Codeigniter - matching user entered password to hashed password stored in DB always returns false. Please help

Question

I have my controller Setup my join_model and my login_model

A user registers and after they have passed all validation and captcha etc and have clicked submit they are set to setup.

My setup controller loads the join_model and the create() method, takes all the post data and gets ready to send it to db. This is when the password they entered in the signup form get's hashed, salted etc.

After this I have an if statement that checks whether user passed the checkLogin method in the login_model with TRUE. This method is in the setup controller and I called it loginValidated.

If that is TRUE then user is re-directed to member area (dash).

When I test I keep getting sent to the failed page. I also changed the if state to (!this->loginValidated()) and then I get de-directed to the account area meaning the passwords must not match.

I was wondering if anyone could have a quick look through my code to see if they spot where I'm going wrong?

load->model('join_model');
        $this->join_model->create();
        if ($this->loginValidated()) { //if user credentials passed validation

        redirect('dash'); //forward to dashboard
        }
        else {
            redirect('failed');
        }
    }
    public function loginValidated() {
        $this->load->model('login_model'); //load login_model model
        $this->login_model->checkLogin(); //load checkLogin method

    }
 }



db->where('email', $this->input->post('email')); //compare db email to email entered in form
            $this->db->where('password', $u->password); //compare db password to password entered by user after hashing
            $query = $this->db->get('user'); // get the above info from 'user' table

            if ($query->num_rows == 1) { //if number of rows returned is 1

            $this->load->library('session');
            $this->session->set_userdata('user_id',$u->id);
            $this->session->set_userdata('username',$u->username);
            $this->session->set_userdata('first_name',$u->first_name);
            $this->session->set_userdata('last_name',$u->last_name);
            $this->session->set_userdata('logged_in', 'TRUE');

            return TRUE;
      }
   }
}


load->helper('date');
                $this->load->library('encrypt');

  $u->first_name = $this->input->post('first_name');
                $u->last_name = $this->input->post('last_name');
                $u->email = $this->input->post('email');

                // sha1 and salt password
                $salt = $this->config->item('encryption_key');
  $password = $this->encrypt->sha1($this->input->post('password'));
                $start_hash = sha1($salt . $password);
                $end_hash = sha1($password . $salt);
                $hashed = sha1($start_hash . $password . $end_hash);
                $u->password = sha1($hashed);

                $u->birthday = $this->input->post('year') . '-' . $this->input->post('month') . '-' . $this->input->post('day');
                $u->sex = $this->input->post('sex');

                $u->created_at = date('Y-m-d H:i:s', now()); // date and time user joined the website

                $this->db->insert('user', $u);

    }
}

Jonas Van der Aa · Accepted Answer

My CI is a bit rusty, but it looks like you are returning something on the first line of your checkLogin() function, it would seem to me that the code below that is not getting executed then.

Also, you need to hash the password again before you send it to the database, otherwise you are comparing the clear text password to the hash.

Also, it seems to me like you'd need a User controller and model, not a model for user registration and login. Furthermore you should refrain from loading libraries inside your model, this is considered ugly when working with an MVC framework.

Codeigniter - matching user entered password to hashed password stored in DB always returns false. Please help

Answers (2)

Related Questions