Issue with my 'Sign in' script

[eluser]invision[/eluser]
Hi,

I seem to have an odd issue with my 'Sign in' script.

I've been tearing my hair out over this most of this evening (and most of the weekend).

This works:

Code:

function signin_verify(){
  
      $this->load->library('encrypt');
                              
      if ($this->input->post('email')){                                
              
          $e = $this->input->post('email');
          $pw = $this->input->post('password');
          $row = $this->MAdmins->verifyUser($e,$pw);
          
          if (count($row)){
              $_SESSION['userid'] = $row['id'];
              redirect('form/','refresh');
              
          } else {  
              
              redirect('form/signin','refresh');
          }
          
      } else {
      
        $this->session->set_flashdata('error',"Please enter your email address");
          redirect('form/signin','refresh');  
      }  
  
  }

However, this doesn't work:

Code:

function signin_verify(){
  
      $this->load->library('encrypt');
      $this->load->library('form_validation');

      $this->form_validation->set_rules('email', 'Email Address', 'trim|required|valid_email');
      $this->form_validation->set_rules('password', 'Password', 'trim|required|md5');
          
      if($this->form_validation->run() == FALSE)
      {            
          $data['title'] = "Sign in";
          $data['main'] = 'public_signin';
          $this->load->vars($data);
          $this->load->view('template');
      }
      else
      {                              
              
          $e = $this->input->post('email');
          $pw = $this->input->post('password');
          $row = $this->MAdmins->verifyUser($e,$pw);
          
          if (count($row)){
              $_SESSION['userid'] = $row['id'];
              redirect('form/','refresh');
              
          } else {  
              
              redirect('form/signin','refresh');
          }
       }
  }

When I say it doesn't work, it gives me the message 'Sorry, try again'.

AFAIK there's nothing really different between the two scripts other than using form_validation.


For reference, here is my MAdmins Model:

Code:

function verifyUser($e,$pw){
        $this->db->select('id,email');
        $this->db->where('email',$e);
        $this->db->where('password', md5($pw));
        $this->db->where('status', 'active');
        $this->db->limit(1);
        $Q = $this->db->get('users');
        $this->session->set_userdata('lastquery', $this->db->last_query());
        if ($Q->num_rows() > 0){
            $row = $Q->row_array();
            return $row;
        }else{
            $this->session->set_flashdata('error', 'Sorry, try again!');    
            return array();
        }        
    }

I'm really stuck and would super appreciate some assistance with this.


Many thanks

[eluser]danmontgomery[/eluser]
You can get form_validation errors with validation_errors(), might be a good place to start.

http://ellislab.com/codeigniter/user-gui...rreference

[eluser]Bas Vermeulen[/eluser]
Hi, did you create the md5 check for the form validation lib?

The password send by post has to be a md5 string according to your form validation rules...? Do you use javascript for pre-post-encryption? Does the postdata really contain a md5 hashed pw? I think it does, because the error you get is from the model function which is only loaded if it passed your form validation. But then you do $this->db->where('password', md5($pw)); in your model. So if I'm correct you md5 hash the md5 hashed password? Looks like it returns 0 because the password in the database is hashed with a single md5? Try $this->db->where('password', $pw); does that work?

[eluser]invision[/eluser]
Thanks for the reply guys.

My form validation now reads:

Code:

$this->form_validation->set_rules('email', 'Email Address', 'trim|required|valid_email');
      $this->form_validation->set_rules('password', 'Password', 'trim|required');

and it logs me in successfully

So no md5 in use.



Basically, we're all working super duper now after removing the md5. Wooop!


Thanks again Bas, who'd've thunk it be such a simple fix

[eluser]Bas Vermeulen[/eluser]
You're welcome, glad it works now!

[eluser]invision[/eluser]
A quick follow-up if it's ok

I have a similar script where I'm letting users comment on my music reviews.

In my Controller, I have:

Code:

function addcomment(){
  
      $this->load->library('form_validation');

      $this->form_validation->set_rules('comment_body', 'Comments', 'trim|required');
  
      if($this->form_validation->run() == FALSE)
      {                
           redirect('review/post/'.$this->input->post('post_id'));
      }
      else
      {  
            $this->MComments->addComment();
          redirect('review/post/'.$this->input->post('post_id'), 'refresh');
      }
  }

Again, if I add text and submit it adds perfectly.
If I don't add text, I don't get an error message It just shows the page again.



