Welcome Guest, Not a member yet? Register   Sign In
form/credentials validation
#1

[eluser]roguedogg[/eluser]
I'm having an issue getting this code right, it seems to be looping or something and causing my localhost to run out of memory. Can someone help by taking a look at this and recommending a fix. Here is the error I get:

Quote:Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 65488 bytes) in C:\xampp\htdocs\prop_mgr\system\libraries\Form_validation.php on line 341

Controller:
Code:
public function validate_credentials(){
  
  $this->load->library('form_validation');
  $this->form_validation->set_rules('email', 'Email', 'required|xss_clean|callback_validate_credentials');
  $this->form_validation->set_rules('pword', 'Password', 'required|md5');
  
  if ($this->form_validation->run()){
  
  $this->load->model('users_model');
  $query = $this->users_model->validate();
  
  
  
   $data = array(
    'email' => $this->input->post('email'),
    'fname' => 'Yahoo',
    'is_logged_in' => TRUE
   );
  
   $this->session->set_userdata($data);
   redirect('main/members_area');
  } else {
   $this->form_validation->set_message('validate_credentials', 'Incorrect Email/Password');
   $this->index();
  }
}

Model:
Code:
public function validate(){
  $this->db->where('email', $this->input->post('email'));
  $this->db->where('pword', md5($this->input->post('pword')));
  $query = $this->db->get('users');
  
  if($query->num_rows == 1){
   return true;
  } else {
   return false;
  }
}
#2

[eluser]yacman[/eluser]
My guess is that you are causing an infinite callback with form validation.
Code:
$this->form_validation->set_rules('email', 'Email', 'required|xss_clean|[b]callback_validate_credentials[/b]')

The callback_validate_credentials is calling this method recursively and is not needed.
#3

[eluser]roguedogg[/eluser]
Yes you're correct. I got rid of that and here is a my new code. Now what is going on is that it throws errors properly if I don't enter data in the form fields, however if I do it just reloads the form.

Code:
public function validate_credentials(){
  
  $this->load->library('form_validation');
  $this->form_validation->set_rules('email', 'Email', 'required|xss_clean');
  $this->form_validation->set_rules('pword', 'Password', 'required|md5');
  
  
  if($this->form_validation->run() == FALSE) {
   $this->index();
  } else {
  
  $this->load->model('users_model');
  $query = $this->users_model->validate();
  
  
  if($query){
   $data = array(
    'email' => $this->input->post('email'),
    'fname' => 'Yahoo',
    'is_logged_in' => TRUE
   );
  
   $this->session->set_userdata($data);
   redirect('main/members_area');
  } else {
       $this->index();
  }
}
}

*EDIT* OK so the reason it's loading the form again is it's going to the last else statement $this->index(); if I change this it then reflects the change when I enter data in the form. So it's not running the users_model section. Hmmmmmm???

*EDIT 2* OK so continuing my troubleshooting, I renamed my users_model.php and it throws the error that it can't find it, so it is infact running that bit of code, now the problem is I guess it's not getting anything back for $query?
#4

[eluser]yacman[/eluser]
I would change your model method to have a signature which accepts the email and pword from the controller like so

Code:
public function validate($email,$pword){
  $this->db->where('email', $email);
  $this->db->where('pword', $pword);
  $query = $this->db->get('users');
  
  if($query->num_rows == 1){
   return true;
  } else {
   return false;
  }
}

You are already prepping the pword with the md5 form validation setting.

Inside the controller, call it like this:
Code:
...
$pword = $this->form_validation->set_value('pword');
$email = $this->form_validation->set_vaule('email');

$query = $this->users_model->validate($email,$pword);
...

Using the form_validation->set_value method will provide you with the prepped/sanitized data.
#5

[eluser]roguedogg[/eluser]
I know my users_model.php validate function works, so the problem is within my validate_credentials controller function...argh!!

I tried your suggestion, here is the result and new code:

Fatal error: Call to undefined method CI_Form_validation:Confusedet_vaule()

Controller
Code:
public function validate_credentials(){
  
  $this->load->library('form_validation');
  $this->form_validation->set_rules('email', 'Email', 'required|xss_clean');
  $this->form_validation->set_rules('pword', 'Password', 'required|md5');
  
  if($this->form_validation->run() == FALSE) {

   $this->index();
  } else {
  
  $pword = $this->form_validation->set_value('pword');
  $email = $this->form_validation->set_vaule('email');
  
  $this->load->model('users_model');
  $query = $this->users_model->validate($email,$pword);
  
  if($query){
   $data = array(
    'email' => $this->input->post('email'),
    'fname' => 'Yahoo',
    'is_logged_in' => TRUE
   );
  
   $this->session->set_userdata($data);
   redirect('main/members_area');
  } else {

   $this->load->view('restricted');
  }
}
}

Model
Code:
public function validate(){

  $this->db->where('email', $email);
    $this->db->where('pword', $pword);
  $query = $this->db->get('users');
  
  if($query->num_rows == 1){
   return true;
  } else {
   return false;
  }
}
#6

[eluser]roguedogg[/eluser]
Ok so I think I have a work around solution based on your suggestions.

Controller:
Code:
public function validate_credentials(){
  
  $this->load->library('form_validation');
  $this->form_validation->set_rules('email', 'Email', 'required|xss_clean');
  $this->form_validation->set_rules('pword', 'Password', 'required|md5');
  
  if($this->form_validation->run() == FALSE) {
   $this->index();
  } else {
  
  $pword = $this->input->post('pword');
  $email = $this->input->post('email');
  
  $this->load->model('users_model');
  $query = $this->users_model->validate($email,$pword);
  
  
  if($query){
   $data = array(
    'email' => $this->input->post('email'),
    'fname' => 'Yahoo',
    'is_logged_in' => TRUE
   );
  
   $this->session->set_userdata($data);
   redirect('main/members_area');
  } else {
   $this->load->view('restricted');
  }
}
}

Model:
Code:
public function validate($email,$pword){

  $this->db->where('email', $email);
    $this->db->where('pword', $pword);
  $query = $this->db->get('users');
  
  if($query->num_rows == 1){
   return true;
  } else {
   return false;
  }
}

Now my question is...Is this OK OR are there inherit security issues?

Thanks for your help so far...BTW!!
#7

[eluser]yacman[/eluser]
Security is a broad subject which should be researched and understood by any systems designer. Research patterns to protect your information and systems, this goes beyond what you write in PHP to your server configurations, database configurations and most importantly the network you are hosted on.

With that in mind, I would suggest instead of rolling your own authentication security, utilize an off the shelf CI Library or Spark. These off the shelf libraries like Tank Auth use security patterns to salt and crypt passwords, and have security patterns for registration like only allowing a user to log in after they have validated their email address via a unique link.

You can use these libraries and class methods in your code,

In the end, Google for different authentication libraries CI has and see what meets your needs the best. If it's open source, you can just rip it apart and use what you want.
#8

[eluser]roguedogg[/eluser]
Perfect...I will do that. Thanks again for your help. As you probably could tell i'm about 5days into learning CI and i'm sure I have ALOT to learn :-)
#9

[eluser]yacman[/eluser]
Never stop learning! Understand, Retain and Apply that's all we do here in this world.




Theme © iAndrew 2016 - Forum software by © MyBB