Codeigniter - 数组无法正常工作

时间:2013-06-23 01:10:57

标签: arrays codeigniter

每当我调用此函数时,我都会正确获取user_id,但密码未经检查...

型号:

<?php
class Prometheus_model extends CI_Model {

        var $tables = array(
                'bots' => 'bots',
                'users' => 'users'
        );

        function __construct() {
                parent::__construct();
        }

        public function tablename($table = NULL) {
                if(! isset($table)) return FALSE;
                return $this->tables[$table];
        }

        public function get($table, $where = array(), $order = NULL) {
            $this->db->where($where);
            if(isset($order)) {
            $this->db->order_by($order);
            }
            $q = $this->db->get_where($this->tablename($table),$where);
            $result = $q->result_array();
            // You should use $q->num_rows() to detect the number of returned rows
            if($q->num_rows()) {
            return $result[0];
            }
            return $result;
    }

        public function update($table, $where = array(), $data) {
                $this->db->update($this->tablename($table),$data,$where);
                return $this->db->affected_rows();
        }

        public function insert($table, $data) {
                $this->db->insert($this->tablename($table),$data);
                return $this->db->insert_id();
        }

        public function delete($table, $where = array()) {
                $this->db->delete($this->tablename($table),$where);
                return $this->db->affected_rows();
        }

        public function explicit($query) {
                $q = $this->db->query($query);
                if(is_object($q)) {
                        return $q->result_array();
                } else {
                        return $q;
                }
        }

        public function num_rows($table, $where = NULL) {
                if(isset($where)){
                $this->db->where($where);
                }
                $q = $this->db->get($table);
                return $q->num_rows();
        }

        public function get_bot_data_by_hw_id($bot_hw_id) {
                $q = $this->get('bots', array('bot_hw_id' => $bot_hw_id));
                return $q;
        }

        public function check_user_data($user_incredials, $user_password) {

                if($this->num_rows('users', array('user_name' => $user_incredials, 'user_password' => $this->encrypt->decode($user_password))) == 1){
                        $q = $this->get('users', array('user_name' => $this->security->xss_clean($user_incredials)));
                        return $q['user_id'];
                }
                return FALSE;
        }

}

?>

我在控制器上的函数调用:

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Login extends CI_Controller {

        public function index(){


                if($this->input->post('user_login')){
                        var_dump($this->prometheus_model->check_user_data($this->input->post('user_incredials'), $this->input->post('user_password')));
                }

                $this->load->view('login_index');
        }

}

我怎么能修复这个?

1 个答案:

答案 0 :(得分:2)

在您正在使用的check_user_data()方法中

if($this->num_rows('users', array('user_name' => $user_incredials, 'user_password' => $this->encrypt->decode($user_password))) == 1)

我认为(逻辑上)代码

$this->encrypt->decode($user_password)

应该是

$this->encrypt->encode($user_password)

因为,您正在调用num_rows()方法,而且它是

public function num_rows($table, $where = NULL)
{
    if(isset($where)){
        $this->db->where($where);
    }
    $q = $this->db->get($table);
    return $q->num_rows();
}

实际上是在查询数据库,例如

select * from USERS where user_name = 'heera' and password = decode('abcde12345')

在这种情况下,您尝试匹配的密码需要使用encode(非解码)方法加密,因为用户已经为您提供了非加密(普通)密码并且密码保存在数据库已加密,因此在查询数据库以匹配已编码的密码之前,请使用encode方法对纯密码进行编码。

相关问题
最新问题