[英]Codeigniter user registration: split login fail condition in 2 conditions to cover “account inactive” case
我已经使用Codeigniter 3进行了注册和登录申请。
当某人填写注册表单并成功提交后,“用户”表的“活动”列将收到值0,如下图所示:
用户必须先激活其帐户才能登录。
在Signin.php控制器中,我具有signin signin()
函数:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password, $active);
// Set the current user's data
if ($current_user) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
我要代替$this->session->set_flashdata("signin_failure", "Incorrect email or password");
在上面的代码中,要能够“分割”登录失败条件2: 错误的电子邮件或密码 和 帐户尚未激活 。
if (condition here) {
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
} else {
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
}
我的问题 :上面的代码中我应该放在什么位置而不是condition here
?
更具体地说:我怎么说:如果“活动”列的值为0,请执行$this->session->set_flashdata("signin_failure", "Your account has not been activated");
?
Usermodel中的user_login()函数:
public function user_login($email, $password, $active) {
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
return $query->row();
}
更新:
我想出了这个:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
但是它有一个缺陷,因为即使电子邮件和密码正确 ,但用户不活动 ,消息仍是:“电子邮件或密码错误”,而不是“您的帐户尚未激活”。
只需从模型中的user_login
函数中删除对active的检查即可。 由于您已经在检查ID,因此该用户处于活动状态或不在您的控制器中。 它不应该影响您的工作。
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password)]);
编辑:
在笨论坛中有详细描述答案贡献JayAdra 这里
这是因为您的第一个if语句是:
if ($current_user) {
对于不活动的用户,它将返回false,因为您的查询是:
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
注意,“ active” => 1的检查意味着它不会为非活动用户返回任何记录。
因此,您的第一个if语句返回false,因此转到具有以下内容的else子句:
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
因此,您可能需要先检查用户是否处于活动状态,然后再检查用户名/密码是否正确。
我建议将“ user_login”功能分为两个不同的功能。 一种用于检查用户是否处于活动状态,一种用于测试用户/通过组合。
最后,我注意到您将密码存储为md5字符串...这是个坏主意。 这是不安全的。 使用bcrypt或类似的。
/***************************************/ // model function
function user_login($email,$password)
{
$this->db->select("*");
$this->db->from('table_name');
$this->db->where(array('email'=>$email,'password'=>$password));
$this->db->limit(1);
$query = $this->db->get();
if(!$query->num_rows())
return false;
return $query->row_array();
}
/***************************************/ // controller
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run()){
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user['active'] == 1) {
$this->session->set_userdata(array(
'user_id' => $current_user['id'],
'user_email' => $current_user['email'],
'user_first_name' => $current_user['fname'],
'user_active' => $current_user['active'],
'is_logged_in' => TRUE
));
redirect('home');
}else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
}else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else{
$this->load->view('signin');
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.