search

dwightwatson / codeigniter-bcrypt

Adaption of PHPPass for use as a CodeIgniter Bcrypt library.
42 stars 53 forks source link

Can you check if Have Bcrypt Setup Correct #5

Closed tasmanwebsolutions closed 10 years ago

tasmanwebsolutions commented 10 years ago

Hi, Matthew here. I have been trying to get your codeigniter bcrypt correct but not having much luck. Can you give me some advice. Cheers I have got the hashing part on my register model and its now stored in database user

Controller Login

public function __construct(){
        parent::__construct();
            $this->load->library('users');
            $this->load->model('user/user_model');
            $this->load->library('security/bcrypt');
            $this->load->library('form_validation');
            $this->lang->load('common/login', 'english');
    }

      public function index() {
            $this->form_validation->set_rules('username', 'Username', 'required');
            $this->form_validation->set_rules('password', 'Password', 'required');

            if($this->form_validation->run() == false) {

                  $data['action'] = site_url('login');

                  $this->load->view('template/common/login', $data);

            } else {

                  $password = $this->input->post('password');
                  $username = $this->input->post('username');
                  $user = $this->user_model->getUser($username);

                  if($this->user_model->check_credentials($password)) {

                        redirect('dashboard');

                         if($this->users->login() == true) {

                                redirect('dashboard');

                         } else {

                              $data['action'] = site_url('login');

                              $this->load->view('template/common/login', $data);

                         }

                  } else {

                        $data['action'] = site_url('login');

                        $this->load->view('template/common/login', $data);
                  }
            }
      }

Model


class User_model extends CI_Model {

    public function __construct() {
        parent::__construct();
        $this->load->library('security/bcrypt');
    }

    public function getUser($username) {
            $username = $this->input->post('username');
            $this->db->where('username', $this->input->post('username'));
            $this->db->get('user');
    }

    public function check_credentials($password, $stored_hash) {
            $password = $this->input->post('password');
            $this->bcrypt->check_password($password, $stored_hash);
    }

    public function username_exists($username) {
            $username = $this->input->post('username');
            $this->db->where('username', $username);
            $this->db->get('user');
    }

}

Library File Users


  class Users {

      private $user_id;
      private $username;

      public function __construct() {
            $this->CI =& get_instance();
            $this->CI->load->database();
            $this->CI->load->library('session');
            $this->CI->load->library('security/bcrypt');

            if(null !== ($this->CI->session->userdata('user_id'))) {
                  $this->CI->db->select('user_id');
                  $this->CI->db->from('user');
                  $this->CI->db->where('status', "1");
                  $user_query = $this->CI->db->get();
                  if($user_query->num_rows() == 1) {

                  $this->user_id = $user_query->row('user_id');

                  $this->CI->db->query("UPDATE " . $this->CI->db->dbprefix . "user SET ip = '" . $this->CI->input->ip_address() . "' WHERE user_id = '" . (int)$this->CI->session->userdata('user_id') . "'");

                  } else {
                        $this->logout();
                  }
            }
      }

      public function login() {
            $username = $this->CI->input->post('username');
            $password = $this->CI->input->post('password');

            $this->CI->db->select('user_id');
            $this->CI->db->from('user');
            $this->CI->db->where('username', $username);
            $this->CI->db->where('password', $password);
            $this->CI->db->where('status', "1");
            $user_query = $this->CI->db->get();

            if($user_query->num_rows() == 1) {

                  $this->user_id = $user_query->row('user_id');
                  $this->username = $this->CI->input->post('username');

                  $data = array(
                        'isLogged' => $this->user_id,
                        'user_id' => $this->user_id,
                        'username' => $this->CI->input->post('username')
                  );
                  $this->CI->session->set_userdata($data);

                  return true;
            } else {
                  return false;
            }
      }
}
dwightwatson commented 10 years ago

You're going to need to go into more detail about what isn't working.

Your user model has a heap of superfluous code:

public function getUser($username) {
        $username = $this->input->post('username');
        $this->db->where('username', $this->input->post('username'));
        $this->db->get('user');
}

You already passed the $username in through the method parameters. You don't need to fetch it from the input (which you do, twice) and you shouldn't do that from the model anyway.

None of your methods in the model return anything (probably one of your biggest problems).

I'm not sure this line is going to work (I could be wrong, haven't used CI in a while):

$this->CI->load->database();

Perhaps it should be: 

$this->CI->load->library('database');

So yeah, there's a lot going on here that isn't right. But I'm not convinced this has anything to do with this library.

tasmanwebsolutions commented 10 years ago

Thanks any way but giving up on it spent couple weeks trying to work it out.