[eluser]JHackamack[/eluser]
In summary:
Salts add on or randomize your password more than just md5. Because of the weakness of md5 people have "rainbow tables" which list every combination of word and some numbers easily md5. If they got a hold your database they would compare your file with the rainbow table. If you salt it, and keep the salt a secret, you have secured your data better than the average bear.
[eluser]JHackamack[/eluser]
if you want to see the "required" text, etc above each form value follow the example:
by using form_error and the name of the value
<?php echo form_error('username'); ?>
<input type="text" name="username" value="<?php echo set_value('username'); ?>" size="50" />
<h5>Password</h5>
<?php echo form_error('password'); ?>
<input type="text" name="password" value="<?php echo set_value('password'); ?>" size="50" />
[eluser]dadamssg[/eluser]
i know that using the mvc framework is designed to seperate things and keep them in order. I will be using multiple forms so i thought i would just use a controller to hold all of those form functions
[eluser]JHackamack[/eluser]
it is a good idea in theory to have all the login functions on one controller, and all the other functions their respective controllers, sometimes it doesn't work like that. What I would recommend is moving the index code of the "mains" and place that content in addition to the content you have in the login page. That would allow you to load the views in the login, and provide people a nice url to have bookmarked for login (sitename.com/login) Again, this really is up to you as to how you wish to use it, but it is generally frowned upon on using redirects with form validation and flash variables.
Another approach would be to keep the mains controller the way it is, post to the login controller and copy the mains content into the index function of the controller. That way the main page still works the same, the login page will only show on failure, the downside is you have two copies of the same code, which makes for some headaches when dealing with revisions.
[eluser]JHackamack[/eluser]
A few suggestions:
move: if(logged in)
{///load the login form in the header
$this->load->view('login_view', $data);
}
else
{//load the logged in portion with the profile/inbox/notification links
$this->load->view('logged_view', $data);
}
into your header_view file
so you don't have to deal with it every function (and makes changes easier)
Unless you're going to be doing alot with the login controller i wouldn't see the harm in moving the login function to the mains as long as everytime a user loges in they are always directed to the mains/index function (or something similar)