我目前能够允许用户登录和登录表单有验证规则,以确保字段不是空的,但是,如果任何随机名称或字母输入到字段用户已登录。如何阻止此操作并仅允许数据库中的实际用户登录?我的模型和控制器都低于验证用户登录代码点火器
控制器
<?php if (! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller{
public function __construct()
{
parent::__construct();
$this->load->model('login_model');
}
public function index()
{
if(($this->session->userdata('username')!=""))
{
$this->welcome();
} else {
$data['title']= 'MVC Application';
$this->load->view('templates/header', $data);
$this->load->view('templates/nav');
$this->load->view('login/signin', $data);
$this->load->view('templates/footer');
}
}
public function welcome()
{
$data['title']= 'MVC Application';
$this->load->view('templates/header', $data);
$this->load->view('templates/nav');
$this->load->view('login/welcome', $data);
$this->load->view('templates/footer');
}
public function login()
{
$email=$this->input->post('email');
$password=$this->input->post('pass');
$this->load->library('form_validation');
// field name, error message, validation rules
$this->form_validation->set_rules('email', 'email', 'trim|required');
$this->form_validation->set_rules('pass', 'password', 'trim|required');
if($this->form_validation->run() == FALSE) {
$this->index();
} else {
$this->login_model->login($email,$password);
$this->welcome();
}
}
public function logout()
{
$newdata = array(
'id' =>'',
'username' =>'',
'email' => '',
'logged_in' => FALSE,
);
$this->session->unset_userdata($newdata);
session_destroy();
redirect('login/index');
}
function update() {
if(!empty($_POST)) {
// Form submitted -- update database
$data = array (
'username' => $this->input->post('username'),
'email' => $this->input->post('email'),
'password' => $this->input->post('password')
);
$this->load->model('login_model');
$this->login_model->update($data);
redirect('login/welcome');
} else {
// Display form
// Prepare data to pass to the view
$data = array (
'title' => 'MVC Application',
'username' => $this->session->userdata('username'),
'email' => $this->session->userdata('email'),
'password' => $this->session->userdata('password')
);
$this->load->view('templates/header', $data);
$this->load->view('templates/nav');
$this->load->view('login/update', $data);
$this->load->view('templates/footer');
}
}
}
?>
型号
<?php if (! defined('BASEPATH')) exit('No direct script access allowed');
class Login_model extends CI_Model {
public function __construct()
{
$this->load->database();
}
public function login($email, $password)
{
$this->db->where("email",$email);
$this->db->where("password",$password);
$query=$this->db->get("mvc_user");
if($query->num_rows()>0)
{
foreach($query->result() as $rows)
{
//add all data to session
$newdata = array(
'id' => $rows->id,
'username' => $rows->username,
'email' => $rows->email,
'password' => $rows->password,
'logged_in' => TRUE,
);
}
$this->session->set_userdata($newdata);
return true;
}
return false;
}
function update($data) {
$my_id = $this->session->userdata('id');
if($my_id !== false) { // Just making sure we're logged in
$this->db->where('id', $my_id);
$this->db->update('mvc_user', $data);
$this->session->set_userdata($data);
}
}
}
?>
可以清理更多?用你需要的编辑问题 –
我只需要只有在数据库中的用户才能够登录。说有人试图在数据库中没有他们的详细信息登录,我想要显示一个错误,并说他们无法登录,而此刻任何人都将登录,并创建一个空凭证会话@Abdulla – Jess
现在我明智地缩进你的代码至少有一个错误应该是**喊你** – RiggsFolly