[eluser]jvittetoe[/eluser]
i am trying to figure out the basic pipeline for a simple login process. users come to the home page, which loads the home controller and home view. the home view contains a simple form for logging in. when they submit, i load the login controller which loads the login model which queries the useraccounts table in my database. if the user exists the login model will load the users dashboard view, if the user doesnt exist or bad info, the login model will load the home view again. is this the proper pipeline? let me post my files.
home view
Code: <h2>Login In</h2>
<p>Fill out the form below to login to your account!</p>
<?php echo form_open('login');?>
<label for="username">Username</label><br />
<input type="text" name="username" id="username" /><br />
<label for="password">Password</label><br />
<input type="password" name="password" id="password" /><br />
<input type="submit" value="Login" />
</form>
Code: <?php
class Login extends Controller{
function Login(){
parent::Controller();
$this->load->helper( array('url', 'form') );
}
function index(){
$this->load->model('Login_model','', TRUE);
$this->load->view('dashboard'); //send user to their dashboard
}
}
?>
Code: <?php
class Login_model extends Model{
function Login_model(){
parent::Model();
}
function login($username = '', $password = ''){
if($user){
$sql = $this->db->query("SELECT * FROM useraccounts WHERE usernamr = $username and password = md5($password)");
if($sql->num_rows() > 0){
return true;
}
} else {
return false;
}
/*
var $username = $_POST['username'];
var $password = $_POST['password'];
$sql = "SELECT uuid ";
$sql .= "FROM useraccounts ";
$sql .= "WHERE username='$username' AND password=MD5('$password') ";
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
$uuid = $row['uuid'];
if($uuid > 0) {
session_start();
$_SESSION['logged_in'] = TRUE;
$data['title'] = "Welcome to MyFi ~ A Personal Finance Web Application // My Home";
$this->load->view('userHome', $data);
echo 'workeded';
echo $uuid;
echo $username;
echo $password;
}
else {
$this->load->view('login_v', $data);
echo 'brokeded';
echo $uuid;
echo $username;
echo $password;
}
*/
}
}
?>
these files are still pretty bare, i just want to amke sure im headed in the right direction and i have the basic concepts down. thanks.
[eluser]mk3[/eluser]
the pipeline seems allright at least for me, but where is the validation and error displaying ??? if sometimes I can get very irritated when my login is unsuccessful and I believe that i'm entenring everything correctly  . Always think about usability. How your program interacts with user
[eluser]jvittetoe[/eluser]
oh of course. i have yet to look into the built in ci validation. i will get there.  i guess my main concern is from the login controller, i will load the login model, which queries the db and then loads the proper view after success.
[eluser]mk3[/eluser]
At this moment i'm doing login system for my project also gone similar way as codeigniter.com forum login system  it seems the best solution for me. And no mixing fixing things MVC structure
[eluser]Colin Williams[/eluser]
Obviously, all the code isn't there, but I think you're on the right path. Although you definitely want to escape $username and $password before querying the database. Also, you should consider encrypting the passwords, whether it utilizes CI's encryption class, or uses md5/sha1. This will change your process a bit. The difference between the CI encryption class and md5/sha1 method is that you can decode passwords created through the encryption class. This means you can have passwords revealed back to users who forget. Otherwise, you have to do one-time login URLs or randomly generated passwords to get the user's password reset.
[eluser]jvittetoe[/eluser]
alright. ive gone through and read the user guide on validation and kinda just kept going. what im trying to do now is a registration form. im trying to submit the form inputs into my useraccounts table. here are my files.
