php - How to campare password if it is encoded in database in CodeIgniter? -


i new in codeigniter in database password field encoded using encrypt key when want login not match password.name of controller,view , model hello,login , user_model respectively.

here view: 

<html>     <head>         <title></title>         <style>             .text-danger {                 color: red;             }         </style>         <script>             function myfun() {                 var r4 = document.getelementbyid('email').value;                 var r5 = document.getelementbyid('password').value;                 if (r4 == "") {                     document.getelementbyid('f4').style.display = "block";                     return false;                 }                 else if (r5 == "") {                     document.getelementbyid('f5').style.display = "block";                     return false;                 }             }               function myfun4(r) {                 if (r != 0) {                     document.getelementbyid('f4').style.display = "none";                 }             }             function myfun5(r) {                 if (r != 0) {                     document.getelementbyid('f5').style.display = "none";                 }             }         </script>     </head>     <body style="background-color: #99bc99">         <br>         <form method="post" action="logindata">             <table  border='1' align='center'>                 <tr>                     <th>email</th>                     <td>                         <input type="text" name="email" id="email"  onkeyup="myfun4(this.value)">                         <span class="text-danger"><?php echo form_error('email'); ?></span>                         <span id="f4" class="text-danger" style="display: none">this field required</span>                     </td>                 </tr>                 <tr>                     <th>password</th>                     <td>                         <input type="password" name="password" id="password"  onkeyup="myfun4(this.value)">                         <span class="text-danger"><?php echo form_error('password'); ?></span>                         <span id="f5" class="text-danger" style="display: none">this field required</span>                     </td>                 </tr>                 <tr>                     <th colspan="2"><button id="submit" name="submit" onclick="return myfun()">submit</button></th>                 </tr>             </table>         </form>     </body> </html>

and controller 

<?php class hello extends ci_controller {      public function __construct() {         parent::__construct();         $this->load->library('session');         $this->load->helper('form');         $this->load->helper('url');         $this->load->helper('html');         $this->load->library('image_lib');         $this->load->database();         $this->load->library('form_validation');         $this->load->model('user_model');         $this->load->library('encrypt');     }      function index() {         $this->load->view('login.php');     }      function logindata() {         $f1 = $this->input->post("email");         $f2 = $this->input->post("password");         $encrypt_pwd2 = $this->encrypt->encode($f2);         $this->form_validation->set_rules("email", "email", "trim|required");         $this->form_validation->set_rules("password", "password", "trim|required");         if ($this->form_validation->run() == false) {             $this->load->view('login');         } else {             $data = $this->user_model->get_password($f1, $f2);             $plainpassword = $this->encrypt->decode($data);             if ($plainpassword == $f2) {                 $this->dataa['posts'] = $this->user_model->userdata($f1, $f2);                 $this->load->view('home', $this->dataa);             } else {                 $this->load->view('home');             }         }     }  } ?>

and model 

<?php class user_model extends ci_model {      public function __construct() {         parent::__construct();         $this->load->database();         $this->load->library('encrypt');     }      function get_password($f1, $f2) {         $this->db->select('password');         $this->db->from('user_detail');         $this->db->where('email', $f1);         return $this->db->get()->result()->row('password');     }      function userdata($f1, $f2) {         $q = $this->db->get_where('user_detail', array('email' => $f1));         if ($q->num_rows() > 0) {             foreach ($q->result() $row) {                 $dataa[] = $row;             }             return is_array($dataa) ? $dataa : array();         }     }  } ?>

the first thing i'm noticing you're trying "encrypt" passwords. 99.99% of time, wrong thing do. want passwords use algorithm designed password storage.

php has helpful library this, known password-hash (http://php.net/password-hash).

when store password, want use password_hash function. following code snippet shows how used password of "password1!"

<?php     password_hash("password1!", password_default); ?>

when run, produce output similar 

$2y$11$q5mkhsbtlsjcnevsyh64a.acluzhngog7tqakvmqwo9c8xb.t89f.

this value store in database.

when attempting verify whether or not password correct, can use php password_verify function. function return boolean. if returns true, know user authenticated successfully.

<?php     $original_hash = // hash have stored in database                                // in case,                                // $2y$11$q5mkhsbtlsjcnevsyh64a.acluzhngog7tqakvmqwo9c8xb.t89f.      if (password_verify('password1!', $original_hash)) {         echo 'successful login';          // normal login things here     } else {         echo 'invalid password.';         // return error because had wrong password     } ?>

php has taken lot of heavy lifting off of hands, , can use safely handle passwords.


Comments

Post a Comment

Popular posts from this blog

How to connect android app to App engine -

i'm trying connect app in android server i've opened on appengine. my server's name : dddd-daniel-2345 , website server : http://dddd-daniel-2345.appspot.com/ this how connect android app server in app engine: app.yaml: application: dddd-daniel-2345 version: 1 runtime: python27 api_version: 1 threadsafe: yes handlers: - url: .* script: main.app libraries: - name: webapp2 version: "2.5.2" main.py: #!/usr/bin/env python # # copyright 2007 google inc. google.appengine.api import users import webapp2 class userhandler(webapp2.requesthandler): def get(self): user = users.get_current_user() if user: greeting = ('%s,%s,%s' % (user.email(),user.user_id(),user.nickname())) else: greeting = ('not logged in') self.response.out.write(greeting) app = webapp2.wsgiapplication([('/', userhandler),], debug=true) my applications code : add manifast main....
Read more

gcc - MinGW's ld cannot perform PE operations on non PE output file -

i know there other similar questions out there, stackoverflow or not. i've researched lot this, , still didn't find single solution. i'm doing operative system side project. i've been doing in assembly, wanna join c code. test, made assembly code file (called test.asm): [bits 32] global _a section .text _a: jmp $ then made c file (called main.c): extern void a(void); int main(void) { a(); } to link, used file (called make.bat): "c:\mingw\bin\gcc.exe" -ffreestanding -c -o c.o main.c nasm -f coff -o asm.o test.asm "c:\mingw\bin\ld.exe" -ttext 0x100000 --oformat binary -o out.bin c.o asm.o pause i've been researching ages, , i'm still struggling find answer. hope won't flagged duplicate. acknowledge existence of similar questions, have different answers, , none work me. question: what doing wrong? old mingw versions had problem "ld" not able create non-pe files @ all. maybe current versions...
Read more

php - display validation error message next to the textbox in codeigniter -

Image
i'm newbie codeigniter.i want display error message next text box.my view file create.php contains following code. <?php echo validation_errors(); //validation echo form_open('news/create'); //create form ?> <div class="boxes"> <div class="common"> <div class="lables"> <label for="name">name</label> </div> <div class="text_boxes"> <input type="text" name="uname" /><div id="infomessage"><?php echo $message;?></br> </div> </div>` and below controller model: public function create() { $this->load->helper('form'); $this->load->library('form_validation'); $data['title'] = 'insert items'; $this->form_validation->set_rules('uname','required|min_length[6]|m...
Read more