CODEWITHSUNDEEP
phpmysqlcodeignitercontroller
user5913892
user5913892

Reputation: 123

Invalid Username or Password in Codeigniter 3

I have followed a tutorial in order to create a simple Login with CodeIgniter(the version I'm using is the last one), but when I insert the Username and Password I just get "Invalid Username or Password" that would be great if I missed one of the two, but both are correct. The DB was created in PHPmyAdmin(I'm using WAMP with user root and no password), the table is named users and I created two different users. If necessary I can also put the code of other files ( database.php , etc. ). SO,I don't understand What I'm wrong, this is the controller:

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

    class VerifyLogin extends CI_Controller {

     function __construct()
     {
       parent::__construct();
       $this->load->model('user','',TRUE);
       $this->load->helper('url');
     }

     function index()
     {
       //This method will have the credentials validation
       $this->load->library('form_validation');

       $this->form_validation->set_rules('username', 'Username', 'trim|required');
       $this->form_validation->set_rules('password', 'Password', 'trim|required|callback_check_database');

       if($this->form_validation->run() == FALSE)
       {
         //Field validation failed.  User redirected to login page
         $this->load->view('login_view');
       }
       else
       {
         //Go to private area
         redirect('home', 'refresh');
       }

     }

     function check_database($password)
     {
       //Field validation succeeded.  Validate against database
       $username = $this->input->post('username');

       //query the database
       $result = $this->user->login($username, $password);

       if($result)
       {
         $sess_array = array();
         foreach($result as $row)
         {
           $sess_array = array(
             'id' => $row->id,
             'username' => $row->username
           );
           $this->session->set_userdata('logged_in', $sess_array);
         }
         return TRUE;
       }
       else
       {
         $this->form_validation->set_message('check_database', 'Invalid username or password');
         return false;
       }
     }
    }
    ?>

This is User.php

<?php
Class User extends CI_Model
{
 function login($username, $password)
 {
   $this -> db -> select('id, username, password');
   $this -> db -> from('users');
   $this -> db -> where('username', $username);
   $this -> db -> where('password', MD5($password));
   $this -> db -> limit(1);

   $query = $this -> db -> get();

   if($query -> num_rows() == 1)
   {
     return $query->result();
   }
   else
   {
     return false;
   }
 }
}
?>

Upvotes: 2

Views: 2314

Answers (2)

devpro
devpro

Reputation: 16117

As per your comments:

Yes,It returns this: Array ( [0] => stdClass Object ( [id] => 1 [username] => fabio [password] => fabio ) ) . Sorry, before I deleted that print , I did not understand what you wanted to do. – user5913892 9 mins ago

You do not have password in MD5() in your database. for this you need to use this:

$this -> db -> select('id, username, password');
$this -> db -> from('users');
$this -> db -> where('username', $username);
$this -> db -> where('password', $password);
$this -> db -> limit(1);

It is good practice to use encryption for your confidential data like password, i suggest you to INSERT password as MD5() than you can use MD5() in login.

Upvotes: 1

Gouda Elalfy
Gouda Elalfy

Reputation: 7023

when you insert new username and password you check for them on your database when you don't find them you return false, function check_database() , this function should reverse what it does.

Upvotes: 0

Related Questions