Question

我正在使用codeigniter处理我自己的表单验证方法。我试图不使用那里的方法。

问题：我的用户库让我登录确定。但我的验证不是验证数据库中的密码和用户名。

应抛出$error

如果可能，我想以自己的方式使用。

控制器

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Login extends CI_Controller {
      private $error = array();

    public function __construct(){
        parent::__construct();
            $this->load->library('users');
            $this->load->library('form_validation');
            $this->lang->load('common/login', 'english');
    }

      public function index() {
            if(($this->input->server('REQUEST_METHOD') == 'POST') && $this->validate()) {
                  redirect('dashboard');
            }

            if (array_key_exists('warning', $this->error)) {
                  $data['error_warning'] = $this->error['warning'];
            } else {
                  $data['error_warning'] = '';
            }

            if (array_key_exists('session', $this->error)) {
                  $data['success'] = $this->session->userdata('success');

                  $this->session->unset_userdata('success');
            } else {
                $data['success'] = '';
            }

            if (array_key_exists('username', $this->error)) {
                  $data['error_username'] = $this->error['username'];
            } else {
                $data['error_username'] = '';
            }

            if (array_key_exists('password', $this->error)) {
                $data['error_password'] = $this->error['password'];
            } else {
                $data['error_password'] = '';
            } 

            $data['action'] = site_url('login');

            if (null !==($this->input->post('username'))) {
                  $data['username'] = $this->input->post('username');
            } else {
                  $data['username'] = '';
            }

            if (null !==($this->input->post('password'))) {
                  $data['password'] = $this->input->post('password');
            } else {
                $data['password'] = '';
            }

            $this->load->view('template/common/login', $data);
      }

      protected function validate() {
            if (null !== ($this->input->post('username')) && null !==($this->input->post('password')) && $this->users->login($this->input->post('username'), $this->input->post('password'))) {
                    $this->error['warning'] = $this->lang->line('error_login');
            }
            return !$this->error;
      }
}

图书馆用户

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Users {
      private $user_id;
      private $username;
      private $permission = array();

      public function __construct() {
            $this->CI =& get_instance();
            $this->CI->load->database();
            $this->CI->load->library('session');

            if($this->CI->session->userdata('user_id')) {

                 $user_query = $this->CI->db->query("
                    SELECT * FROM " . $this->CI->db->dbprefix ."user WHERE 
                    user_id = ". (int)$this->CI->session->userdata('user_id') ." AND status = '1'
              ");

                  if($user_query->num_rows() > 0) {

                  $this->user_id = $user_query->row('user_id');
                  $this->username = $user_query->row('username');     

                  $this->user_id = $user_query->row('user_id');

                  $data = array(
                        'user_id' => $this->user_id,
                        'username' => $this->username
                  );

                  $this->CI->session->set_userdata($data);

                  $this->CI->db->query("UPDATE " . $this->CI->db->dbprefix . "user SET ip = '" . $this->CI->input->ip_address() . "' WHERE user_id = '" . (int)$this->CI->session->userdata('user_id') . "'");

                  } else {
                        $this->logout();
                  }
            }
      }

      public function login($username, $password) {
            $user_query = $this->CI->db->query("
              SELECT * FROM ". $this->CI->db->dbprefix . "user WHERE 
              username = ". $this->CI->db->escape($username) ." 
              AND (password = sha1(CONCAT(salt, SHA1(CONCAT(salt, sha1(" . $this->CI->db->escape($password) . "))))) 
              OR password = ". $this->CI->db->escape(md5($password)) .") 
              AND status = '1'
        ");

            if($user_query->num_rows() > 0) {

                  $this->user_id = $user_query->row('user_id');
                  $this->username = $user_query->row('username');

                  $data = array(
                        'user_id' => $this->user_id,
                        'username' => $this->username
                  );

                  $this->CI->session->set_userdata($data);

                  return true;
            } else {
                  return false;
            }
      }

      public function logout() {
          $this->CI->session->unset_userdata('user_id');
          $this->CI->session->unset_userdata('username');
      }

      public function isLogged() {
            return $this->user_id;
      }
}

Answer 1

在您的资料库中，尝试更改此内容;

if($user_query->num_rows)

对此;

if($user_query->num_rows() > 0)

修改

这是我的登录功能，我用于我开发的auth系统。我使用相同的哈希函数来哈希我的所有密码，它使生活更容易

public function login($username, $password) { $password = $this->_hash_password($password); $query = $this->db->get_where('users', array('username' => $username, 'password' => $password, 'status' => '1')); if ( $query->num_rows() > 0 ) { // Found a match } else { // No match found } } // Hash the password, using the encryption key function _hash_password($password) { return hash("haval256,5", $this->config->item('encryption_key') . $password); }

验证不检查用户名和＆amp;密码CI

1 个答案: