Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Problem with user authentication
Problem with user authentication
  • El Forum
    Guest
  •  
#1
09-16-2009, 07:52 AM

[eluser]elof[/eluser]
First of all, hello! I'm a new CodeIgniter developer and this is my first post to the forums.

I've been making a community application, which is incredibly basic at the moment, but I've run into a problem when making a user authentication system, i.e. a login system. I know there are several authentication libraries like DX Auth for CI, but I'd like to try to make one myself before diving into separate libraries in order to gain some experience.

The login works like this:
- User enters username and password in a form, which is present on every page of the site (i.e. there is no static login page - there's a login bar on each page)
- Form sends data to a function named login
- Username and password are matched through a database
- If password is correct, the login function sets 2 session variables: logged_in => TRUE and username => submitted username
- User is redirected to the page they were previously on, using a hidden form field containing the previous url

Now, the problem is this: when the user logs in for the first time, nothing happens - they're redirected to the previous page as if it worked, but the session data is lost. If they log in again, it works fine and the user is successfully logged in. It's only on the first login after a cold boot (i.e. user visits the page for the first time after starting their browser) that it won't work.

I'm guessing that the session data is lost along the way, but I can't find why it's being lost... I've tried replacing the redirect (which is happening through the URL helper) with a simple "Go back." link on success, and even then the session data is lost.

I won't post the entire controller or the model, there's a bunch of stuff there unrelated to the problem, but here are the relevant functions:
Code:
function login() {
        $this->load->library('session');
        
        // Selects username from database and sees if submitted password matches stored password
        if(!$this->_password_check($this->input->post('username'), $this->input->post('password'))) {
            $error ="<p>Username or password incorrect.</p>";
            $this->load->view('head');
            $this->load->view('nav');
            $this->load->view('info');
            $this->load->view('login_view', array('error' => $error));
            $this->load->view('footer');
        } else {
            $this->session->set_userdata(array(
              'logged_in' => TRUE,
              'username'  => $this->input->post('username')
            ));
            redirect($this->input->post('current_url'));
        }
}

This function checks if the username and password match through a database
Code:
function _password_check($username, $password) {
        if(empty($username) || empty($password)) {
            return false;
        }
        $this->load->database();
        $this->load->library('encrypt');
        $query = $this->db->get_where('users', array('username' => $username), 1, 0);
        if($query->num_rows()> 0) {
            $result = $query->row_array();
            if($result['password_sha1'] == $this->encrypt->sha1($password)) {
                return true;
            }
        }
        return false;
}

I hope I'm not missing anything too obvious... any help will be much appreciated. Thanks!
  • El Forum
    Guest
  •  
#2
09-16-2009, 09:13 AM

[eluser]InsiteFX[/eluser]
Try this, also just after the php tag on top were your functions are add this ob_start();

Code:
redirect($this->input->post('current_url', 'refresh'));

Enjoy
InsiteFX
  • El Forum
    Guest
  •  
#3
09-16-2009, 09:29 AM

[eluser]elof[/eluser]
Thanks for the reply. Tried what you suggested, didn't work (I assume 'refresh' goes on the redirect method). It's still dropping the session data after the login, the very first time.
  • El Forum
    Guest
  •  
#4
09-16-2009, 10:08 AM

[eluser]InsiteFX[/eluser]
You could try this Auth Library it's the one I use.

Auth

Enjoy
InsiteFX
  • El Forum
    Guest
  •  
#5
09-16-2009, 10:16 AM

[eluser]jedd[/eluser]
Hey elof - quite sensible writing your own .. a wonderful learning experience (or so I'm learning at the moment myself Smile

You don't need a 'logged_in' flag -you can live with just the username - and unset it when the user logs out. Session data space can get a bit tight, so it's a good idea to try to minimise what you put in it there.

If I were local, and debugging this, I'd start spraying var_dumps everywhere, but rather than walk you through that process remotely ... I'd suggest you try wrapping a test around the outside of your current code, to see what happens. I don't think your assessment -- 'it's dropping the session data on the first attempt' -- is necessarily accurate, btw. Hence this kind of test.

Code:
function login() {
   $this->load->library('session');
        
   // Selects username from database and sees if submitted password matches stored password

   if ( !  $this->session->userdata('logged_in') )  {         // <---- this is the only change
        if(!$this->_password_check($this->input->post('username'), $this->input->post('password'))) {
            $error ="<p>Username or password incorrect.</p>";
            $this->load->view('head');
            $this->load->view('nav');
            $this->load->view('info');
            $this->load->view('login_view', array('error' => $error));
            $this->load->view('footer');
        } else {
            $this->session->set_userdata(array(
              'logged_in' => TRUE,
              'username'  => $this->input->post('username')
            ));
            redirect($this->input->post('current_url'));
        }
    }
}
  • El Forum
    Guest
  •  
#6
09-16-2009, 12:11 PM

[eluser]elof[/eluser]
Oh lord... just solved it. The issue was... wait for it... the &lt;form&gt;'s action attribute.

Replacing &lt;form action="/community/login" method="POST"&gt; with &lt;form action="http://www.example.com/community/login" method="POST"&gt; fixed it. I've no idea what was the problem - a local URL vs a full URL? Why would that cause something like that? I'd be glad if someone could enlighten me on this issue, because I've seriously no idea why that caused a problem in the first place.

Thanks to everyone who replied to the thread, I really appreciate it. You'll likely be hearing from me again if (... when) I run into more trouble.
  • El Forum
    Guest
  •  
#7
10-20-2009, 02:22 PM

[eluser]Unknown[/eluser]
I just run on same problem, and your solution works. I also used phpMiniAdmin. My controller used sessions from phpMiniAdmin, not from my app.
  • El Forum
    Guest
  •  
#8
03-26-2010, 11:11 AM

[eluser]123wesweat[/eluser]
i am having a same kind of problem.

In my case i am trying to log in from a iframe in a non CI enviroment, but the form action is CI-controller/login.

But the post data seems to be empty and i can't login. Here's my thread:
http://ellislab.com/forums/viewthread/150549/




Theme © iAndrew 2016 - Forum software by © MyBB