• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Simple user login - How to set errors after validation is ran

#1
[eluser]Medikal[/eluser]
Hey guys, I've managed to get a simple registration working, I'm using sha256 encryption against a password.salt combination, their user-specific salt is stored in the database and then added onto their post password to verify, though that's a bit off topic since that bit works.

My code is posted below, and well the main issue is it doesn't set an error up if something is wrong. As you can see if the user doesn't exist, if the password is wrong, I want the same error to be pretty vague for security reasons. The entire script is function since it echos nothing if it's wrong, and echos valid if it's valid. So just need help with the error setting, thanks guys!

Code:
// Set parameters for registration
        $this->form_validation->set_rules("username", "Username", "required|min_length[4]|max_length[20]");
        $this->form_validation->set_rules("password", "Password", "required|min_length[6]|max_length[16]");

        // If the form validation runs, or it hasn't been submitted yet
        if ($this->form_validation->run() == FALSE)
        {
            $template['mainContent'] = "login_view";
            $this->load->view("layout", $template);
        } else {
            $specificSalt = $this->db->get_where(USERS, array("username" => $this->input->post("username")), 1);
            $specificSalt = $specificSalt->row_array();
            // If no result for that username...
            if (empty($specificSalt))
            {
                $this->form_validation->set_message("failedAttempt", "Login attempt failed, Invalid username or password.");
            } else {
                $this->db->where("password", $this->user->saltPassword($this->input->post("password"), $specificSalt["salt"]));
                $this->db->from(USERS);
                $validInfo = $this->db->count_all_results();

                if ($validInfo==0)
                {
                   $this->form_validation->set_message("failedAttempt", "Login attempt failed, Invalid username or password.");
                } elseif ($validInfo==1) {
                    // set session
                    echo "valid";
                }
            }
        }

#2
[eluser]Cristian Gilè[/eluser]
Hi Medikal,

when you set the message error form validation is already run so validation_errors is empty.

Why not create two callback one for username and one for password?
Code:
function salt_check($str)
{    
    $specificSalt = $this->db->get_where('USERS', array("username" => $str), 1);
    $specificSalt = $specificSalt->row_array();
    // If no result for that username...
    if (empty($specificSalt))
    {
        $this->form_validation->set_message("salt_check", "Login attempt failed, Invalid username or password.");
        return FALSE;
    }
    return TRUE;
}

and put it in the username rules:

Code:
$this->form_validation->set_rules("username", "Username", "required|min_length[4]|max_length[20]|callback_salt_check");

Create a similar callback for the password field.

Now, your code is more clean.

You can put these rules in your form validation library if you want reusable code.

#3
[eluser]Unknown[/eluser]
After the validation is ran, I set a variable inside the form_validation property:

Code:
$this->form_validation->_my_custom_error_list['my_error_element'] = 'My Info';

Then, in the place I need to print my error, I evaluate if that variable exists:

Code:
if( isset( $this->form_validation->_my_custom_error_list['my_error_element'] ) ) {
    echo '<span class="error">my_error_element has an error!!!</span>';
}

Not a nice way, but it solved my problem.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.