Cleaning up reset password module

[eluser]RalphLeMouf[/eluser]
btw I got rid of the first error because I forgot to take out $data in this function in the controller after I took it out of the model

public function reset_password()

[eluser]RalphLeMouf[/eluser]
the name of the model is user_model

and here is the code in the class user_model

Yes, it's the user_model
class User_model extends CI_Model {

/**
* Constructor
*/
function __construct()
{
// Call the Model constructor
parent::__construct();
}

//CREATE SALT
public function _salt( $length = 32 )
{
// Load the string helper
$this->load->helper('string');

// Return the random string
return random_string('alnum', $length);

}

//CHECK THE EMAIL THE USER ENTERED TO RESET THEIR PASSWORD AGAINST THE MATCHING ONE IN THE DB
public function validate_retrieve($data) {

$query = $this->db->where($data)->get('users', '1');

foreach ($query->result() as $user)
{
$user->email;
$user->salt;
$user->id;

}

$reset_token = array(
'token' => sha1($user->email.$user->salt).dechex($user->id),
'email' => $user->email
);

$insert = $this->db->insert('reset', $reset_token, '1');
return $reset_token;
}

public function reset_password()
{
$salt = $this->_salt();
$query = $this->db->get('reset', 1);

foreach ($query->result() as $row)
{
echo $row->token;
echo $row->email;
echo $row->id;

}

$data = array(
'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1($this->input->post('password'))),
'salt' => $salt
);
$this->db->where('email', $row->email);
$this->db->update('users', $data);
}

//CHECK USERS ENTERED INFO AGAINST WHAT IS STORED IN THE DB TO SIGN IN TO VIA LOGIN VIEW
public function validate($data)
{
// TAKING THE DATA FROM THE MODEL AND CHECKING IT AGAINST THE STORED INFO IN THE DB
$query = $this->db->where($data)->get('users', '1');

if($query->row())
{
return $query->row();
}
}

//CHECK USERS ENTERED INFO AGAINST WHAT IS STORED IN TEH DB TO SIGN IN VIA HOME PAGE VIEW
public function validate_home_login($data)
{
// TAKING THE DATA FROM THE MODEL AND CHECKING IT AGAINST THE STORED INFO IN THE DB
$query = $this->db->where($data)->get('users', '1');

if($query->row())
{
return $query->row();
}
}

//CONFIRM USER AS A MEMEBER AND MARK THEIR PENDING STATUS TO ACTIVE IN THE DB
public function validate_confirm($data)
{
// TAKING THE DATA FROM THE MODEL AND CHECKING IT AGAINST THE STORED INFO IN THE DB
$query = $this->db->query('SELECT * FROM users order by id desc LIMIT 1');
foreach ($query->result() as $user){
$data = array(
'status' => 'active'
);

$this->db->where('id', $user->id);
$this->db->update('users', $data);

}

}

//INSERTING NEW MEMBERS CRITERIA IN THE DB
public function create_member()
{
$salt = $this->_salt();
$this->load->library('encrypt');
$new_member_insert_data = array(
'first_name' => $this->input->post('first_name'),
'last_name' => $this->input->post('last_name'),
'email' => $this->input->post('email'),
'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1($this->input->post('password'))),
'salt' => $salt,
'status' => 'pending'
);

$insert = $this->db->insert('users', $new_member_insert_data);
return $insert;
}

}

[eluser]apodner[/eluser]
//MODEL

Code:

class user_model extends CI_Model
{

/**
* Check to see if the token exists in the database
*/
public function verify_token($token)
{
  $this->db->where('token', $token);
  $query = $this->db->get('reset');
  if ($query->num_rows == 1) {
      $row = $query->row();
      $this->id = $row->id;
      $this->email = $row->email;
      $this->token = $row->token;
      return true;
  } else {
      return false;
  }
}

public function reset_password()
   {
    $salt = $this->_salt();
    $query = $this->db->get('reset', 1);
    foreach ($query->result() as $row)
    {
     echo $row->token;
     echo $row->email;
     echo $row->id;

    }

    $data = array(
                   'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1($this->input->post('password'))),
                   'salt' => $salt
                );
    $this->db->where('email', $row->email);
    $this->db->update('users', $data);
   }

}

// CONTROLLER

Code:

public function reset_password($data)
  {
   $this->load->library('form_validation');
   $this->load->library('session');
   $this->load->model('user_model', 'um');
   $this->load->library('encrypt');
   $this->load->helper('url');
   $this->form_validation->set_rules('password', 'Password', 'trim|required');
   $this->form_validation->set_rules('password2', 'Confirm Password', 'trim|required|matches[password]');
   $salt = $this->_salt();
   $submit = $this->input->post('submit');
//I AM TRYING TO GET THE TOKEN IN THE URL THAT IS SENT WITH THE LINK TO COMPARE TO THE TOKEN IN THE RESET DATABASE THAT THE USERS EMAIL IS ASSOCIATED WITH ( via $this->um->token in the below if statement)
   $token = $this->input->get('token');
  
   if($submit)
   {
    $validToken = $this->um->verify_token($token);  //this checks to make sure the token exists, and if it does, it is loaded into class properties
    if($this->form_validation->run() == TRUE && $validToken == TRUE)
    {

