Welcome Guest, Not a member yet? Register   Sign In
Best practice for Login/Password form validation errors?
#1

[eluser]Jakobud[/eluser]
I'm a newbie to CI but I love it so far. As I move forward into learning more about CI I want to try to stick with best practice coding techniques.

Right now, I'm making a basic login/password form for a database-driven website. When the user enters a username and password, the controller checks the values against the database and logs in the person if correct. Otherwise I want a login error to be displayed on the login view. This login error is what I'm trying to figure out.

The first thing I thought was to use the Form Validation library, because it automatically generates errors to display using the validation_errors() method in the view. But is this the correct approach? Seems like form validation library is used to determine stuff like "Is the username the minimum length" or "does the password match the password confirmation input" and stuff like that.

I just want to check the submitted values against whats in the database (which I know how to do) and then display an error back on the same login form view if it doesn't match up. Whats the best way to accomplish this?

I was thinking maybe just doing:
Code:
if ( validate_login() == false )
{
   $data['errorMsg'] = "Invalid Username";
   $this->load->view('login_view', $data);
}

And then displaying $errorMsg in the view... That seems kinda hacky though.

Anyone have a direction they could point me in or an example I could take a glance at? Is the form validation library the best approach?
#2

[eluser]danmontgomery[/eluser]
You can do it that way, but you would have to do the actual logging-in in the validation process (or access the database twice), which seems counter intuitive. IMO the validation library should be used to validate form input, not process it. I would use the validation library to set both fields as required, set the minimum length, any password rules (capital letters, special characters, etc), then handle the actual login processing in the user model.
#3

[eluser]Twisted1919[/eluser]
You can do it with form validation too , using callbacks , see user guide for this .
But usually , you need to run the validation against the data from database after the user passes the rules from form validation, so you would have something like :

Code:
if( $this->form_validation->run() == FALSE )
{
$data['error'] = validation_errors() ;
}
else
{
if( $this->class_or_model->auth($username,$password) == FALSE )
   {
   $data['error'] = 'Invalid credentials';
   }
else
   {
   //set the session and redirect .
   }
}

$this->load->view('your-view-with-login-form',$data);

//In your view you would have something like :
if( ! empty($error) ){
echo $error ;
}
Of course , there are allot of ways to do this one . Lately i use only ajax for working with forms , but the above code should make sense .
#4

[eluser]Jakobud[/eluser]
Ya, I was looking at the callbacks feature of the form validation, but which input would I have the custom callback for? The username or the password?
#5

[eluser]Twisted1919[/eluser]
Ah , i forgot , this requires a little hack using jquery too , my bad , so don't use callbacks , just use the form validation to be sure that you receive currect input from the user , then if so , compare the data your user provided with the one from database and if it's ok , let him in , else show the error .
My first code should be clear enough to help you with this .
#6

[eluser]Jakobud[/eluser]
Ya I get what you are saying. I suppose just passing an error message back to be displayed in the view is the right approach.

I would love to use the form validation library to show a custom error for this situation, but you are right: You typically check the username/password against the database AFTER the form validation has passed...

The only way I can see how to do it is to use a custom callback function for one of the inputs, but unfortunately then, the values you are checking against the database in that callback have not yet passed the form validation yet... Chicken or the Egg kinda thing I guess?




Theme © iAndrew 2016 - Forum software by © MyBB