where clause |
[eluser]huangxiao[/eluser]
Hi can i ask some help i could not loging in...can you please help me on my code Code: class User_model extends CI_Model{ Thank you in advance
[eluser]ivantcholakov[/eluser]
1. The username and the password should be passed explicitly as method's parameters. If you get them inside the body of the method - this is a side effect, you loose flexibility and maintainability this way. 2. You store passwords within the database in plain text. This is not well. Choose a hashing function and use it. 3. Code: if ($query->num_rows > 0) { Code: if($query->num_rows==1){ 4. You return TRUE on succes and NULL on failure. Better return FALSE on failure. 5. You don't pass the query parameters correctly, see http://ellislab.com/codeigniter/user-gui...eries.html, the section "Query Bindings". 6. A suggestion: Use the query builder for database server abstraction. 7. I suppose, in a real application the check would depend also on a flag for enabled/disabled account at least.
[eluser]ivantcholakov[/eluser]
You may examine the following model and adapt it for your system: Code: <?php defined('BASEPATH') OR exit('No direct script access allowed'); For managing users (CRUD operations, etc) make a separate model Users_model that is to work with the same table 'users'. By this separation code would be easier to be read.
[eluser]huangxiao[/eluser]
Hi thank you for the quick reply and thank you for this,Okay i will try this. Thank you
[eluser]huangxiao[/eluser]
Hi ivantcholakov,I forgot to ask why you call the logout() in your login() ? Thank you in avdvance.
[eluser]ivantcholakov[/eluser]
[quote author="huangxiao" date="1378547006"]Hi ivantcholakov,I forgot to ask why you call the logout() in your login() ? Thank you in avdvance.[/quote] It is possible in some sites the user login form to be accessible after a user has been logged. So, you can login successfully as user1. Then, while logged as user1 you may go to the login form and to try to login as user2. Imagine that login as user2 fails. Then you will stay logged as user1. This would be a weird situation. The right logic is nobody to be logged after a failed login attempt. Before a login attempt, session information about the previous login (if there is any) should be cleared. This is what logout() does. |
Welcome Guest, Not a member yet? Register Sign In |