我正在Codeigniter中创建一个登录部分。但它没有检查数据库并通过任何凭据进入网站。这是我的代码。
控制器:登录
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller {
function __construct() {
parent::__construct();
$this->load->model('login_model','',TRUE);
}
public function index() {
$this->load->helper('form');
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == FALSE) {
if (isset($this->session->userdata['id'])) {
redirect('home/profile');
} else {
//else it will redirect you to login page.
$this->load->view('templates/header');
$this->load->view('login');
$this->load->view('templates/footer');
}
} else {
//if it's a post request with valid data it will validate data in database.
$username = $this->input->post('username');
$password = md5($this->input->post('password'));
$result = $this->login_model->login($username, $password);
//This condition redirect you to homepage if you entered valid credentials
if (count($result) !== 0) {
$this->session->set_userdata('id', $username);
redirect('home/profile');
} else {
//This will redirect you to login page with error.
$this->session->set_flashdata('message', 'Login Fail!!<br>Invalid username or password!!');
redirect('login');
}
}
}
}
?>
这是Model Page:Login_model
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login_model extends CI_Model{
function login($username, $password)
$this->db->select('id','username','password');
$this->db->from('users');
$this->db->where('username', $username);
$this->db->where('password', md5($password));
$this->db->limit(1);
$query = $this->db->get();
if($query->num_rows()>1){
return $query->result();
}else{
return false;
}
}
}
答案 0 :(得分:0)
在Login_model中,您的查询限制为1。对于此$ query-&gt; num_rows()永远不会大于1 如果
,请使用 ==if( $query->num_rows() == 1 ){
return $query->result();
}
答案 1 :(得分:0)
你应该没有包括md5检查,因为你已经做过并发送给模型:
所以改变这一行:
$this->db->where('password', md5($password));
到
$this->db->where('password', $password);
并检查结果。