Login

splitX26 · 01-19-2021, 07:36 AM

I am trying to create a register function using password_hash(), and I try to use password_verify for my login function. Currently my register function works well, my password is hashed in my phpmyadmin database but my error comes from my login function. I have a verify_user in my controller

Code:
    function verify_user(){

        $email = $_POST['email'];

        $password = $_POST['password'];

        $this->load->model('login_model');

        $user_details = $this->login_model->verify_user($email,$password);

        if (!empty($user_details)) {

            $user_data =  array

            (

                'user_id' => $user_details['user_id'],

                'email' => $user_details['email'],

                'name' => $user_details['name']

            );

            $this->session->set_userdata('sessiondata',$user_data);

        } else{

            $data = array('msg' => 'Email or Password is wrong.');

            $this->session->set_flashdata('data',$data);

            redirect(base_url());

        }

    }

For this part

Code:
$user_details = $this->login_model->verify_user($email,$password);

I have this function verify_user in my model:

Code:
    function verify_user($email,$password)

    {

        $this->db->select('*');

        $this->db->from('users');

        $this->db->where('email',$email);

        //$this->db->where('password',$password);

        $query = $this->db->get();

        $result = $query->row_array();

        if(password_verify($password, $result['password'])){

            return $result;

        }else {

            return "";

        }

    }

The password seems not match to my database password

**paulbalandan** · 01-19-2021, 09:37 AM

PHP Code:
// model
public function verify_user($email, $password)
{
    // fetch records first with matching email
    $query = $this->db->from('users')->where('email', $email)->get();

    if ($query->num_rows() === 1)
    {
        $result = $query->row_array();

        if (password_verify($password, $result['password']))
        {
            return $result;
        }
    }

    return '';
} 

splitX26 · 01-19-2021, 09:44 AM

Thanks for your answer but my controller still return me : 'Email or Password is wrong.'

**InsiteFX** · 01-19-2021, 12:23 PM

Read this article first.

Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)

The best example that I have seen is how Myth/Auth does it, it uses the above type coding.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )