-
davy_yg
Senior Member
-
Posts: 307
Threads: 129
Joined: Nov 2014
Reputation:
-26
09-01-2016, 01:06 AM
(This post was last modified: 09-07-2016, 04:26 AM by davy_yg.)
Hello,
I am having trouble login eventhough I already input the correct username and password. I wonder why nothing happens after I input the username and password. Is there any other way to solve this problem so that I can login as usual ?
Gionda CMS Login
Username : [ username ]
Password : [ password ]
controllers/Cpages.php
PHP Code: public function ceklogin() {
$username = $this->input->post('username', TRUE);
$password = $this->input->post('password', TRUE);
$this->db->where('username', $username);
$this->db->where('password', $password);
$query=$this->db->get('login');
if ($query->num_rows() == 1)
{
// echo 'LOGIN BERHASIL !';
$this->load->model('Mpages');
$data['login']=$this->db->get('login');
$data['login'] = $this->Mpages->login();
$this->load->view('index', $data);
}
else
{
// echo 'LOGIN GAGAL !';
$data['warning']='Your username and password are wrong !';
$this->load->view('login', $data);
}
}
models/Mpages.php
PHP Code: public function add_user()
{
$data = array(
'username' => $this->input->post('username'),
'email' => $this->input->post('email'),
'password' => $this->input->post('password'),
'role' => form_dropdown('roles', $options, 'administrator')
);
return $this->db->insert('login', $data);
}
views/login.php
PHP Code: <?php $this->load->library('form_validation'); ?>
<?php echo validation_errors(); ?>
<?php echo form_open('cpages/ceklogin'); ?>
<div class="login-card">
<h2>Gionda CMS Login</h2><br>
<form>
<div class="login"><input type="text" name="username" placeholder="Username"></div>
<div class="login"><input type="password" name="password" placeholder="Password"></div>
<br>
<input type="submit" name="login" class="login login-submit" value="login">
</form>
<div class="login-help">
<a href="#">Register</a> • <a href="#">Forgot Password</a>
</div>
</div>
" If I looks more intelligence please increase my reputation."
-
Diederik
Senior Member
-
Posts: 299
Threads: 0
Joined: Jan 2015
Reputation:
20
09-01-2016, 03:04 AM
(This post was last modified: 09-01-2016, 03:05 AM by Diederik.)
Not trying to be blunt but considering your other questions here on the forum I believe you are not experienced enough to create a secure login.
PHP Code: $this->db->where('username', $username);
$this->db->where('password', $password);
For example, you are storing the password as plaintext in your database, this is bad practice. Always store a (salted) hash of the password and compare the hash of the user input to the stored hash.
I suggest you try to integrate an existing (and proven) solution like community auth or ion auth.
-
wolfgang1983
Senior Member
-
Posts: 627
Threads: 271
Joined: Oct 2014
Reputation:
7
09-01-2016, 03:27 AM
(This post was last modified: 09-06-2016, 04:20 AM by wolfgang1983.)
I agree with @ Diederik
I would use something like php password_hash the password column must be varchar 255
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/function.password-verify.php
Controller
Filename Example.php
PHP Code: <?php
class Example extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->library('form_validation');
$this->load->model('user_model');
}
public function index() {
// You can place the data variables above the form like here
$data['some_data'] = 'Hello';
$this->form_validation->set_rules('username', 'Username', 'trim|required');
$this->form_validation->set_rules('password', 'Password', 'trim|required|callback_validate[password]');
if ($this->form_validation->run() == false) {
$this->load->view('header'); // You can add the $data variable to header if you which to pass any thing through to header view.
$this->load->view('login', $data);
$this->load->view('footer');
} else {
// Set the session data
redirect('success_controller');
}
}
public function validate($str) {
$password = $str;
$stored_password = $this->user_model->stored_password($this->input->post('username'));
if (password_verify($password, $stored_password)) {
return true;
} else {
$this->form_validation->set_message('validate', 'Opps login is incorrect!');
return false;
}
}
}
Model
Filename: User_model.php
Also I have noticed you were still having form_dropdown() in your model function the form_dropdown() is for view out put do not have it in models read the user guide fully.
