Codeigniter用户注册:将登录失败情况分为2种情况,以涵盖“帐户无效”情况
[英]Codeigniter user registration: split login fail condition in 2 conditions to cover “account inactive” case
问题描述
I have made a Registration and Login application with Codeigniter 3. 
我已经使用Codeigniter 3进行了注册和登录申请。
When someone fills the Registration form and submits it successfully, the "active" column of the "users" table receives the value 0, as visible in the image bellow: 当某人填写注册表单并成功提交后,“用户”表的“活动”列将收到值0,如下图所示:
Users will have to activate their accounts before being able to sign in. 用户必须先激活其帐户才能登录。
In the Signin.php controller I have the signin() function: 在Signin.php控制器中,我具有signin signin()函数:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password, $active);
// Set the current user's data
if ($current_user) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
I want, instead of the line $this->session->set_flashdata("signin_failure", "Incorrect email or password"); 我要代替$this->session->set_flashdata("signin_failure", "Incorrect email or password"); in the code above, to be able to "split" the login failure condition in 2: Incorrect email or Password and account has not been activated . 在上面的代码中,要能够“分割”登录失败条件2: 错误的电子邮件或密码 和 帐户尚未激活 。
if (condition here) {
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
} else {
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
}
My question : what should I put instead of condition here in the code above? 我的问题 :上面的代码中我应该放在什么位置而不是condition here ?
More specifically: how do I say: if the "active" column has the value 0 do $this->session->set_flashdata("signin_failure", "Your account has not been activated"); 更具体地说:我怎么说:如果“活动”列的值为0,请执行$this->session->set_flashdata("signin_failure", "Your account has not been activated"); ? ?
The user_login() function inside the Usermodel : Usermodel中的user_login()函数:
public function user_login($email, $password, $active) {
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
return $query->row();
}
UPDATE: 更新:
I came up with this: 我想出了这个:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
but there is a flaw in it because even when the email and password are correct , but the user is inactive , the message is: "Incorrect email or password" Instead of "Your account has not been activated". 但是它有一个缺陷,因为即使电子邮件和密码正确 ,但用户不活动 ,消息仍是:“电子邮件或密码错误”,而不是“您的帐户尚未激活”。
2 个解决方案
解决方案1
1 已采纳 2017-10-15 12:46:25
Just remove the check for active from user_login function in model. 只需从模型中的user_login函数中删除对active的检查即可。 As you are already checking id the user is active or not in your controller. 由于您已经在检查ID,因此该用户处于活动状态或不在您的控制器中。 It should not impact your working. 它不应该影响您的工作。
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password)]);
EDIT: 编辑:
Well elaborated answer Contribution by JayAdra in the Codeigniter forum here 在笨论坛中有详细描述答案贡献JayAdra 这里
This is because your first if statement is: 这是因为您的第一个if语句是:
if ($current_user) {
Which will return false for an inactive user, as your query is: 对于不活动的用户,它将返回false,因为您的查询是:
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
Notice, the check for "active" => 1, meaning it won't return any records for inactive users. 注意,“ active” => 1的检查意味着它不会为非活动用户返回任何记录。
So your first if statement returns false, hence going to the else clause which has: 因此,您的第一个if语句返回false,因此转到具有以下内容的else子句:
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
So you probably need to check if the user is active first, before checking if their username/password is correct. 因此,您可能需要先检查用户是否处于活动状态,然后再检查用户名/密码是否正确。
I'd suggest splitting your "user_login" function into two distinct functions. 我建议将“ user_login”功能分为两个不同的功能。 One to check if the user is active, and one to test the user/pass combo. 一种用于检查用户是否处于活动状态,一种用于测试用户/通过组合。
Lastly, I noticed you're storing your password as md5 strings... this is a bad idea. 最后,我注意到您将密码存储为md5字符串...这是个坏主意。 It's not secure. 这是不安全的。 Use bcrypt or similar. 使用bcrypt或类似的。
解决方案2
0 2017-10-15 09:36:08
/***************************************/ // model function
function user_login($email,$password)
{
$this->db->select("*");
$this->db->from('table_name');
$this->db->where(array('email'=>$email,'password'=>$password));
$this->db->limit(1);
$query = $this->db->get();
if(!$query->num_rows())
return false;
return $query->row_array();
}
/***************************************/ // controller
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run()){
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user['active'] == 1) {
$this->session->set_userdata(array(
'user_id' => $current_user['id'],
'user_email' => $current_user['email'],
'user_first_name' => $current_user['fname'],
'user_active' => $current_user['active'],
'is_logged_in' => TRUE
));
redirect('home');
}else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
}else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else{
$this->load->view('signin');
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.