Here is my View for reference:

Code:

<?php
echo auto_typography($post['body']);
?>


<h3>Comments</h3>
&lt;?php
if (count($comments)){
    foreach ($comments as $key => $list){
        echo "<p><b>Comment by ".$list['name'].":</b></p>\n";
        echo auto_typography($list['comment_body']);
    }
    echo "<br/>";
}

if (isset($_SESSION['userid'])) {

?&gt;
&lt;?php if(!empty($this->form_validation->_error_array)):?&gt;
    <div class="error">
        &lt;?php echo validation_errors(); ?&gt;  
    </div>  
&lt;?php endif; ?&gt;

<div class="form-container">

  &lt;?php
  echo form_open("review/addcomment");
  ?&gt;
  <fieldset>
    <legend>Add your own comment about &lt;?php echo $post['title']; ?&gt;:</legend>
        
    <div>
    &lt;?php
    echo form_label('Your Comment','comment_body');
    $data = array('name'=>'comment_body','id'=>'comment_body','rows'=>5, 'cols'=>'30');
    echo form_textarea($data);
    ?&gt;      
    </div>
    
    <div class="buttonrow">
    <p>
      &lt;?php
      echo form_hidden('post_id',$post['id']);
      echo form_submit('submit','Add Comment');
      ?&gt;  
    </p>
    </div>        
  </fieldset>
  &lt;?php
  echo form_close();
  ?&gt;

</div>

&lt;?php
} // end session check
else
{

echo '<div class="warning">Please <a href="/index.php/form/signin/" style="background:none">sign in</a> to post a comment for this review</div>';

}
?&gt;

<p>&nbsp;</p>
<p>&nbsp;</p>

Many thanks for any helpers.

[eluser]Bas Vermeulen[/eluser]
It's because you do a redirect, a whole new page request with no post data or form validation errors. If you really want to do a redirect you should set the form validation errors as flashdata before the redirect and check/display the flashdata in your view. I would prefer to just load the method of the comments view page (I guess that's in the same controller?):

Code:

function addcomment(){
  
      $this->load->library('form_validation');

      $this->form_validation->set_rules('post_id', 'post_id', 'required|numeric');
      $this->form_validation->set_rules('comment_body', 'Comments', 'trim|required');
  
      if($this->form_validation->run() == FALSE)
      {                
            $this->viewcomment($this->input->post('post_id')); // or w/e you called it ;)
      }
      else
      {  
            $this->MComments->addComment();
            $this->viewcomment($this->input->post('post_id'));
      }
  }

I also added a validation rule for the post_id, I think it's good practice to always validate all incoming postdata, even if it's a hidden input and you set the value's yourself. People can spoof forms and do bad things


Also a little update in the view which I recently learned myself:

Code:

<?php if(!empty($this->form_validation->_error_array)):?>
    <div class="error">
        &lt;?php echo validation_errors(); ?&gt;  
    </div>  
&lt;?php endif; ?&gt;

The following works as well (shorter & cleaner):

Code:

<?php if(validation_errors()):?>
    <div class="error">
        &lt;?php echo validation_errors(); ?&gt;  
    </div>  
&lt;?php endif; ?&gt;

Good luck!

[eluser]invision[/eluser]
Wow. I really need to do more CodeIgniter. You did a great job cleaning things up

Actually right now for showing comments I just use View:

Code:

if (count($comments)){
    foreach ($comments as $key => $list){
        echo "<p><b>Comment by ".$list['name'].":</b></p>\n";
        echo auto_typography($list['comment_body']);
    }
    echo "<br/>";
}

with the Controller

Code:

function post($id){
    $data['post'] = $this->MPosts->getPost($id);
    $data['comments'] = $this->MComments->getComments($id);
    $data['title'] = "Review of ".$data['post']['title'];
    $data['main'] = 'public_post';
    $this->load->vars($data);
    $this->load->view('template');  
  
  }

How would you suggest I try the viewcomment function?

[eluser]Bas Vermeulen[/eluser]
Oh, and another quick tip: I usually do the form validation in a separate method ie _comment_validate() and run the following:

Code:

if ($this->_comment_validate() === FALSE) {
    // Do stuff here
}

I do it like this because now I can re-use the validation, for example if you want to add an edit comment method you can simply use the same validation script

[eluser]Bas Vermeulen[/eluser]
I think the $this->viewcomment($this->input->post('post_id')); I mentioned would be $this->post($this->input->post('post_id')); in your case. I never do $this->load->vars($data); in my controllers but just $this->load->view('template', $data); instead of $this->load->view('template');