[eluser]TheFuzzy0ne[/eluser]
Who is a PhpAss?
I'm assuming that this is line 149?
Code:
$hashed_pass = $hashed_pass->password;
If you enter a username that doesn't exist, then FALSE will be returned. Since it's not an object, it doesn't have a property named "password".
Since your model is called "getPasswordHash", it would make more sense for it to pass back the password, rather than the database result, so:
Code:
public function getPasswordHash($email = '') {
if ( ! $email) {
return FALSE;
}
$sql = 'SELECT `password` FROM users WHERE email=? LIMIT 1';
$query = $this->db->query($sql, array($email));
return ($query->num_rows() == 1) ? $query->row()->password : FALSE;
}
You then need to check for the password in your validation callback:
Code:
function _checkPassword($pass)
{
$hasher = new PhpAss();
$this->load->model('user');
$hashed_pass = $this->user->getPasswordHash($this->input->post('email'));
if ($hasher->checkPassword($pass, $hashed_pass))
{
return TRUE;
}
else
{
$this->form_validation->set_message('_checkPassword', 'The Email and/or Password is incorrect. Please try again');
return FALSE;
}
}
However, I'd approach this slightly differently. I'd move the logic for validating a username and password into my model, so I'd have a model method called is_valid_login(), where you'd pass the username and password, and it will simply return TRUE or FALSE. If you ever decide to implement your login elsewhere, it would mean you don't have to repeat so much code. It also keeps your business logic separate from your controller logic.