Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Problems validating log in when md5 is used, help!
Problems validating log in when md5 is used, help!
  • El Forum
    Guest
  •  
#1
05-25-2010, 03:28 AM

[eluser]mindSmile[/eluser]
It's my first time posting here and I'm pretty new to CI. I've been working on a simple log in form that will redirect to a members area once the entered username and password are matched to a pair in the database.

Here's the model:
Code:
<?php

class Members_model extends Model{

    function validate()
    {
        $this->db->where('username', $this->input->post('username'));
        $this->db->where('password', md5($this->input->post('password')));
        $query = $this->db->get('members');
        
        if($query->num_rows == 1)
        {
            return true;
        }
    }
    function create_account(){
        $new_member_insert_data = array(
            'username' => $this->input->post('username'),
            'email' => $this->input->post('email'),
            'password' => md5($this->input->post('password'))
        );
        
        $insert = $this->db->insert('members', $new_member_insert_data);
        return $insert;
    }

}

And here's the relevant part of the controller:
Code:
<?php

class Login extends Controller {function validate_credentials(){
        
        $this->load->model('members_model');
        $query = $this->members_model->validate();
        
        if($query){
            $data = array(
                'username' => $this->input->post('username'),
                'is_logged_in' => true
            );
            $this->session->set_userdata($data);
            redirect('members/index');
        }    else    {
            echo 'Incorrect! Sorry!';
            $this->index();
        }

    }

If I take away the md5 it will log in fine (with an unencrypted password both at creation and at login). And I've tried both inserting the record into the database in phpMyAdmin and selecting the md5 function as well as entering the info into the sign up form. If anyone sees why the md5 is making me unable to log in, please let me know. I've already mentally and emotionally prepared myself to be told I'm missing one itsy bitsy little thing and feel silly for pulling my hair out. Appreciate any help! Thanks!
  • El Forum
    Guest
  •  
#2
05-25-2010, 03:43 AM

[eluser]WanWizard[/eluser]
I assume your database field is big enough to store the MD5 hash ( CHAR(32) )?

Add an 'echo $new_member_insert_data;' in your create method, and compare the values to what's stored in the database.
  • El Forum
    Guest
  •  
#3
05-25-2010, 03:49 AM

[eluser]mindSmile[/eluser]
Ha! I should've known. An evil fairy nymph limited my password length to 30 instead of 32 for some unknown reason. Back to not pulling my hair out over something silly =)
  • El Forum
    Guest
  •  
#4
05-26-2010, 04:03 PM

[eluser]vitoco[/eluser]
Just a few comments
- get the post and uri data in the controller, pass only values ( with some validation an cleanup ) as parameters to model. That way you can use the same model/function in many controllers...independently that the origin of the data.

[quote author="mindSmile" date="1274797729"]

Code:
<?php

class Members_model extends Model{

    function validate( $username , $password )
    {
        $this->db->where('username', $username );
        $this->db->where('password', $this->hash_password( $password ) );
        $query = $this->db->get('members');
        
        if($query->num_rows == 1)
        {
            return true;
        }

        // ALSO RETURN IN CASE OF NOT GETTING SUCCESS
        return false ;
    }
    function create_account( $username , $email , $password ){
        $new_member_insert_data = array(
            'username' => $username ,
            'email' => $email ,
            'password' => $this->hash_password( $password )
        );
        
        $insert = $this->db->insert('members', $new_member_insert_data);
        return $insert;
    }
    
    function hash_password( $password )
    {
        // OR SHA1 with a $jump string to invalidate MD5 o SHA1 databases
        return md5( $password );
    }

}
Code:
class Login extends Controller {

     function validate_credentials()
     {
        
        $this->load->model('members_model');
        // GET DATA FROM POST
        $username = $this->input->post('username');
        $password = $this->input->post('password');
        // SOME VALIDATION HERE
        //
        $query = $this->members_model->validate( $username , $password );
        
        if($query)
        {
            $data = array(
                'username' => $username ,
                'is_logged_in' => true
            );

            $this->session->set_userdata($data);
            //
            redirect('members/index');
        }
        else
        {
            echo 'Incorrect! Sorry!';
            $this->index();
        }

    }

i think SHA1 ( in case you use it ) takes more chars

Saludos




Theme © iAndrew 2016 - Forum software by © MyBB