    //thinking you will get an error from here.
    $this->um->reset_password(array('password' => $this->input->post('password', $salt)));
    $data['main_content'] = 'auth/success';
    $this->load->view('includes/templates/home_page_template', $data);

    }
    $this->form_validation->run() == FALSE;
   }
  }

[eluser]apodner[/eluser]
Now that I have seen your whole model, I want to make a couple of revisions to what I told you previously. See below. This should get you much much closer.

//CONTROLLER

Code:

public function reset_password()
{
   $this->load->library(array('form_validation', 'session', 'encrypt'));
   $this->load->model('user_model', 'um');
   $this->load->helper('url');
   $this->form_validation->set_rules('password', 'Password', 'trim|required');
   $this->form_validation->set_rules('password2', 'Confirm Password', 'trim|required|matches[password]');
  
   $submit = $this->input->post('submit');
   $token = $this->input->get('token');
  
   if ($submit) {
       $validToken = $this->um->verify_token($token);
       if ($this->form_validation->run() == TRUE && $validToken == TRUE) {
           $this->um->reset_password();
           $data['main_content'] = 'auth/success';
           $this->load->view('includes/templates/home_page_template', $data);
       }
   }
}

//MODEL

Code:

public function verify_token($token)
{
  $this->db->where('token', $token);
  $query = $this->db->get('reset');
  if ($query->num_rows() == 1) {
      return TRUE;
  } else {
      return FALSE;
  }
}


public function reset_password()
  {
    $salt = $this->_salt();
    $query = $this->db->get('reset', 1);
    $row = $query->row();

    $data = array(
            'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1($this->input->post('password'))),
            'salt' => $salt
          );  
    $this->db->where('email', $row->email);
    $this->db->update('users', $data);
  }

[eluser]RalphLeMouf[/eluser]
That was very helpful to see how you did that. It gave me a good idea on how to simplify better. The only thing is that I tried what you wrote ( although it did it's job with the database and inserting) I am getting a blank white page with

Code:

http://www.mysite/index.php/auth/reset_password

in the url, which at first I assumed was because the elses where not spoken for, but now I can't log back into my site once the password has been reset with my new password, as I was able to do with the original code I posted.

thanks

[eluser]apodner[/eluser]
You are correct, on the failure of the if statement test, there is no else to display another view.

My advice would be to start with a simpler encryption method first.

Maybe just md5 the password and get that working right, or don't encrypt at all. This will allow you the chance to make sure all the mechanics of the form and the validation are working right. Once you have that stable, then add your encryption schema in one piece at a time.

Add in some echo statements after each step to see the value of the variables and make sure they are coming up the way you want them to.

One other thing, in order to get a TRUE returned in the token validation, there can only be one matching row in the reset table, any chance there are multiple rows with the same token value? Also look at the 2nd time I posted that method, I had a typo the first time, and didn't call the $this->db->num_rows() method correctly.

[eluser]RalphLeMouf[/eluser]
Great news. Got everything to work error free! The final step is to get the form validation to work properly and all of the errors to pose as they should.

I really appreciate your help on this - you actually taught me a lot and helped get me on the right track in a major way.

Here is the final code that ended up working:

//CONTROLLER

Code:

public function reset_password()
  {
   $this->load->library('form_validation');
   $this->load->library('session');
   $this->load->model('user_model', 'um');
   $this->load->library('encrypt');
   $this->load->helper('url');
   $this->form_validation->set_rules('password', 'Password', 'trim|required');
   $this->form_validation->set_rules('password2', 'Confirm Password', 'trim|required|matches[password]');
   $salt = $this->_salt();
   $submit = $this->input->post('submit');
   $token = $this->input->get('token');
  
  

   if($submit)
   {
    $validToken = $this->um->verify_token($token);
    if($this->form_validation->run() == TRUE && $validToken == TRUE)
    {

    $this->um->reset_password(array('password' => $this->input->post('password', $salt)));


    $data['main_content'] = 'auth/success';
    $this->load->view('includes/templates/home_page_template', $data);

    }
    $this->form_validation->run() == FALSE;
   }
  }

//MODEL

Code:

public function verify_token($token)
  {
    $this->db->where('token', $token);
    $query = $this->db->get('reset');
    if ($query->num_rows() == 1) {
        return TRUE;
    } else {
        return FALSE;
    }
  }

  public function reset_password()
    {
      $salt = $this->_salt();
      $query = $this->db->get('reset', 1);
      $row = $query->row();

      $data = array(
              'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1($this->input->post('password'))),
              'salt' => $salt
            );  
      $this->db->where('email', $row->email);
      $this->db->update('users', $data);
    }

[eluser]apodner[/eluser]
I am glad you were able to get everything going the right way. Glad to be of help.