PHP Code: <?php
class User_model extends CI_Model {
public function add_user() {
$options = [
'cost' => 12,
];
$hash = password_hash($this->input->post('password'), , PASSWORD_BCRYPT, $options);
$data = array(
'username' => $this->input->post('username'),
'password' => $hash,
'email' => $this->input->post('email'),
'role' => $this->input->post('roles')
);
$this->db->set($data);
$this->db->insert('login');
}
public function getUser() {
$this->db->select('*');
$this->db->from($this->db->dbprefix . 'user');
$this->db->where('username', $username);
$query = $this->db->get();
if ($query->num_rows() > 0) {
return $query->row_array();
} else {
return false;
}
}
public function stored_hash($username) {
$this->db->select('password');
$this->db->from($this->db->dbprefix . 'user');
$this->db->where('username', $username);
$query = $this->db->get();
if ($query->num_rows() > 0) {
return $query->row()->password;
} else {
return false;
}
}
}
There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!
-
davy_yg
Senior Member
-
Posts: 307
Threads: 129
Joined: Nov 2014
Reputation:
-26
Thanks for advice about the secure login. I already add the secure login with hashing.
And I am still having trouble by passing the username and password so that I can login. I wonder why?
Can anyone help me out?
" If I looks more intelligence please increase my reputation."
-
wolfgang1983
Senior Member
-
Posts: 627
Threads: 271
Joined: Oct 2014
Reputation:
7
09-03-2016, 07:10 PM
(This post was last modified: 09-03-2016, 07:11 PM by wolfgang1983.
Edit Reason: spelling mistake
)
(09-03-2016, 06:20 AM)davy_yg Wrote: Thanks for advice about the secure login. I already add the secure login with hashing.
And I am still having trouble by passing the username and password so that I can login. I wonder why?
Can anyone help me out?
Make sure you are submitting to correct url use the form helper for form like form_open and form_close()
Also make sure you have your file and classes like https://codeigniter.com/userguide3/gener...ile-naming
And make sure you have set your base_url on config.php $config['base_url'] = 'http://localhost/yourprojectname/';
Maybe start of will smaller test projects so you can learn a bit more be for embarking on big projects
There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!
-
Paradinight
Senior Member
-
Posts: 445
Threads: 6
Joined: Jun 2015
Reputation:
25
(09-01-2016, 03:27 AM)wolfgang1983 Wrote: I agree with @Diederik
I would use something like php password_hash the password column must be varchar 255
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/function.password-verify.php
Controller
Filename Example.php
PHP Code: <?php
class Example extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->library('form_validation');
$this->load->model('user_model');
}
public function index() {
// You can place the data variables above the form like here
$data['some_data'] = 'Hello';
$this->form_validation->set_rules('username', 'Username', 'trim|required');
$this->form_validation->set_rules('password', 'Password', 'trim|required|callback_validate');
if ($this->form_validation->run() == false) {
$this->load->view('header'); // You can add the $data variable to header if you which to pass any thing through to header view.
$this->load->view('login', $data);
$this->load->view('footer');
} else {
// Set the session data
redirect('success_controller');
}
}
public function validate() {
$password = $this->input->post('password');
$stored_password = $this->user_model->stored_password($this->input->post('username'));
if (password_verify($password, $stored_password)) {
return true;
} else {
$this->form_validation->set_message('validate', 'Opps login is incorrect!');
return false;
}
}
}
Model
Filename: User_model.php
Also I have noticed you were still having form_dropdown() in your model function the form_dropdown() is for view out put do not have it in models read the user guide fully.
