登录表单无效
[英]Login form not validating
问题描述
I am creating a login form but it does not do the validation rightly against the value in the database. 
我正在创建一个登录表单,但是它没有正确地针对数据库中的值进行验证。 when I put in the wrong password it still redirects me to the page that needs login access 当我输入了错误的密码时,它仍将我重定向到需要登录访问的页面
CONTROLLER 控制器
public function login() {
$this->form_validation->set_rules('username', 'Username', 'trim|required|alpha_numeric|min_length[6]|max_length[12]|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'trim|required|alpha_numeric|min_length[6]|max_length[6]|xss_clean');
if ($this->form_validation->run() == FALSE) {
// return main page if submitted form is invalid.
$this->load->view('abt_login');
} else {
$this->load->model('abt_db');
$q = $this->abt_db->check_login();
if($q)
{
$data = array(
'email' => $this->input->post('email'),
'password' => $this->input->post('password'),
);
$this->session->set_userdata($data);
redirect('index.php/abovetheblues/abt-abovetheblues');
}
else
{
redirect('index.php/abovetheblues/abt_selfhelp');
}
}
}
MODEL 模型
function check_login() {
$this->load->database();
$this->db->where('email', $this->input->post('email'));
$this->db->where('password', $this->input->post('password'));
$q = $this->db->get('user');
if ($q->num_rows == 1) {
return true;
}
}
2 个解决方案
解决方案1
1 2013-08-06 16:11:23
num_rows is a function and you not call the function num_rows是一个函数,您不调用该函数
Try to change this: 尝试更改此:
if ($q->num_rows == 1) {
return true;
}
to this: 对此:
if ($q->num_rows() == 1) {
return true;
}
解决方案2
0 已采纳 2013-08-06 16:24:03
Consider passing the two variables to the function instead of trying to grab them from the input class: 考虑将两个变量传递给函数,而不是尝试从输入类中获取它们:
Controller: 控制器:
$this->load->model('abt_db');
$q = $this->abt_db->check_login($this->input->post('email'), $this->input->post('password'));
Model: 模型:
function check_login($email, $password) {
$this->load->database();
$this->db->where('email', $email);
$this->db->where('password', $password); ## VERY UNSECURE - SEE BELOW
$q = $this->db->get('user');
if ($q->num_rows() == 1) { ## as seen in the previous answer
return true;
}
return false; ## You NEED to have this.
}
PLEASE NOTE: 请注意:
You are checking the password directly with the database in plaintext. 您正在使用明文直接与数据库一起检查密码。 This is a terrible idea and will lead to your application getting compromised. 这是一个糟糕的主意,将导致您的应用程序受到威胁。
I strongly recommend you read this excellent primer on password security: 我强烈建议您阅读有关密码安全性的出色入门知识:
Salting Password Hashing 盐化密码哈希
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.