search

dwightwatson / codeigniter-bcrypt

Adaption of PHPPass for use as a CodeIgniter Bcrypt library.
42 stars 53 forks source link

Problem Setting Up. #4

Closed tasmanwebsolutions closed 10 years ago

tasmanwebsolutions commented 10 years ago

I am working on my login, But can not seem to get the check password working. I have put the load model in the public construct area at top of controller.

Model

<?php
public function login($username, $password) {
$this->db->where('username', $this->input->post('username'), $username);
$this->db->where('password', $this->bcrypt->hash_password($this->input->post('password')), $password);
$user_query = $this->db->get('user');
if($user_query->num_rows == 1) {
return true;
} else {
return false;
}
}

public function check_credentials() {
if($this->bcrypt->check_password($password, $stored_hash)) {
return true;
} else {
return false;
}
}

And on the controller

<?php
function login_credentials() {  
$this->form_validation->set_rules('username', 'Username', 'required|trim|min_length[3]|max_length[12]|xss_clean|callback_validating_credentials');

$this->form_validation->set_rules('password', 'Password', 'required|trim');

//$username = $this->input->post('username');
//$password = $this->user_model->check_credentials($this->input->post('password'));

$data['action'] = site_url('login/login_credentials');

if ($this->form_validation->run($this) == FALSE) {

$this->load->view('template/common/login', $data);

} else {

redirect('dashboard');

}

}

function validating_credentials() { 
if($this->user_model->login()) {

return true;

} else {

$this->form_validation->set_message('validating_credentials', 'Incorrect Username Or Password');

return false;
}

}
dwightwatson commented 10 years ago

You are still doing ->where('password', ...) on your query. That isn't going to work with Bcrypt.

On 9 Jun 2014, at 7:36 pm, Matthew Bootherstone notifications@github.com wrote:

I am working on my login, But can not seem to get the check password working.

Model

<?php public function login($username, $password) { $this->db->where('username', $this->input->post('username'), $username); $this->db->where('password', $this->bcrypt->hash_password($this->input->post('password')), $password); $user_query = $this->db->get('user'); if($user_query->num_rows == 1) { return true; } else { return false; } }

public function check_credentials() { if($this->bcrypt->check_password($password, $stored_hash)) { return true; } else { return false; } } And on the controller

<?php function login_credentials() {
$this->form_validation->set_rules('username', 'Username', 'required|trim|min_length[3]|max_length[12]|xss_clean|callback_validating_credentials');

$this->form_validation->set_rules('password', 'Password', 'required|trim');

//$username = $this->input->post('username'); //$password = $this->user_model->check_credentials($this->input->post('password'));

$data['action'] = site_url('login/login_credentials');

if ($this->form_validation->run($this) == FALSE) {

$this->load->view('template/common/login', $data);

} else {

redirect('dashboard');

}

}

function validating_credentials() { if($this->user_model->login()) {

return true;

} else {

$this->form_validation->set_message('validating_credentials', 'Incorrect Username Or Password');

return false; }

} — Reply to this email directly or view it on GitHub.

tasmanwebsolutions commented 10 years ago

Can give me an example

tasmanwebsolutions commented 10 years ago

I think I worked it out

<?php
public function login($password, $username) {
        $this->db->where('username', $this->input->post('username'), $username);
        $this->db->where('password', $this->input->post('password'), $password);
        $result = $this->check_credentials($password);
        $user_query = $this->db->get('user');
        if($user_query->num_rows == 1) {
            return true;
        } else {
            return false;
        }
    }
    public function check_credentials() {
        $query = $this->db->get('user');
        if ($query->num_rows() > 0) {
        $result = $query->row_array();
        if ($this->bcrypt->check_password($password, $result['password'])) {
            //We're good
            return $result;
        } else {
            //Wrong password
            return array();
        }
     } else {
        return array();
        }
    }
dwightwatson commented 10 years ago

Does that work for you? Doesn't look like it should to me. I'm about to board a plane and don't have my laptop on me so I can't give you an immediate answer I'm afraid.

On 9 Jun 2014, at 8:07 pm, Matthew Bootherstone notifications@github.com wrote:

I think I worked it out

<?php public function login($password, $username) { $this->db->where('username', $this->input->post('username'), $username); $this->db->where('password', $this->input->post('password'), $password);

    $result = $this->check_credentials($password);

    $user_query = $this->db->get('user');

    if($user_query->num_rows == 1) {
        return true;
    } else {
        return false;
    }
}

public function check_credentials() {
    $query = $this->db->get('user');

    if ($query->num_rows() > 0) {

    $result = $query->row_array();

    if ($this->bcrypt->check_password($password, $result['password'])) {
        //We're good
        return $result;
    } else {
        //Wrong password
        return array();
    }

 } else {

    return array();
    }
}

— Reply to this email directly or view it on GitHub.

tasmanwebsolutions commented 10 years ago

I just have changed a few things around on my User library and put the bcrypt into the system libraries folder and have made a user libraries folder all in system libraries because I have multiple installs and it works. Lets me know log in and log out.

tasmanwebsolutions commented 10 years ago

I thought I got it but you were right. Where do I load the check password, in the controller?

tasmanwebsolutions commented 10 years ago

Could you give me a example/demo for codeigniter more on how to set up model and calling it in to controller I am just stuck.

dwightwatson commented 10 years ago

Okay, sorry I'm currently overseas so responding is being difficult. I'm going to see what I can do here, I haven't used CodeIgniter in a while and I'm doing this on an iPad. I would suggest that you perhaps spend a little bit of time practicing the basics of PHP functions and the need for passing variables to them because you seem to miss this in a few places.

Model:

<?php

public function get_user($username)
{
    return $this->db->get_where('user', array('username', $username), 1)->row();
}

public function username_exists($username) 
{
    $query = $this->db->get_where('user', array('username', $username), 1);

    return $query->num_rows() == 1;
}

public function check_credentials($password, $stored_hash) 
{
    return $this->bcrypt->check_password($password, $stored_hash);
}

And controller:

<?php

function login_credentials() 
{  
    $this->form_validation->set_rules('username', 'Username', 'required|trim|min_length[3]|max_length[12]|xss_clean|callback_validating_credentials');
    $this->form_validation->set_rules('password', 'Password', 'required|trim');

    // Validate the form
    if ($this->form_validation->run() == FALSE) 
    {
        // Form validation failed, return the login view.
        $this->load->view('template/common/login', array('action' => site_url('login/login_credentials')));

    } 
    else 
    {
        // Form was validated successfully.
        $username = $this->input->post('username');
        $password = $this->input->post('password');

        // Get the user.
        $user = $this->user_model->get_user($username);

        if ($this->user_model->check_credentials($password, $user->password))
        {
            // The password posted to the page and the one stored in the 
            // database are the same, so the user is logging in.

            // Process the login.
            redirect('dashboard');
        }
        else
        {
            // The provided password and the one in the database do not match,
            // so redirect or manage this case however you like here.
        }
    }
}

function validating_credentials() 
{
    // This validation callback just checks to see whether a user exists
    // in the database with the provided username.
    $username = $this->input->post('username');

    if ($this->user_model->username_exists($username))
    {
        return true;
    } 
    else
    {
        $this->form_validation->set_message('validating_credentials', 'Incorrect Username Or Password');
        return false;
    }
}

Like I said, haven't used CodeIgniter in a while but this should set you on the right path. You need to remember that you can only get the user by their identifier (whether it be email or username) and then compare the stored password to the one provided in the form.

Any questions just let me know and I'll try to get back when I have internet access again!