CODEWITHSUNDEEP
phpcodeigniterphp-password-hash
Rakesh
Rakesh

Reputation: 213

password_verify() not working properly

My controller

// display the login page
    public function index() {
        // on form data
        $onsumbit = $this->input->post('verify');
        if(isset($onsumbit)) {

           $user_name = $this->input->post('user_name');
           $password = $this->input->post('password');

            // verify login
            $verified = $this->login_model->login_verify($user_name,$password);
            // success
            if($verified) {
                redirect('dashboard');
            }
            // failure
            else {
                $this->session->set_flashdata('login_failure','Please check your email and password and try again');
                redirect('index');
            }
        }
        // login page
        $this->load->view('login');
    }

My model

public function login_verify($user_name,$password) {
        $hashed_password = $this->verify_password($user_name);
        $this->db->where('user_name',$user_name)->where('password',password_verify($password, $hashed_password));
        $result = $this->db->get('employee');
        if($result -> num_rows() > 0) {

        $session = array(
            'employee_id'   => $result->row()->employee_id,
            'name'          => $result->row()->first_name.' '.$result->row()->last_name,
            'employee_role' => $result->row()->employee_role,
            'is_logged_in'  => TRUE,
        );
        // set session
        $this->session->set_userdata($session);
        return TRUE;
        } else {
            return FALSE;
        }

    }

     private function verify_password($user_name) {
        $this->db->where('user_name',$user_name);
        $result = $this->db->get('employee');
        if($result -> num_rows() > 0) {
         return  $get_password = $result->row(0)->password;
        }

    }

i'm doing password hashing to my login, i added default password_hashing(). while i'm verifying the password is not properly working, any password type it login to the dashboard. what i'm forgetting here, any help would be appreciated.

Upvotes: 0

Views: 3227

Answers (1)

Iamzozo
Iamzozo

Reputation: 2358

You can simplify it a bit, but as @h2ooooooo metioned, you cannot select from the database by password_verify.

Here is what I use for authentication:

public function login()
{
    $this->form_validation->set_rules('email', 'E-mail', 'required|valid_email');
    $this->form_validation->set_rules('password', 'Password', 'required');

    if ($this->form_validation->run()) {

        // Get the actual user from the database, you can use email or username, whatever you want
        $user = $this->user->get($this->input->post('email'));

        // If we have a user, then we can check against the submitted password:
        if ($user && password_verify($this->input->post('password'), $user->password)) {
            $this->session->set_userdata([
                // Your session data 
            ]);
            redirect('/');
        } else {
            $this->session->set_flashdata('error', 'Wrong credintals');
            redirect('login');
        }
    }

    $this->load->view('auth/login');
}

Upvotes: 1

Related Questions