[英]Codeigniter user registration: split login fail condition in 2 conditions to cover “account inactive” case
我已經使用Codeigniter 3進行了注冊和登錄申請。
當某人填寫注冊表單並成功提交后,“用戶”表的“活動”列將收到值0,如下圖所示:
用戶必須先激活其帳戶才能登錄。
在Signin.php控制器中,我具有signin signin()
函數:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password, $active);
// Set the current user's data
if ($current_user) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
我要代替$this->session->set_flashdata("signin_failure", "Incorrect email or password");
在上面的代碼中,要能夠“分割”登錄失敗條件2: 錯誤的電子郵件或密碼 和 帳戶尚未激活 。
if (condition here) {
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
} else {
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
}
我的問題 :上面的代碼中我應該放在什么位置而不是condition here
?
更具體地說:我怎么說:如果“活動”列的值為0,請執行$this->session->set_flashdata("signin_failure", "Your account has not been activated");
?
Usermodel中的user_login()函數:
public function user_login($email, $password, $active) {
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
return $query->row();
}
更新:
我想出了這個:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
但是它有一個缺陷,因為即使電子郵件和密碼正確 ,但用戶不活動 ,消息仍是:“電子郵件或密碼錯誤”,而不是“您的帳戶尚未激活”。
只需從模型中的user_login
函數中刪除對active的檢查即可。 由於您已經在檢查ID,因此該用戶處於活動狀態或不在您的控制器中。 它不應該影響您的工作。
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password)]);
編輯:
在笨論壇中有詳細描述答案貢獻JayAdra 這里
這是因為您的第一個if語句是:
if ($current_user) {
對於不活動的用戶,它將返回false,因為您的查詢是:
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
注意,“ active” => 1的檢查意味着它不會為非活動用戶返回任何記錄。
因此,您的第一個if語句返回false,因此轉到具有以下內容的else子句:
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
因此,您可能需要先檢查用戶是否處於活動狀態,然后再檢查用戶名/密碼是否正確。
我建議將“ user_login”功能分為兩個不同的功能。 一種用於檢查用戶是否處於活動狀態,一種用於測試用戶/通過組合。
最后,我注意到您將密碼存儲為md5字符串...這是個壞主意。 這是不安全的。 使用bcrypt或類似的。
/***************************************/ // model function
function user_login($email,$password)
{
$this->db->select("*");
$this->db->from('table_name');
$this->db->where(array('email'=>$email,'password'=>$password));
$this->db->limit(1);
$query = $this->db->get();
if(!$query->num_rows())
return false;
return $query->row_array();
}
/***************************************/ // controller
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run()){
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user['active'] == 1) {
$this->session->set_userdata(array(
'user_id' => $current_user['id'],
'user_email' => $current_user['email'],
'user_first_name' => $current_user['fname'],
'user_active' => $current_user['active'],
'is_logged_in' => TRUE
));
redirect('home');
}else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
}else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else{
$this->load->view('signin');
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.