Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Login and validation using datamapper is this the correct way?
Login and validation using datamapper is this the correct way?
  • El Forum
    Guest
  •  
#1
05-15-2011, 04:52 PM

[eluser]Andy78[/eluser]
Ok iv created a basic registration and authentication controller and model. It seems to be working as I wanted so far but is this the best way to go about authenticating the username and passward using datamapper? look specifically at the validate_credential()function in the model. Also I dont want to use datamappers own validation and would rather stick to codeigniters standard validation. Here is my controller then the model

Code:
class Login extends CI_Controller {
    
    function index(){
        
        $data['main_content'] = 'login_form';
        $this->load->view('includes/template', $data);
    }
    
    
  function validate_credentials()
      {        
          // Create user object
          $u = new Member();
          
          // Put user supplied data into user object
          $u->username = $this->input->post('username');
          $u->password = $this->input->post('password');
          
          
          if ($u->validate_credential()) // if the user's credentials validated...
          {
              $data = array(
                  'username' => $this->input->post('username'),
                  'is_logged_in' => true
              );
              $this->session->set_userdata($data);
              redirect('site/members_area');
          }
          else // incorrect username or password
          {
               //Show the custom login error message
                  echo('Did not work').'</p>';
          }
      }

    
    function signup()
    {
        $data['main_content'] = 'signup_form';
        $this->load->view('includes/template', $data);
    }
    
    function create_member()
    {        
        
        $this->load->library('form_validation');
        
    //     field name, error message, validation rules
        $this->form_validation->set_rules('first_name', 'Name', 'trim|required');
        $this->form_validation->set_rules('last_name', 'Last Name', 'trim|required');
        $this->form_validation->set_rules('email_address', 'Email Address', 'trim|required|valid_email');
        $this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[4]');
        $this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[4]|max_length[32]');
        $this->form_validation->set_rules('password2', 'Password Confirmation', 'trim|required|matches[password]');
        
        
        if($this->form_validation->run() == FALSE)
        {
            $this->load->view('signup_form');
        }
        
        else
        {            
//             Create user object
            $user = new Member();
            
            $user->first_name = $this->input->post('first_name');
            $user->last_name = $this->input->post('last_name');
            $user->email_address = $this->input->post('email_address');
            $user->username = $this->input->post('username');
            
            //Hash entered password
            $password = sha1($this->input->post('password'));
            
            //Create random hashed salt
            $salt = $user->unique_salt();
            
            //store random hashed salt and hashed password as the users password
            $user->password = sha1($salt . $password);
            
            //store the hashed salt with the user
            $user->salt = $salt;
            
            //save user details to the database
            if($user->save())
            {
                $data['main_content'] = 'signup_successful';
                $this->load->view('includes/template', $data);
            }
            else
            {
        //          Show all error messages
            echo '<p>' . $user->error->string . '</p>';
                    
            }
        }
        
    }
}

The model (datamapper model)

Code:
class Member extends DataMapper {

    // Optionally, don't include a constructor if you don't need one.
    function __construct($id = NULL)
    {
        parent::__construct($id);
    }

    // Optionally, you can add post model initialisation code
    function post_model_init($from_cache = FALSE)
    {
    }
    
    function validate_credential()
    {
       $username = $this->username;
       $pword = sha1($this->password);
      
       // Create a temporary user object
        $u = new Member();
        
        // Get this users stored record via their username
        $u->where('username', $username)->get();
        
        // Get users stored salt
        $salt = $u->salt;

        // Create a temporary user object
        $user = new Member();
        
        //Rebuild password
        $password = sha1($salt . $pword);
        
        //find user in database
        $user->where('username', $username);
        $user->where('password', $password);
        $user->get();
        
        
         // If there was no matching record, this user would be completely cleared so their id would be empty.
        if ($user->exists())
        {
            // Login succeeded
            return TRUE;
        }
        else
        {
            // Login failed, so set a custom error message
            $this->error_message('login', 'username or password invalid');

            // restore username for login field
            $this->username = $username;

            return FALSE;
        }  
    }
  
  // generates a 22 character long random string as salt
    function unique_salt() {

       return substr(sha1(mt_rand()),0,22);
    }          
    
}

/* End of file name.php */
/* Location: ./application/models/name.php */
  • El Forum
    Guest
  •  
#2
05-16-2011, 11:18 AM

[eluser]Andy78[/eluser]
no advice? anyone?
  • El Forum
    Guest
  •  
#3
05-16-2011, 02:55 PM

[eluser]jerry01[/eluser]
i don't even understand the problem.

i'm also looking at registration and authentication.
  • El Forum
    Guest
  •  
#4
05-16-2011, 03:19 PM

[eluser]Andy78[/eluser]
There is no problem Im just asking if this is the correct way to go about it using datamappper
  • El Forum
    Guest
  •  
#5
05-16-2011, 03:40 PM

[eluser]WanWizard[/eluser]
I don't understand your statement about validation.

If you do the validation in your model, all validation happens centrally, and your controller code would be much cleaner. Now everywhere you use this model, you have to do validation. Repeating code is bad practice.

And I would rewrite validate_credentials() like this. No need to create all the extra objects, that is expensive and should be avoided.
Code:
function validate_credential()
    {
       $username = $this->username;
       $pword = sha1($this->password);
      
        // Get this users stored record via their username
        $this->where('username', $username)->get();

        // Did we find this user?
        if ( $this->exists() )        
        {
            //check the password
            if ( $this->password = sha1($this->salt . $pword) )
            {
                return TRUE;
            }
        }

        // Login failed, so set a custom error message
        $this->error_message('login', 'username or password invalid');

        // reset the object
        $this->clear();

        // restore username for login field
        $this->username = $username;

        return FALSE;
    }
  • El Forum
    Guest
  •  
#6
05-16-2011, 05:36 PM

[eluser]Andy78[/eluser]
Thanks that's magic! That is exactly what I was looking.. I'm finding it hard to understand ORM at times ...but that makes sense.




Theme © iAndrew 2016 - Forum software by © MyBB