Login

10-12-2012, 11:51 AM

[eluser]dilawaiz[/eluser]
hello everyone. i'm a beginner and facing problem while redirecting user to relevant page according to its role . how can i check user group at login step ?
here is my code .

Code:
&lt;?php

    Class User extends CI_Model  {

        function login($username, $password)

        {

            $this->db->select('username,password');

            $this->db->from('account') ;

            $this->db->where('username = ' . "'" . $username . "'");

            $this->db->where('password = ' . "'" . $password . "'");

            $this->db->limit(1);

            $query= $this->db-> get();

         $result = $query->result_array(); 

            if($query->num_rows()==1)

            {

                return $result;

            }

                                        else

                                        {

                                            return false;

                                        }

        }

    }     

?&gt;

Code:
&lt;?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class VerifyLogin extends CI_Controller {

 function __construct()

 {

   parent::__construct();

  // $this->load->model('user','',TRUE);

 }

 function index()

 {

     $this->load->model('user','',TRUE);

   //This method will have the credentials validation

   $this->load->library('form_validation');

    $this->load->library('session');

   $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean');

   $this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|callback_check_database');

   if($this->form_validation->run() == FALSE)

   {

     //Field validation failed.&nbsp; User redirected to login page

      validation_errors();

     $this->load->view('error');

   }

   else

  {   

     //Go to private area

    redirect('home', 'refresh');

   }

 }

10-12-2012, 11:56 AM

[eluser]dilawaiz[/eluser]
right now im just redirecting any user to home page but now i need to create authorization. i have an account table and usergroup table in my db and foriegn key of usergroup lies in account table . if its value is one then user is admin and if 2 then its an ordinary user. how can i handle this check ?

10-12-2012, 12:56 PM

[eluser]skunkbad[/eluser]
Use my Community Auth, Ion Auth, or one of the many pre-built authentication solutions that are in the wiki.

10-13-2012, 02:06 AM

[eluser]dilawaiz[/eluser]
is there any video tutorial for ion auth ?

10-13-2012, 03:44 AM

[eluser]alexwenzel[/eluser]
What you are doing here:

Code:
$this->db->where('username = ' . "'" . $username . "'");

$this->db->where('password = ' . "'" . $password . "'");

Is a NO-GO. You totaly miss the whole codeigniter security concept.

http://ellislab.com/codeigniter/user-gui...urity.html

Escape all data before database insertion!!
Never insert information into your database without escaping it.

Please see the section that discusses queries for more information.

http://ellislab.com/codeigniter/user-gui...eries.html

Edit: Didn't see you are a beginner ^^ dont want to be rude.

03-24-2013, 03:20 AM

[eluser]ladooboy[/eluser]
@alexwenzel

Isn't everything automatically escaped when using active directory ?

Took this part from the guide:

"$this->db->where();

This function enables you to set WHERE clauses using one of four methods:

Note: All values passed to this function are escaped automatically, producing safer queries."

03-24-2013, 04:54 AM

[eluser]Rolly1971[/eluser]
your calls to $this->db->where should look more like this:

Code:
$this->db->where('username', $username);

$this->db->where('password', $password);

you can also pass an array to AR in the where call:

Code:
$this->db->where(array('username' => $username, 'password' => $password));

check out the user guide on active record. http://ellislab.com/codeigniter/user-gui...ecord.html