1. 首頁
  2. 問答
  3. 驗證用戶登錄代碼點火器

驗證用戶登錄代碼點火器

2015-12-15 74 views
0

我目前能夠允許用戶登錄和登錄表單有驗證規則,以確保字段不是空的,但是,如果任何隨機名稱或字母輸入到字段用戶已登錄。如何阻止此操作並僅允許數據庫中的實際用戶登錄?我的模型和控制器都低於驗證用戶登錄代碼點火器

控制器

<?php if (! defined('BASEPATH')) exit('No direct script access allowed'); 
class Login extends CI_Controller{ 

    public function __construct() 
    { 
     parent::__construct(); 
     $this->load->model('login_model'); 
    } 


    public function index() 
    { 
     if(($this->session->userdata('username')!="")) 
     { 
      $this->welcome(); 
     } else { 
      $data['title']= 'MVC Application'; 
      $this->load->view('templates/header', $data); 
      $this->load->view('templates/nav'); 
      $this->load->view('login/signin', $data); 
      $this->load->view('templates/footer'); 
     } 
    } 


    public function welcome() 
    { 

     $data['title']= 'MVC Application'; 
     $this->load->view('templates/header', $data); 
     $this->load->view('templates/nav'); 
     $this->load->view('login/welcome', $data); 
     $this->load->view('templates/footer'); 

    } 


    public function login() 
    { 
     $email=$this->input->post('email'); 
     $password=$this->input->post('pass'); 

     $this->load->library('form_validation'); 
     // field name, error message, validation rules 
     $this->form_validation->set_rules('email', 'email', 'trim|required'); 
     $this->form_validation->set_rules('pass', 'password', 'trim|required'); 

     if($this->form_validation->run() == FALSE) { 
      $this->index(); 
     } else { 
      $this->login_model->login($email,$password); 
      $this->welcome(); 
     } 
    } 

    public function logout() 
    { 
     $newdata = array(
       'id' =>'', 
       'username' =>'', 
       'email'  => '', 
       'logged_in' => FALSE, 
       ); 
     $this->session->unset_userdata($newdata); 
     session_destroy(); 
     redirect('login/index'); 
    } 

    function update() { 

     if(!empty($_POST)) { 

      // Form submitted -- update database 
      $data = array (
        'username' => $this->input->post('username'), 
        'email' => $this->input->post('email'), 
        'password' => $this->input->post('password') 
       ); 
      $this->load->model('login_model'); 
      $this->login_model->update($data); 
      redirect('login/welcome'); 

     } else { 

      // Display form 
      // Prepare data to pass to the view 
      $data = array (
         'title' => 'MVC Application', 
         'username' => $this->session->userdata('username'), 
         'email' => $this->session->userdata('email'), 
         'password' => $this->session->userdata('password') 
        ); 

      $this->load->view('templates/header', $data); 
      $this->load->view('templates/nav'); 
      $this->load->view('login/update', $data); 
      $this->load->view('templates/footer'); 

     } 

    } 
} 
?>

型號

<?php if (! defined('BASEPATH')) exit('No direct script access allowed'); 
class Login_model extends CI_Model { 

    public function __construct() 
    { 
      $this->load->database(); 
    } 

    public function login($email, $password) 
    { 
     $this->db->where("email",$email); 
     $this->db->where("password",$password); 
     $query=$this->db->get("mvc_user"); 

     if($query->num_rows()>0) 
     { 
      foreach($query->result() as $rows) 
     { 
     //add all data to session 
     $newdata = array(
        'id' => $rows->id, 
        'username' => $rows->username, 
        'email' => $rows->email, 
        'password' => $rows->password, 
        'logged_in' => TRUE, 
       ); 
     } 
     $this->session->set_userdata($newdata); 
     return true; 
    } 
    return false; 
} 

function update($data) { 
    $my_id = $this->session->userdata('id'); 
    if($my_id !== false) { // Just making sure we're logged in 
     $this->db->where('id', $my_id); 
     $this->db->update('mvc_user', $data); 
     $this->session->set_userdata($data); 
} 
} 
} 
?>

來源

2015-12-15 Jess

+0

可以清理更多?用你需要的編輯問題 –

+0

我只需要只有在數據庫中的用戶才能夠登錄。說有人試圖在數據庫中沒有他們的詳細信息登錄,我想要顯示一個錯誤,並說他們無法登錄,而此刻任何人都將登錄,並創建一個空憑證會話@Abdulla – Jess

+0

現在我明智地縮進你的代碼至少有一個錯誤應該是**喊你** – RiggsFolly

回答

2

在你的模型。更改登錄功能:

public function login($email, $password) 
{ 
    $this->db->where('email',$email); 
    $this->db->where('password',$password); 
    $query = $this->db->get('mvc_user'); 

    if($query->num_rows()>0) 
    { 
     foreach($query->result() as $row) 
     { 
      //add all data to session 
      $newdata = array(
       'id'  => $row->id, 
       'username' => $row->username, 
       'email'  => $row->email, 
       'password' => $row->password, 
       'logged_in' => TRUE, 
      ); 
     } 
     $this->session->set_userdata($newdata); 
     return true; 
    } 
    return false; 
}

在您的控制器登錄:

public function login() 
{ 
    $email = $this->input->post('email'); 
    $password = $this->input->post('pass'); 

    $this->load->library('form_validation'); 
    // field name, error message, validation rules 
    $this->form_validation->set_rules('email', 'email', 'trim|required'); 
    $this->form_validation->set_rules('pass', 'password', 'trim|required'); 


    if ($this->form_validation->run() && $this->login_model->login($email, $password)) { //If success login 
     $this->welcome(); 
     //Here we can echo success because both the form validation was successfull and the login. 
    } else { 
     $this->index(); 
     //Here goes the Error message 
    } 
}

您還可以使用$query = $this->db->get_where('mvc_user', array('email' => $email, 'password', $password));

代替

$this->db->where('email',$email); 
$this->db->where('password',$password); 
$query = $this->db->get('mvc_user');

,如果你喜歡短代碼

來源

2015-12-15 15:08:49

+0

我這樣做,並得到一個錯誤「呼叫未定義的方法CI_DB_mysqli_driver :: NUM_ROWS() 文件名:型號/ Login_model.php 行號:18' @IlanHasanov – Jess

+0

@Jess現在新的代碼嘗試 –

+0

感謝@IlanHasanov!我會在哪裏放置我的錯誤消息? – Jess

1

在你登錄的行動,而不是隻:

$this->login_model->login($email,$password); 
$this->welcome();

你必須檢查是否是真的還是假的

if($this->login_model->login($email,$password)) { 
    $this->welcome(); 
} else { 
    // HERE is the place for wrong user/pass message to be triggered 
}

第二件事.. 從用戶模型中的UPDATE和Login方法中刪除任何會話更新。而是添加另一種方法,並從登錄和更新稱之爲..

private function setSessionData($userid){ 
    $this->db->where('user_id', $userid); 
    $this->db->select('*'); 
    $query = $this->db->get('users'); 
    if($row = $query->row()){ 
     $newdata = array(
      'id' => $rows->id, 
      'username' => $rows->username, 
      'email' => $rows->email, 
      'password' => $rows->password, 
      'logged_in' => TRUE, 
     ); 
     $this->session->set_userdata($newdata); 
     return true; 
    } 
    return false; 
}

這樣,您將有一個更簡單的方式來設定來自不同地方的會話數據..

來源

2015-12-15 15:03:43 Svetoslav

相關問題

 相關問題