Question

我的控制器

// display the login page
    public function index() {
        // on form data
        $onsumbit = $this->input->post('verify');
        if(isset($onsumbit)) {

           $user_name = $this->input->post('user_name');
           $password = $this->input->post('password');

            // verify login
            $verified = $this->login_model->login_verify($user_name,$password);
            // success
            if($verified) {
                redirect('dashboard');
            }
            // failure
            else {
                $this->session->set_flashdata('login_failure','Please check your email and password and try again');
                redirect('index');
            }
        }
        // login page
        $this->load->view('login');
    }

我的模特

public function login_verify($user_name,$password) {
        $hashed_password = $this->verify_password($user_name);
        $this->db->where('user_name',$user_name)->where('password',password_verify($password, $hashed_password));
        $result = $this->db->get('employee');
        if($result -> num_rows() > 0) {

        $session = array(
            'employee_id'   => $result->row()->employee_id,
            'name'          => $result->row()->first_name.' '.$result->row()->last_name,
            'employee_role' => $result->row()->employee_role,
            'is_logged_in'  => TRUE,
        );
        // set session
        $this->session->set_userdata($session);
        return TRUE;
        } else {
            return FALSE;
        }

    }

     private function verify_password($user_name) {
        $this->db->where('user_name',$user_name);
        $result = $this->db->get('employee');
        if($result -> num_rows() > 0) {
         return  $get_password = $result->row(0)->password;
        }

    }

我正在对我的登录进行密码哈希，我添加了默认的password_hashing（）。当我验证密码没有正常工作时，它登录仪表板的任何密码类型。我忘了这里，任何帮助将不胜感激。

Answer 1

您可以稍微简化它，但正如@ h2ooooooo所提到的，您无法通过password_verify从数据库中进行选择。

以下是我用于身份验证的内容：

public function login()
{
    $this->form_validation->set_rules('email', 'E-mail', 'required|valid_email');
    $this->form_validation->set_rules('password', 'Password', 'required');

    if ($this->form_validation->run()) {

        // Get the actual user from the database, you can use email or username, whatever you want
        $user = $this->user->get($this->input->post('email'));

        // If we have a user, then we can check against the submitted password:
        if ($user && password_verify($this->input->post('password'), $user->password)) {
            $this->session->set_userdata([
                // Your session data 
            ]);
            redirect('/');
        } else {
            $this->session->set_flashdata('error', 'Wrong credintals');
            redirect('login');
        }
    }

    $this->load->view('auth/login');
}

password_verify（）无法正常工作

1 个答案: