[eluser]Wathfea[/eluser]
Hello everyone,
I'm trying to develop a login system but I stucked a little. If you know how to make it better, faster just let me know. I'm using HMVC. My main controller is the login controller. If the user log in with the good data redirect them to the admin site. I need two groups: super admin and normal admin. If someone try to login and it's fail more then 3 times the account have to locked down. I also would like to salt the password. Now I have a code, but It's not the best, the error msgs not shows well and I think my redirect method could be different. If someone could help it would be great full. And one more thing, I don't want to use a ready library like Ion Auth I would like to solve it with my own.
Here is the code:
Login controller:
Code:
<?php
if (!defined('BASEPATH'))
exit('No direct script access allowed');
class Login extends MX_Controller {
function __construct() {
parent::__construct();
//Load model
$this -> load -> model('login_model');
}
public function index() {
//Check for the user session exist or not
$user = $this -> session -> userdata('acc_username');
if (!empty($user)) {
redirect('admin');
} else {
//Prepare post form data
$this -> form_validation -> set_rules('username', 'Username', 'required|min_length[4]|max_length[45]|trim|xss_clean');
$this -> form_validation -> set_rules('password', 'Password', 'required|min_length[4]|max_length[50]|trim|xss_clean');
if ($this->form_validation->run() == FALSE)
{
$this->load->view('login_view');
}
else {
// then validation passed. Get data from the db
$res = $this -> login_model -> verify_user($this -> input -> post('username'), $this -> input -> post('password'));
if ($res !== false) {
// login was correct we can set the session and redirect the user
$data = array('acc_username' => $res -> username, 'acc_priv' => $res -> priv, 'acc_id' => $res -> id);
$this -> session -> set_userdata($data);
redirect('admin');
}
else {
// login failed , check why?
$res = $this -> login_model -> chk_lock($this -> input -> post('username'));
if ($res !== false) {
// user locked
$data['error_message'] = "Your account locked";
$this -> load -> view('login_view_error', $data);
} else {
$data['error_message'] = "The username or password you entered is incorrect";
$this -> load -> view('login_view_error', $data);
}
}
}
}
}
public function logout() {
$this->session->sess_destroy();
$this->index();
}
}
Login modell:
Code:
<?php
if (!defined('BASEPATH'))
exit('No direct script access allowed');
class Login_model extends CI_Model {
function __construct() {
parent::__construct();
}
//Create salt
protected function _create_salt()
{
return sha1(random_string('alnum', 32));
}
//Check post user data
public function verify_user($username, $password) {
//Get the salt
$q = $this -> db -> where('username', $username) -> select('salt') -> limit(1) -> get('users');
if ($q -> num_rows() > 0) {
$row = $q -> row();
$salt = $row->salt;
}
$q = $this -> db -> where('username', $username) -> where('password', sha1($password.$salt)) -> where('locked_status !=', "yes") -> limit(1) -> get('users');
if ($q -> num_rows() > 0) {
// person has account with us
return $q -> row();
} else {
$q = $this -> db -> where('username', $username) -> limit(1) -> get('users');
$user_row = $q -> row();
if ( $user_row->login_attempt >= 3) {
//Lock the user out
$this->db->set('locked_status', '"yes"', FALSE);
$this->db->where('username', $username)->update('users');
return false;
} else {
// failed login set attempt +1
$this->db->set('login_attempt', 'login_attempt+1', FALSE);
$this->db->where('username', $username)->update('users');
return false;
}
}
return false;
}
//Check for the user is locked or not
public function chk_lock($username) {
$q = $this -> db -> where('username', $username) -> where('locked_status = "yes" ') -> limit(1) -> get('users');
if ($q -> num_rows() > 0) {
// person locked
return $q -> row();
}
return false;
}
}