大家好,我在codeigniter中验证登录时遇到了这个问题,好像它没有在我的数据库中检查所需的密码。我的数据库中所需的密码是哈希使用这个
$password_hash = password_hash($password, PASSWORD_BCRYPT);
我也在使用这个哈希来测试它的能力和安全性。
我的登录视图中的代码是:
<div class="container">
<div class="card card-login mx-auto mt-5">
<div class="card-header">Login</div>
<div class="card-body">
<form method = "post" action=<?php echo base_url("Ec_controller/login"); ?> >
<div class="form-group">
<label for="Username">Username</label>
<input class="form-control" id="username" name="username" type="text" aria-describedby="emailHelp" placeholder="Enter Username">
</div>
<div class="form-group">
<label for="Password">Password</label>
<input class="form-control" id="password" name= "password" type="password" placeholder="Enter Password">
</div>
<div class="form-group">
<div class="form-check">
<label class="form-check-label">
<!-- <input class="form-check-input" type="checkbox"> Remember Password</label> -->
</div>
</div>
<input type="submit" name="submit" id="submit" class="btn btn-primary btn-xm" value="Log In" />
</form>
<div class="text-center">
<!-- <a class="d-block small" href="#">Forgot Password?</a> -->
</div>
</div>
</div>
</div>
在我的控制器上:
public function login(){
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'required|trim|callback_validate_credentials');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$username = $this->input->post('username');
$password = $this->input->post('password');
$user_id ="";
if($this->form_validation->run()){
$data = array(
'log_username' => $username,
'is_logged_in' =>1
);
$this->session->set_userdata($data);
$sql2 = $this->db->select("log_username, log_password,log_userlevel ")
->from("ec_login")
->where("log_username", $username)
->get();
foreach($sql2->result() as $user_level){
$user_id = $user_level->log_userlevel;
}
if($user_id == 1){
redirect('Ec_controller/view_admin');
}elseif ($user_id == 2) {
redirect('Ec_controller/view_it');
}else{
redirect("Ec_controller/index");
}
}else{
redirect('Ec_controller/index');
}
}
public function validate_credentials(){
$this->load->model('Ec_model');
if($this->Ec_model->can_log_in()){
return true;
}else{
$this->form_validation->set_message('validate_credentials', '<font color=red>Incorrect username/password</font>');
return false;
}
}
和我的模特:
公共职能can_log_in(){
$this->db->where('log_username', $this->input->post('username'));
$this->db->where('log_password', password_verify($this->input->post('password'), PASSWORD_BCRYPT));
$query = $this->db->get('ec_login');
if($query->num_rows() == 1)
{
return true;
}else{
return false;
}
}
当我输入用户名时,它会验证所需的用户名,唯一的问题是密码,无论我对密码进行验证并重定向到特定的页面/视图,这听起来都很疯狂。帮助和一点解释会很有帮助。
答案 0 :(得分:1)
在您的登录功能中,您不会根据数据库中的值检查密码,因此查询只是匹配用户名并忽略密码。您需要将以下内容添加到db查询中:
$password_hash = password_hash($password, PASSWORD_BCRYPT);
...
->where('log_password', $password_hash)
您还应该将此行:$this->session->set_userdata($data);移到查询下方,并将其放在if语句中:
if ($sql2->num_rows()) {
$this->session->set_userdata($data);
}
所以整个事情看起来像:
$ password_hash = password_hash($ password,PASSWORD_BCRYPT);
$sql2 = $this->db->select("log_username, log_password,log_userlevel ")
->from("ec_login")
->where("log_username", $username)
->where('log_password', $password_hash)
->get();
if ($sql2->num_rows()) {
$this->session->set_userdata($data);
}
答案 1 :(得分:1)
解决了它。
由于没有仔细阅读PHP手册中password_verify()的使用,我非常愚蠢。好吧,我终于明白了。以下是我对“更新后的问题”的回答。
public function login(){
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'required|trim');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$username = $this->input->post('username');
$password = $this->input->post('password');
$user_id ="";
if($this->form_validation->run()!= true){
redirect('Ec_controller/index');
}else{
$sql2 = $this->db->select("log_username, log_password,log_userlevel ")
->from("ec_login")
->where("log_username", $username)
->get();
foreach($sql2->result() as $user_level){
$user_id = $user_level->log_userlevel;
$user_password_db = $user_level->log_password;
}
$data = array(
'log_username' =>$username,
'log_userlevel' =>$user_id,
'log_password' =>$user_password_db,
'is_logged_in' =>1
);
$this->session->set_userdata($data);
if(password_verify($password,$user_password_db) && $user_id == 1){
redirect('Ec_controller/view_admin');
}elseif (password_verify($password,$user_password_db) && $user_id == 2) {
redirect('Ec_controller/view_it');
}else{
redirect("Ec_controller/index");
}
}
}
这让我很头疼,但这是值得的,我对结果感到高兴。
答案 2 :(得分:0)
callback in your controller:
public function password_check($str)
{
if (preg_match('#[0-9]#', $str) && preg_match('#[a-zA-Z]#', $str)) {
return TRUE;
}
return FALSE;
}
Then, update your rule to use it:
$this->form_validation->set_rules('password', 'Password', 'required|matches[passconf]|min_length[8]|alpha_numeric|callback_password_check');