User login issue

#1
[eluser]Skoobi[/eluser]
Hi i'm in the process of teaching myself codeigniter (with help from the forum, tuts and the user guide) but for some reason my user login works but it doesn't check the password. So if i log in i can type the wrong password and it enters the admin.

heres my controller
Code:
<?php

class Account extends CI_Controller {


//Account function
function Account(){
  parent::__construct();
  $this->load->library(array('form_validation','session'));
  $this->load->helper(array('url','form'));
  $this->load->model('account_model');  
  $this->_salt="123456789987654321";
}



// Index function
function index(){
  $data['page_title']="my site";
  
  if($this->account_model->logged_in() === TRUE){
   $this->dashboard(TRUE);
  }else{
   $this->load->view('template/header',$data);
   $this->load->view('template/navigation');
   $this->load->view('account/details');
   $this->load->view('template/footer');
  }
}



// Dashboard function
function dashboard($condition = FALSE){
  $data['page_title']="my site";
  
  if ($condition === TRUE
   OR $this->account_model->logged_in() === TRUE){
    $this->load->view('template/header',$data);
    $this->load->view('template/navigation');
    $this->load->view('account/dashboard');
    $this->load->view('template/footer');
   }else{
    $this->load->view('template/header',$data);
    $this->load->view('template/navigation');
    $this->load->view('account/details');
    $this->load->view('template/footer');
   }
}


// Login function
function login()
{
  $data['page_title']="my site";
  
  $this->form_validation->set_rules('username', 'Username','xss_clean|required|callback_username_check');
  $this->form_validation->set_rules('password', 'Password','xss_clean|required|min_length[4]|max_length[12]|sha1|callback_check_database');
  $this->_username = $this->input->post('username');
  $this->_password = sha1($this->_salt . $this->input->post('password'));
  
  if ($this->form_validation->run() == FALSE){
   $data['message'] = "Check your details again!";
   $this->load->view('template/header',$data);
   $this->load->view('template/navigation');
   $this->load->view('account/login',$data);
   $this->load->view('template/footer');
  }else{
   $this->account_model->login();
   $data['message'] = "You are logged in!";
   $this->load->view('template/header',$data);
   $this->load->view('template/navigation');
   $this->load->view('account/dashboard',$data);
   $this->load->view('template/footer');
  }

}


// Password Check function
function password_check()
{
  $data['page_title']="my site";
  
  $this->db->where('username', $this->_username);
  $query = $this->db->get('users');
  $result = $query->row_array();
  
  if($result['password'] == $this->_password);
  {
   return TRUE;
  }
  
  if($query->num_rows() == 0)
  {
   $this->form_validation->set_message('password_check', 'There was an error!');
   return FALSE;
  }
}


// Logout function
function logout(){
$data['page_title']="my site";
   $this->session->sess_destroy();
   $this->load->view('template/header',$data);
   $this->load->view('template/navigation');
   $this->load->view('account/login');
   $this->load->view('template/footer');
}

}

?>

and heres my model

Code:
<?php

class Account_model extends CI_Model {

function Account_model(){
  parent::__construct();
  $this->load->database();
}


// Log in function
function login(){
  $data = array('username'=>$this->input->post('username'),'logged_in'=>TRUE);
  $this->session->set_userdata($data);
}


// Logged In function
function logged_in()
{
  if ($this->session->userdata('logged_in') == TRUE)
  {
   return TRUE;
  }
  return FALSE;
}


}

?>

and the view

Code:
<form acti method="post">
        <p>&lt;input type="text" name="username" class="input input-xxlarge" placeholder="Username"/&gt;&lt;/p>
        <p>&lt;input type="password" name="password" class="input input-xxlarge" placeholder="Password"/&gt;&lt;/p>
        <p>&lt;input type="submit" value="login" /&gt;&lt;/p>
        &lt;/form&gt;

Im not sure why its not working wether theres a mistake or what im not sure.

Any help would be greatfully recieved

Chris

#2
[eluser]a_h_abid[/eluser]
Probably this...
$this->form_validation->set_rules('password', 'Password','xss_clean|required|min_length[4]|max_length[12]|sha1|callback_check_database');

here you are trying to call 'check_database()' which doesn't exist. It should be 'callback_password_check' according to the function name you given.

#3
[eluser]Skoobi[/eluser]
Many thanks for getting back to me... There was a few issues as i found out...

Controller
Code:
// Login function
function login()
{
  $data['page_title']="CloudWales Admin";
  
  $this->form_validation->set_rules('username', 'Username','xss_clean|required');
  $this->form_validation->set_rules('password', 'Password','xss_clean|required|min_length[4]|max_length[12]|sha1|callback_password_check');
  $this->_username = $this->input->post('username');
  $this->_password = sha1($this->_salt . $this->input->post('password'));
  
  if ($this->form_validation->run() == FALSE)
  {
   $data['message'] = "Check your details again!";
   $this->load->view('template/header',$data);
   $this->load->view('template/navigation');
   $this->load->view('account/login',$data);
   $this->load->view('template/footer');
  }else{
   $this->account_model->login();
   $data['message'] = "You are logged in!";
   $this->load->view('template/header',$data);
   $this->load->view('template/navigation');
   $this->load->view('account/dashboard',$data);
   $this->load->view('template/footer');
  }
}  
    
  // Password Check function
  function password_check()
  {
  $this->load->model('account_model');
  $query = $this->account_model->validate();
    
  if($query) // if the user's credentials validated...
   {
    $data = array(
     'username' => $this->input->post('username'),
     'logged_in' => true
    );
    $this->session->set_userdata($data);
    return TRUE;
   }
   else // incorrect username or password
   {
    return FALSE;
   }
  }

and also i added a validate function in the model...

Code:
function validate()
{
  $this->db->where('username', $this->input->post('username'));
  $this->db->where('password', sha1($this->input->post('password')));
  $query = $this->db->get('users');
  
  if($query->num_rows == 1)
  {
   return true;
  }
  
}

next step is to secure it and try and use session Smile


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.