signUp.php
Code: <?php
class SignUp extends Controller {
function SignUp(){
parent::Controller();
}
function index(){
$this->load->helper( array('url', 'form') );
$this->load->library('validation');
$rules['firstname'] ="trim|required|min_length[1]|max_length[20]";
$rules['lastname'] ="trim|required|min_length[1]|max_length[20]";
$rules['emailaddress'] ="trim|required|valid_email";
$rules['username'] ="trim|required|min_length[1]|max_length[20]|xss_clean";
$rules['password'] ="trim|required|matches[passconf]|md5";
$rules['passconf'] ="trim|required";
$this->validation->set_rules($rules);
$fields['firstname'] ='firstname';
$fields['lastname'] ='lastname';
$fields['emailaddress'] ='emailaddress';
$fields['username'] ='username';
$fields['password'] ='password';
$fields['passconf'] ='passconf';
$this->validation->set_fields($fields);
if($this->validation->run() == FALSE){
$this->load->view('signUp');
} else {
$this->load->model('actSignUp', '', TRUE);
$query = $this->actSignUp->addUser(
$this->input->post('firstname'),
$this->input->post('lastname'),
$this->input->post('emailaddress'),
$this->input->post('username'),
$this->input->post('password')
);
if($query){
$this->load->view('dashboard');
} else {
$this->load->view('signUp');
}
}
}
}
?>
Code: <?php
class actSignUp extends Model {
function actSignUp(){
parent::Model();
}
function addUser(){
$data = array(
'firstname' => $_POST['firstname'],
'lastname' => $_POST['lastname'],
'emailaddress' => $_POST['emailaddress'],
'username' => $_POST['username'],
'password' => $_POST['password']
);
$this->db->insert('useraccounts', $data);
}
}
?>
when i submit the form on the signUp page, it reloads the page and changes my password field from '***' to '********************************' (32) characters. is there something going wrong with md5?
[eluser]thurting[/eluser]
md5 encrypts any string into a 32 character hash. So, if you redisplay the password value after running it through md5 via the validator it will display this hash. The best thing to do is to not redisplay the password value when there is a submission error. It is standard practice to make the user reenter the password from scratch.
[eluser]jvittetoe[/eluser]
so your saying to remove the password and passconf from the set_fields($fields);
Code: //...
$fields['firstname'] ='firstname';
$fields['lastname'] ='lastname';
$fields['emailaddress'] ='emailaddress';
$fields['username'] ='username';
//...
ive also removed the
Code: //...
value="<?=$this->validation->password;?>"
value="<?=$this->validation->passconf;?>"
//...
from my signUp view form. it is still changing the value of my password field to 32 *'s...hmm
[eluser]jvittetoe[/eluser]
ok. my query is adding records to the table just fine. but it seems as though its breaking right after that.
Code: $this->load->model('actSignUp', '', TRUE);
$query = $this->actSignUp->addUser(
$this->input->post('firstname'),
$this->input->post('lastname'),
$this->input->post('emailaddress'),
$this->input->post('username'),
$this->input->post('password')
);
//I BELIEVE THE FOLLOWING IS NOT BEING RUN...OR QUERY IS FALSE AND THEREFOR LOADING THE SIGNUP VIEW INSTEAD OF THE DASHBOARD VIEW.
if($query){
$this->load->view('dashboard');
} else {
$this->load->view('signUp');
}
heres my model, ive added the line return TRUE, thinking that would return $query to be true. but that doesn't seem to fix the issue.
Code: function addUser(){
$data = array(
'firstname' => $_POST['firstname'],
'lastname' => $_POST['lastname'],
'emailaddress' => $_POST['emailaddress'],
'username' => $_POST['username'],
'password' => $_POST['password']
);
$this->db->insert('useraccounts', $data);
return TRUE;
}
any thoughts?
[eluser]Michael Ekoka[/eluser]
Usually when you don't have a debugger, you can use the echo and exit() function to trace where your application breaks. So in your case try this and let us know what gives:
Code: $this->load->model('actSignUp', '', TRUE);
echo '<br/>calling $this->actSignUp->addUser()';
$query = $this->actSignUp->addUser(
$this->input->post('firstname'),
$this->input->post('lastname'),
$this->input->post('emailaddress'),
$this->input->post('username'),
$this->input->post('password')
);
//I BELIEVE THE FOLLOWING IS NOT BEING RUN...OR QUERY IS FALSE AND THEREFOR LOADING THE SIGNUP VIEW INSTEAD OF THE DASHBOARD VIEW.
if($query){
exit('query is true or defined');
$this->load->view('dashboard');
} else {
exit('query is false, null or undefined');
$this->load->view('signUp');
}
also :
Code: function addUser(){
$data = array(
'firstname' => $_POST['firstname'],
'lastname' => $_POST['lastname'],
'emailaddress' => $_POST['emailaddress'],
'username' => $_POST['username'],
'password' => $_POST['password']
);
echo '<br/>calling $this->db->insert()';
$this->db->insert('useraccounts', $data);
echo '<br/>returning from addUser()';
return TRUE;
}
|