[eluser]RalphLeMouf[/eluser]
Ok- so unfortunately this problem has not been solved as I thought. I noticed that the token that is created in the first email that gets inserted to the reset table is DIFFERENT then the one that is sent in the email to take user to reset page.

I'm assuming those are supposed to be the same in order to match and pass validation.

I can't quite syntactically figure out how to pass the same token that is created in the controller and to be used in the model to insert into db ( to make them the same one )

I think that's why on the actual reset page validation is never passing. aka can't reset password.

Here is the model and controller for the sending token functions

Code:

public function validate_retrieve($data) {

    $query = $this->db->where($data)->get('users', '1');

   foreach ($query->result() as $user)
   {
    $user->email;
       $user->salt;
    $user->id;

   }

   $reset_token = array(
    'token' => $token,
    'email' => $user->email
   );

   $insert = $this->db->insert('reset', $reset_token, '1');
   return $reset_token;
  }

Code:

public function retrieve()
  // REQUEST PASSWORD RESET
  // LOADED WHEN THE FORM IS SUBMITTED OFF THE PASSWORD PAGE AND SENDS THE EMAIL WITH TOKEN AND INSTRUCTIONS
  {
   $this->load->library('form_validation');
   $this->load->library('session');
   $this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email');
   $this->load->model('user_model', 'um');
   $this->load->library('encrypt');
   $this->load->helper('url');
   $submit = $this->input->post('submit');
   $salt = $this->_salt();

   if($submit)
   // IF THE SUBMIT BUTTON IS SET
   {

    // START PROCESS TO CREATE $USER VARIABLE THAT HOLDS WHAT THE USER ENTERED IN THE FORM AND THAT CAN GET CHECKED AGAINST THE DB IN THE MODEL
    $user = $this->um->validate_retrieve(array('email' => $this->input->post('email')));


    // IF THE USER IS CREATED AND CHECKS OUT AND ALL OF THE ERRORS ARE CLEARED ON THE FORM
    if( $user && $this->form_validation->run() == TRUE ) {

     $domain = "clci.dev/index.php";

     // CREATE A TOKEN LINK TO SEND TO THE USERS EMAIL THAT EXIST IN THE DB AND WAS ENTERED

     $token = $this->encrypt->sha1($salt . $this->encrypt->sha1($this->input->post('email')));
     $link = "http://www.".$domain."/auth/reset/?token=$token";


      $this->load->library('email');

      $this->email->from('[email protected]', 'CysticLife');
      $this->email->to($this->input->post('email'));

      $this->email->subject('Reset Password');
      $this->email->message("Please go to the following web address to reset your password:\n\n$link\n\n-Your friends at CysticLife\n\nPlease remember to add the cysticlife.org domain to your address book to ensure that you receive your CysticLife e-Notifications as requested.");

      $this->email->send();
      redirect('auth/success');
      exit;

     }
     $this->form_validation->run() == FALSE;
     $data['main_content'] = 'auth/password';
     $this->load->view('includes/templates/main_page_template', $data);
     $data['email_error'] = 'This email is invalid';
    }


  }

and here is the model and controller for the actual reset page. PLEASE HELP thanks in advance

Code:

public function verify_token($token)
    {
      $this->db->where('token', $token);
      $query = $this->db->get('reset');
      if ($query->num_rows() == 1) {
          return TRUE;
      } else {
          return FALSE;
      }
    }

    public function reset_password()
      {
        $salt = $this->_salt();
        $query = $this->db->get('reset', 1);
        $row = $query->row();

        $data = array(
                'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1($this->input->post('password'))),
                'salt' => $salt
              );  
        $this->db->where('email', $row->email);
        $this->db->update('users', $data);
      }

Code:

public function reset_password()
    {
     $this->load->library('form_validation');
     $this->load->library('session');
     $this->load->model('user_model', 'um');
     $this->load->library('encrypt');
     $this->load->helper('url');
     $this->form_validation->set_rules('password', 'Password', 'trim|required');
     $this->form_validation->set_rules('password2', 'Confirm Password', 'trim|required|matches[password]');
     $salt = $this->_salt();
     $submit = $this->input->post('submit');
    

     if($submit)
     {
      $validToken = $this->um->verify_token($token);
      if($this->form_validation->run() == TRUE && $validToken == TRUE)
      {

      $this->um->reset_password(array('password' => $this->input->post('password', $salt)));


      $data['main_content'] = 'auth/success';
      $this->load->view('includes/templates/home_page_template', $data);

      }
      $this->form_validation->run() == FALSE;
   $data['main_content'] = 'auth/reset/?token=$token';
   $this->load->view('includes/templates/main_page_template', $data);
     }
    }