBT/9MOJ1wYFkqIqtoibW+/ZsWjptV/K/GMFfLcVT usr pass = bdaypassword check result = -57 end
Here's where I'm using the model to decode that password (Login Form)
Code:
<?php
class Login extends CI_Controller
{
...
function adminlogin()
{
$this->load->helper(array('form', 'url'));
$this->load->library('form_validation');
$logindata = array( ... );
$this->form_validation->set_rules('email', 'Email', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
$email = $this->input->post('email');
$password = $this->input->post('password');
if($this->form_validation->run() == FALSE)
{
$this->load->view('templates/header', $logindata);
$this->load->view('login');
$this->load->view('templates/footer');
}
elseif($this->users_model->authenticate($email, $password))
{
$this->session->set_userdata('loggedin', true);
$this->load->view('formsuccess');
}
else{
redirect('/login');
}
}
}
Here's the config/autoload.php config
...
| $autoload['libraries'] = array('database', 'session', 'xmlrpc');
*/
$autoload['libraries'] = array('session','encrypt');
(the key is also configured in config/config.php)
Any direction would be greatly appreciated; thanks in advance.
