[eluser]nevsie[/eluser]
Hi All, i am playing with ErkanaAuth from the Dev Kit and am currently having a little bit of confusion with what it appears to be checking...
I use a callback on my function:
Code:
function check_username($username)
{
$this->load->helper('security');
$password = dohash($this->input->post('password'));
if ($this->auth->try_login(array('username' => $username, 'password' => $password)))
{
return TRUE;
}
else
{
$this->validation->set_message('check_username', 'Incorrect login info.');
return FALSE;
}
}
and then use the auth function try_login
Code:
function try_login($condition = array()) {
$this->CI->db->select('id');
$query = $this->CI->db->get_where('users', $condition, 1, 0);
if ($query->num_rows != 1) {
return FALSE;
} else {
$row = $query->row();
$this->CI->session->set_userdata(array('user_id'=>$row->id));
return TRUE;
}
}
However, my problem lies in two places.
Firstly when the "get_where" is applied on the username and password array it appears to do two queries on the database rather than doing them in one like i would have assumed? Is this right?
Secondly, (and i know i am not doing any other validation on username) when i send a blank username to the get_where with any thing in the password it returns as TRUE. Now my assumption is that a blank username is finding the first row of the database and returnnig that hence the success... The password does not matter as it is being run in a second query not together in one. Am i assuming correct, or is this a minor hole that i am missing?
i can easily set require validation on the username along with the callback, but i am still lost on the get_where running as two queries.
Any help appreciated. N