Login

wolfgang1983 · 07-18-2016, 11:47 PM

I am using password password_verify for my password to check if correct.

How ever I am entering the correct password but it keeps on returning false when submit form.

And it is getting the secured_password from database OK.

I am not sure why it keeps on returning false any suggestions?

PHP Code:
<?php

class Login_model extends CI_Model {

    private $customer_id;

    public function __construct() {
        parent::__construct();
    }

    public function login($username_or_email, $password) {
        if (password_verify($password, $this->secure_password($username_or_email))) {

            $this->db->where('username', $username_or_email);
            $this->db->or_where('email', $username_or_email);

            $customer_query = $this->db->get($this->db->dbprefix . 'customer');

            if ($customer_query->num_rows() == 1) {
                
                $customer_info = $customer_query->row_array();

                $this->customer_id = $customer_info['customer_id'];

                return true;
            
            } else {

                return false;

            }

        }
    }

    public function is_logged_in() {
        return $this->customer_id;
    }

    public function secure_password($username_or_email) {

        $this->db->where('username', $username_or_email);
        //$this->db->or_where('email', $username_or_email);

        $query = $this->db->get($this->db->dbprefix . 'customer');

        if ($query->num_rows() > 0) {

            $row = $query->row_array();

            return $row['password'];

        } else {

            return false;
        }
    }
} 

Controller

PHP Code:
<?php

class Login extends MX_Controller {
    
    public function __construct() {
        parent::__construct();
        $this->load->library('form_validation');
        $this->load->model('catalog/account/login_model');
    }

    public function index() {

        $this->form_validation->set_rules('username_or_email', 'Username Or Email', 'required');
        $this->form_validation->set_rules('password', 'Password', 'required');

        if ($this->form_validation->run() == false) {

            $data['header'] = Modules::run('catalog/common/header/index');
            $data['footer'] = Modules::run('catalog/common/footer/index');

            $this->load->view('account/login_view', $data);

        } else {

            $username_or_email = $this->input->post('username_or_email');
            $password = $this->input->post('password');

            $query = $this->login_model->login($username_or_email, $password);

            if ($query) {

                echo 'Success:: ' . $this->login_model->is_logged_in(); 

            } else {

                /* Testing code below Only */

                echo 'False:: ' . $this->login_model->secure_password($username_or_email);
            }
        }
    }
} 

Update: I have been trying to figure it out for some reason it does not like when I try to get my password from my database but when I hard code password in it works fine I think its some thing to do with model function any ideas?

PHP Code:
$username = $this->input->post('username');
$password = $this->input->post('password');
//$database_password = $this->login_model->secure_password($username);
$database_password = '$2y$10$QwzeK7iYqOkbyELLK57N2.Glo6MzgWn5vGFJHWRlehUhzB1lFom7K'; // Works fine copied from db

$verify = password_verify($password, $database_password);
                
if ($verify) {
   echo 'Hello';
} else {
   echo 'Not Working';
} 

PHP Code:
public function secure_password($username) {
$this->db->select('*');
$this->db->from($this->db->dbprefix . 'customer');
$this->db->where('username', $username);
$query = $this->db->get();
return $query->row()->password;
} 

Attached Files
.php

Login.php (Size: 1.06 KB / Downloads: 52)
.php

Login_model.php (Size: 1.12 KB / Downloads: 58)

There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!

gerney · 07-19-2016, 02:07 AM

Hello..

Is the value return by the secure_password() function is a hash password using php's password_hash() function?

**InsiteFX** · 07-19-2016, 04:43 PM

Try the below and see if it works, the hash needs to be within single quotes ''

PHP Code:
public function secure_password($username)
{
    $this->db->select('*');
    $this->db->from($this->db->dbprefix . 'customer');
    $this->db->where('username', $username);
    $query = $this->db->get();

    $row = $query->row_array();

    return $row['password'];
} 

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )

wolfgang1983 · 07-19-2016, 06:09 PM

(07-19-2016, 04:43 PM)InsiteFX Wrote: Try the below and see if it works, the hash needs to be within single quotes ''

PHP Code:
public function secure_password($username) { $this->db->select('*'); $this->db->from($this->db->dbprefix . 'customer'); $this->db->where('username', $username); $query = $this->db->get(); $row = $query->row_array(); return $row['password']; }

I have found the issue.

When the password has was inserted into the database there was a extra blank space been added.

I have now fixed that that was the issue.

Thank you all for help

There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!

**InsiteFX** · 07-20-2016, 03:36 AM

Yes the password_hash() method will truncate at the first null byte so you need to be very careful with that. I think this only happens with the BCRYPT.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )