• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
problem with password checking

#1
[eluser]Unknown[/eluser]
i am writing a controller like this in user login module.but here the password is not checking with the database.That means if any password will given it automatically login.So plz give me the suggestions.The controller code is like this


<?php
class Account extends Controller
{
function Account()
{
parent::Controller();
$this->load->library(array('form_validation', 'session'));
$this->load->helper(array('url', 'form'));
$this->load->model('account_model');
$this->_salt = "123456789987654321";
}
function index()
{
if($this->account_model->logged_in() === TRUE)
{
$this->dashboard(TRUE);
}
else
{
$this->load->view('account/details');
}
}
function dashboard($condition = FALSE)
{
if($condition === TRUE OR $this->account_model->logged_in() === TRUE)
{
$this->load->view('account/dashboard');
}
else
{
$this->load->view('account/details');
}
}
function login()
{
$this->form_validation->
set_rules('username', 'Username',
'xss_clean|required|callback_username_check');
$this->form_validation->
set_rules('password', 'Password',
'xss_clean|required|min_length[4]|max_length[12]|
sha1|callback_password_check');
$this->_username = $this->input->post('username');
$this->_password =
sha1($this->_salt.$this->input->post('password'));
if($this->form_validation->run() == FALSE)
{
$this->load->view('account/login');
}
else
{

$this->account_model->login();
$data['message'] =
"You are logged in! Now go take a look at the "
. anchor('account/dashboard', 'Dashboard');
$this->load->view('account/success', $data);
}
}
function register()
{
$this->form_validation->
set_rules('username', 'Username', 'xss_clean|required');
$this->form_validation->
set_rules('email', 'Email Address',
'xss_clean|required|valid_email|callback_email_exists');
$this->form_validation->set_rules('password', 'Password', 'xss_clean|required|min_length[4]|max_length[12]|matches[password_conf]|sha1');
$this->form_validation->
set_rules('password_conf', 'Password Confirmation',
'xss_clean|required|matches[password]');
if($this->form_validation->run() == FALSE)
{
$this->load->view('account/register');
}
else
{
$data['username'] = $this->input->post('username');
$data['email'] = $this->input->post('email');
$data['password'] =
sha1($this->_salt . $this->input->post('password'));
if($this->account_model->create($data) === TRUE)
{
$data['message'] =
"The user account has now been created! You can login "
. anchor('account/login', 'here') . ".";
$this->load->view('account/success', $data);
}
else
{
$data['error'] =
"There was a problem when adding your account to the database.";
$this->load->view('account/error', $data);
}
}
}
function logout()
{
$this->session->sess_destroy();
$this->load->view('account/logout');
}
function password_check()
{
$this->db->where('username', $this->_username);

$query = $this->db->get('users');
$result = $query->row_array();
if($query->num_rows() == 0)
{
$this->form_validation->
set_message('password_check', 'username not found!');

return FALSE;
}
if($result['password']==$this->_password);
{
return TRUE;
}

}
function user_exists($user)
{
$query = $this->db->get_where('users', array('username' => $user));
if($query->num_rows() > 0)
{
$this->form_validation->
set_message('user_exists',
'The %s already exists in our database, please use a different one.');
return FALSE;
}
$query->free_result();
return TRUE;
}
function email_exists($email)
{
$query = $this->db->get_where('users', array('email' => $email));
if($query->num_rows() > 0)
{
$this->form_validation->
set_message('email_exists',
'The %s already exists in our database, please use a different one.');
return FALSE;
}
$query->free_result();

return TRUE;
}
}
?>

#2
[eluser]InsiteFX[/eluser]
Maybe if you use code tags to wrap your code in that I might read your code!

InsiteFX

#3
[eluser]osci[/eluser]
[quote author="InsiteFX" date="1307068843"]Maybe if you use code tags to wrap your code in that I might read your code!

InsiteFX[/quote]

+1

#4
[eluser]cideveloper[/eluser]
Also don't post all your code. Only post the relevant sections. That is just lazy. Also you post every single line but I don't see a function that is called when calling "callback_username_check"

P.S. This is a fix for the question not the answer

Code:
<?php
class Account extends Controller
{
    function Account()
    {
        parent::Controller();
        $this->load->library(array('form_validation', 'session'));
        $this->load->helper(array('url', 'form'));
        $this->load->model('account_model');
        $this->_salt = "123456789987654321";
    }


    function login()
    {
        $this->form_validation->set_rules('username', 'Username','xss_clean|required|callback_username_check');
        $this->form_validation->set_rules('password', 'Password','xss_clean|required|min_length[4]|max_length[12]|sha1|callback_password_check');
        $this->_username = $this->input->post('username');
        $this->_password =sha1($this->_salt.$this->input->post('password'));

        if($this->form_validation->run() == FALSE)
        {
            $this->load->view('account/login');
        }
        else
        {
            $this->account_model->login();
            $data['message'] = "You are logged in! Now go take a look at the ". anchor('account/dashboard', 'Dashboard');
            $this->load->view('account/success', $data);
        }
    }


    function password_check()
    {
        $this->db->where('username', $this->_username);

        $query = $this->db->get('users');
        $result = $query->row_array();
        if($query->num_rows() == 0)
        {
            $this->form_validation->set_message('password_check', 'username not found!');
            return FALSE;
        }
        if($result['password']==$this->_password);
        {
            return TRUE;
        }
    }

}
?>


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.