PHP Code: <?php
class User_model extends CI_Model {
public function add_user() {
$options = [
'cost' => 12,
];
$hash = password_hash($this->input->post('password'), , PASSWORD_BCRYPT, $options);
$data = array(
'username' => $this->input->post('username'),
'password' => $hash,
'email' => $this->input->post('email'),
'role' => $this->input->post('roles')
);
$this->db->set($data);
$this->db->insert('login');
}
public function getUser() {
$this->db->select('*');
$this->db->from($this->db->dbprefix . 'user');
$this->db->where('username', $username);
$query = $this->db->get();
if ($query->num_rows() > 0) {
return $query->row_array();
} else {
return false;
}
}
public function stored_hash($username) {
$this->db->select('*');
$this->db->from($this->db->dbprefix . 'user');
$this->db->where('username', $username);
$query = $this->db->get();
if ($query->num_rows() > 0) {
return $query->row()->password;
} else {
return false;
}
}
}
1. you code miss the rehash function.
http://php.net/manual/en/function.passwo...rehash.php
2.
$this->db->select('*'); <- you use only password, why get all userdata?
-
wolfgang1983
Senior Member
-
Posts: 627
Threads: 271
Joined: Oct 2014
Reputation:
7
(09-04-2016, 12:20 PM)Paradinight Wrote: (09-01-2016, 03:27 AM)wolfgang1983 Wrote: I agree with @Diederik
I would use something like php password_hash the password column must be varchar 255
http://php.net/manual/en/function.password-hash.php
http://php.net/manual/en/function.password-verify.php
Controller
Filename Example.php
PHP Code: <?php
class Example extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->library('form_validation');
$this->load->model('user_model');
}
public function index() {
// You can place the data variables above the form like here
$data['some_data'] = 'Hello';
$this->form_validation->set_rules('username', 'Username', 'trim|required');
$this->form_validation->set_rules('password', 'Password', 'trim|required|callback_validate');
if ($this->form_validation->run() == false) {
$this->load->view('header'); // You can add the $data variable to header if you which to pass any thing through to header view.
$this->load->view('login', $data);
$this->load->view('footer');
} else {
// Set the session data
redirect('success_controller');
}
}
public function validate() {
$password = $this->input->post('password');
$stored_password = $this->user_model->stored_password($this->input->post('username'));
if (password_verify($password, $stored_password)) {
return true;
} else {
$this->form_validation->set_message('validate', 'Opps login is incorrect!');
return false;
}
}
}
Model
Filename: User_model.php
Also I have noticed you were still having form_dropdown() in your model function the form_dropdown() is for view out put do not have it in models read the user guide fully.
PHP Code: <?php
class User_model extends CI_Model {
public function add_user() {
$options = [
'cost' => 12,
];
$hash = password_hash($this->input->post('password'), , PASSWORD_BCRYPT, $options);
$data = array(
'username' => $this->input->post('username'),
'password' => $hash,
'email' => $this->input->post('email'),
'role' => $this->input->post('roles')
);
$this->db->set($data);
$this->db->insert('login');
}
public function getUser() {
$this->db->select('*');
$this->db->from($this->db->dbprefix . 'user');
$this->db->where('username', $username);
$query = $this->db->get();
if ($query->num_rows() > 0) {
return $query->row_array();
} else {
return false;
}
}
public function stored_hash($username) {
$this->db->select('*');
$this->db->from($this->db->dbprefix . 'user');
$this->db->where('username', $username);
$query = $this->db->get();
if ($query->num_rows() > 0) {
return $query->row()->password;
} else {
return false;
}
}
}
1. you code miss the rehash function.
http://php.net/manual/en/function.passwo...rehash.php
2.
$this->db->select('*'); <- you use only password, why get all userdata?
Good idea on the select('password') but not sure if he would need rehash
There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!
-
davy_yg
Senior Member
-
Posts: 307
Threads: 129
Joined: Nov 2014
Reputation:
-26
09-06-2016, 12:07 AM
(This post was last modified: 09-06-2016, 01:48 AM by davy_yg.)
I wonder why not changing stored_hash name into something else like: call_password($username) { } - Will it works?
It has the same meaning right?
Code: public function stored_hash($username) {
$this->db->select('*');
$this->db->from($this->db->dbprefix . 'user');
$this->db->where('username', $username);
$query = $this->db->get();
if ($query->num_rows() > 0) {
return $query->row()->password;
} else {
return false;
}
}
" If I looks more intelligence please increase my reputation."
|
