We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Please help with my controller

April 22, 2011 11:13pm

Subscribe [3]

  • #1 / Apr 22, 2011 11:13pm

    chikoi

    3 posts

     
    <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Login extends CI_Controller {
    public function index()
    {
        $this->load->helper(array('form', 'url'));
        $this->load->library('form_validation');
        if ($this->form_validation->run() == FALSE)
        {
            $this->load->view('login/login_form');
        }
    }
    public function proceed()
    {
        $this->load->helper(array('form', 'url'));

        $this->load->library('form_validation');
        
        $this->form_validation->set_rules('email', 'Email', 'required|max_length[150]|valid_email|callback_check_user');
        $this->form_validation->set_rules('pass', 'Password', 'required|max_length[50]|md5');
        $this->form_validation->set_error_delimiters('<div class="error">', '</div>');

        if ($this->form_validation->run() == FALSE)
        {
            $this->load->view('login/login_form');
        }
        else
        {
            $this->load->library('session');
            $newdata = array(
                   'email'     => $this->input->post('email'),
                   'logged_in' => TRUE
               );
            $this->session->set_userdata($newdata);
                //write login time, ip and increment login count to db
            $this->load->database();            
            $sql2 = "UPDATE users SET ip_address = ?, login_count = login_count + 1 WHERE email = ?"; 
            $query2 = $this->db->query($sql2, array($this->input->ip_address(), $this->input->post('email')));
                if ($query2) {
                    redirect('/index.php/home', 'location');
                }
                else {
                    log_message('error', 'User login time, ip and login counts were not updated to db.');
                    redirect('/index.php/login', 'location');
                }
        }
    }
    
    function check_user($str)
    {
        $this->load->database();
        $sql = "SELECT id, registered FROM users WHERE email = ? and password = ?";
        $query = $this->db->query($sql, array($this->input->post('email'), $this->input->post('pass')));
        if ($query->num_rows() > 0)
        { 
            $row = $query->row();
            if ($row->registered == 1) {
                //generate cookie and redirect to home page
                return TRUE;
            }
            else {
                $this->form_validation->set_message('check_user', 'Sorry, your registration has not been confirmed yet. Please <a >click here</a> if you did not receive the confirmation email.');
                return FALSE;
            }
        }
        else
        {
            $this->form_validation->set_message('check_user', 'Sorry, user does not exist. Please try again.');
            return FALSE;
        }
    }

}

/* End of file welcome.php */
/* Location: ./application/controllers/welcome.php */


    The line that i’m having problems with is this:

    $query = $this->db->query($sql, array($this->input->post('email'), $this->input->post('pass')));

     

    The function “check_user” always returns FALSE however if I replace the

    $this->input->post('pass')

    with the actual hashed password from the database, the function returns TRUE and it works!

    Any idea where I messed up would be greatly appreciated. Thanks!

  • #2 / Apr 22, 2011 11:21pm

    InsiteFX

    6819 posts

    If the email you are checking in the database is already hashed then you need to hash the email first to check the hashed one in the database!

    InsiteFX

  • #3 / Apr 23, 2011 4:37pm

    chikoi

    3 posts

    Yes, you’re right. Thanks! I’ve resolved the problem by prepending md5 to the code:

    md5($this->input->post('pass'))

    With this, do you happen to figure out why the md5 rule in $this->form_validation->set_rules did not work?

    Regards,
    Michelle

  • #4 / Jun 10, 2012 7:56am

    mbonachea

    3 posts

    With this, do you happen to figure out why the md5 rule in $this->form_validation->set_rules did not work?

    Regards,
    Michelle

    You could try lowering the max chars for the password to 32 instead of 50.
    an MD5 Hash has 32 characters. or you could try SHA256 which has 64 characters.

    let me know if that helps!

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register