1. 首页
  2. 问答
  3. 验证用户登录代码点火器

验证用户登录代码点火器

2015-12-15 16 views
0

我目前能够允许用户登录和登录表单有验证规则,以确保字段不是空的,但是,如果任何随机名称或字母输入到字段用户已登录。如何阻止此操作并仅允许数据库中的实际用户登录?我的模型和控制器都低于验证用户登录代码点火器

控制器

<?php if (! defined('BASEPATH')) exit('No direct script access allowed'); 
class Login extends CI_Controller{ 

    public function __construct() 
    { 
     parent::__construct(); 
     $this->load->model('login_model'); 
    } 


    public function index() 
    { 
     if(($this->session->userdata('username')!="")) 
     { 
      $this->welcome(); 
     } else { 
      $data['title']= 'MVC Application'; 
      $this->load->view('templates/header', $data); 
      $this->load->view('templates/nav'); 
      $this->load->view('login/signin', $data); 
      $this->load->view('templates/footer'); 
     } 
    } 


    public function welcome() 
    { 

     $data['title']= 'MVC Application'; 
     $this->load->view('templates/header', $data); 
     $this->load->view('templates/nav'); 
     $this->load->view('login/welcome', $data); 
     $this->load->view('templates/footer'); 

    } 


    public function login() 
    { 
     $email=$this->input->post('email'); 
     $password=$this->input->post('pass'); 

     $this->load->library('form_validation'); 
     // field name, error message, validation rules 
     $this->form_validation->set_rules('email', 'email', 'trim|required'); 
     $this->form_validation->set_rules('pass', 'password', 'trim|required'); 

     if($this->form_validation->run() == FALSE) { 
      $this->index(); 
     } else { 
      $this->login_model->login($email,$password); 
      $this->welcome(); 
     } 
    } 

    public function logout() 
    { 
     $newdata = array(
       'id' =>'', 
       'username' =>'', 
       'email'  => '', 
       'logged_in' => FALSE, 
       ); 
     $this->session->unset_userdata($newdata); 
     session_destroy(); 
     redirect('login/index'); 
    } 

    function update() { 

     if(!empty($_POST)) { 

      // Form submitted -- update database 
      $data = array (
        'username' => $this->input->post('username'), 
        'email' => $this->input->post('email'), 
        'password' => $this->input->post('password') 
       ); 
      $this->load->model('login_model'); 
      $this->login_model->update($data); 
      redirect('login/welcome'); 

     } else { 

      // Display form 
      // Prepare data to pass to the view 
      $data = array (
         'title' => 'MVC Application', 
         'username' => $this->session->userdata('username'), 
         'email' => $this->session->userdata('email'), 
         'password' => $this->session->userdata('password') 
        ); 

      $this->load->view('templates/header', $data); 
      $this->load->view('templates/nav'); 
      $this->load->view('login/update', $data); 
      $this->load->view('templates/footer'); 

     } 

    } 
} 
?>

型号

<?php if (! defined('BASEPATH')) exit('No direct script access allowed'); 
class Login_model extends CI_Model { 

    public function __construct() 
    { 
      $this->load->database(); 
    } 

    public function login($email, $password) 
    { 
     $this->db->where("email",$email); 
     $this->db->where("password",$password); 
     $query=$this->db->get("mvc_user"); 

     if($query->num_rows()>0) 
     { 
      foreach($query->result() as $rows) 
     { 
     //add all data to session 
     $newdata = array(
        'id' => $rows->id, 
        'username' => $rows->username, 
        'email' => $rows->email, 
        'password' => $rows->password, 
        'logged_in' => TRUE, 
       ); 
     } 
     $this->session->set_userdata($newdata); 
     return true; 
    } 
    return false; 
} 

function update($data) { 
    $my_id = $this->session->userdata('id'); 
    if($my_id !== false) { // Just making sure we're logged in 
     $this->db->where('id', $my_id); 
     $this->db->update('mvc_user', $data); 
     $this->session->set_userdata($data); 
} 
} 
} 
?>

来源

2015-12-15 Jess

+0

可以清理更多?用你需要的编辑问题 –

+0

我只需要只有在数据库中的用户才能够登录。说有人试图在数据库中没有他们的详细信息登录,我想要显示一个错误,并说他们无法登录,而此刻任何人都将登录,并创建一个空凭证会话@Abdulla – Jess

+0

现在我明智地缩进你的代码至少有一个错误应该是**喊你** – RiggsFolly

回答

2

在你的模型。更改登录功能:

public function login($email, $password) 
{ 
    $this->db->where('email',$email); 
    $this->db->where('password',$password); 
    $query = $this->db->get('mvc_user'); 

    if($query->num_rows()>0) 
    { 
     foreach($query->result() as $row) 
     { 
      //add all data to session 
      $newdata = array(
       'id'  => $row->id, 
       'username' => $row->username, 
       'email'  => $row->email, 
       'password' => $row->password, 
       'logged_in' => TRUE, 
      ); 
     } 
     $this->session->set_userdata($newdata); 
     return true; 
    } 
    return false; 
}

在您的控制器登录:

public function login() 
{ 
    $email = $this->input->post('email'); 
    $password = $this->input->post('pass'); 

    $this->load->library('form_validation'); 
    // field name, error message, validation rules 
    $this->form_validation->set_rules('email', 'email', 'trim|required'); 
    $this->form_validation->set_rules('pass', 'password', 'trim|required'); 


    if ($this->form_validation->run() && $this->login_model->login($email, $password)) { //If success login 
     $this->welcome(); 
     //Here we can echo success because both the form validation was successfull and the login. 
    } else { 
     $this->index(); 
     //Here goes the Error message 
    } 
}

您还可以使用$query = $this->db->get_where('mvc_user', array('email' => $email, 'password', $password));

代替

$this->db->where('email',$email); 
$this->db->where('password',$password); 
$query = $this->db->get('mvc_user');

,如果你喜欢短代码

来源

2015-12-15 15:08:49

+0

我这样做,并得到一个错误“呼叫未定义的方法CI_DB_mysqli_driver :: NUM_ROWS() 文件名:型号/ Login_model.php 行号:18' @IlanHasanov – Jess

+0

@Jess现在新的代码尝试 –

+0

感谢@IlanHasanov!我会在哪里放置我的错误消息? – Jess

1

在你登录的行动,而不是只:

$this->login_model->login($email,$password); 
$this->welcome();

你必须检查是否是真的还是假的

if($this->login_model->login($email,$password)) { 
    $this->welcome(); 
} else { 
    // HERE is the place for wrong user/pass message to be triggered 
}

第二件事.. 从用户模型中的UPDATE和Login方法中删除任何会话更新。而是添加另一种方法,并从登录和更新称之为..

private function setSessionData($userid){ 
    $this->db->where('user_id', $userid); 
    $this->db->select('*'); 
    $query = $this->db->get('users'); 
    if($row = $query->row()){ 
     $newdata = array(
      'id' => $rows->id, 
      'username' => $rows->username, 
      'email' => $rows->email, 
      'password' => $rows->password, 
      'logged_in' => TRUE, 
     ); 
     $this->session->set_userdata($newdata); 
     return true; 
    } 
    return false; 
}

这样,您将有一个更简单的方式来设定来自不同地方的会话数据..

来源

2015-12-15 15:03:43 Svetoslav

相关问题

 相关问题