Codeigniter - 将用户输入的密码与存储在数据库中的散列密码进行匹配始终返回 false。请帮忙
我有我的控制器设置 我的加入模型 我的 login_model
用户注册,并在通过所有验证和验证码等并单击提交后,将其设置为设置。
我的设置控制器加载 join_model 和 create() 方法,获取所有发布数据并准备将其发送到数据库。这是他们在注册表单中输入的密码被散列、加盐等的时候。
在此之后,我有一个 if 语句,用于检查用户是否通过了 login_model 中的 checkLogin 方法(值为 TRUE)。该方法位于设置控制器中,我将其称为loginValidated。
如果这是 TRUE,则用户将被重定向到会员区域(破折号)。
当我测试时,我不断被发送到失败的页面。我还将 if 状态更改为 (!this->loginValidated()),然后我被重定向到帐户区域,这意味着密码必须不匹配。
我想知道是否有人可以快速浏览一下我的代码,看看他们是否发现我哪里出错了?
<?php
class Setup extends Controller {
public function index() {
$this->load->model('join_model');
$this->join_model->create();
if ($this->loginValidated()) { //if user credentials passed validation
redirect('dash'); //forward to dashboard
}
else {
redirect('failed');
}
}
public function loginValidated() {
$this->load->model('login_model'); //load login_model model
$this->login_model->checkLogin(); //load checkLogin method
}
}
<?php
//MY CONTROLLER
class Login_Model extends CI_Model {
public function checkLogin() {
return Join_Model::$u;
$this->db->where('email', $this->input->post('email')); //compare db email to email entered in form
$this->db->where('password', $u->password); //compare db password to password entered by user after hashing
$query = $this->db->get('user'); // get the above info from 'user' table
if ($query->num_rows == 1) { //if number of rows returned is 1
$this->load->library('session');
$this->session->set_userdata('user_id',$u->id);
$this->session->set_userdata('username',$u->username);
$this->session->set_userdata('first_name',$u->first_name);
$this->session->set_userdata('last_name',$u->last_name);
$this->session->set_userdata('logged_in', 'TRUE');
return TRUE;
}
}
}
<?php
// MY JOIN MODEL
class Join_Model extends CI_Model {
public static $u;
public function create() {
$this->load->helper('date');
$this->load->library('encrypt');
$u->first_name = $this->input->post('first_name');
$u->last_name = $this->input->post('last_name');
$u->email = $this->input->post('email');
// sha1 and salt password
$salt = $this->config->item('encryption_key');
$password = $this->encrypt->sha1($this->input->post('password'));
$start_hash = sha1($salt . $password);
$end_hash = sha1($password . $salt);
$hashed = sha1($start_hash . $password . $end_hash);
$u->password = sha1($hashed);
$u->birthday = $this->input->post('year') . '-' . $this->input->post('month') . '-' . $this->input->post('day');
$u->sex = $this->input->post('sex');
$u->created_at = date('Y-m-d H:i:s', now()); // date and time user joined the website
$this->db->insert('user', $u);
}
}
I have my controller Setup
my join_model
and my login_model
A user registers and after they have passed all validation and captcha etc and have clicked submit they are set to setup.
My setup controller loads the join_model and the create() method, takes all the post data and gets ready to send it to db. This is when the password they entered in the signup form get's hashed, salted etc.
After this I have an if statement that checks whether user passed the checkLogin method in the login_model with TRUE. This method is in the setup controller and I called it loginValidated.
If that is TRUE then user is re-directed to member area (dash).
When I test I keep getting sent to the failed page. I also changed the if state to (!this->loginValidated()) and then I get de-directed to the account area meaning the passwords must not match.
I was wondering if anyone could have a quick look through my code to see if they spot where I'm going wrong?
<?php
class Setup extends Controller {
public function index() {
$this->load->model('join_model');
$this->join_model->create();
if ($this->loginValidated()) { //if user credentials passed validation
redirect('dash'); //forward to dashboard
}
else {
redirect('failed');
}
}
public function loginValidated() {
$this->load->model('login_model'); //load login_model model
$this->login_model->checkLogin(); //load checkLogin method
}
}
<?php
//MY CONTROLLER
class Login_Model extends CI_Model {
public function checkLogin() {
return Join_Model::$u;
$this->db->where('email', $this->input->post('email')); //compare db email to email entered in form
$this->db->where('password', $u->password); //compare db password to password entered by user after hashing
$query = $this->db->get('user'); // get the above info from 'user' table
if ($query->num_rows == 1) { //if number of rows returned is 1
$this->load->library('session');
$this->session->set_userdata('user_id',$u->id);
$this->session->set_userdata('username',$u->username);
$this->session->set_userdata('first_name',$u->first_name);
$this->session->set_userdata('last_name',$u->last_name);
$this->session->set_userdata('logged_in', 'TRUE');
return TRUE;
}
}
}
<?php
// MY JOIN MODEL
class Join_Model extends CI_Model {
public static $u;
public function create() {
$this->load->helper('date');
$this->load->library('encrypt');
$u->first_name = $this->input->post('first_name');
$u->last_name = $this->input->post('last_name');
$u->email = $this->input->post('email');
// sha1 and salt password
$salt = $this->config->item('encryption_key');
$password = $this->encrypt->sha1($this->input->post('password'));
$start_hash = sha1($salt . $password);
$end_hash = sha1($password . $salt);
$hashed = sha1($start_hash . $password . $end_hash);
$u->password = sha1($hashed);
$u->birthday = $this->input->post('year') . '-' . $this->input->post('month') . '-' . $this->input->post('day');
$u->sex = $this->input->post('sex');
$u->created_at = date('Y-m-d H:i:s', now()); // date and time user joined the website
$this->db->insert('user', $u);
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我的 CI 有点生疏,但看起来您在
checkLogin()函数的第一行返回了一些内容,在我看来,下面的代码没有被执行。此外,在将密码发送到数据库之前,您需要再次对密码进行哈希处理,否则您将把明文密码与哈希值进行比较。
另外,在我看来,您需要一个用户控制器和模型,而不是用户注册和登录的模型。此外,您应该避免在模型中加载库,这在使用 MVC 框架时被认为是丑陋的。
My CI is a bit rusty, but it looks like you are returning something on the first line of your
checkLogin()function, it would seem to me that the code below that is not getting executed then.Also, you need to hash the password again before you send it to the database, otherwise you are comparing the clear text password to the hash.
Also, it seems to me like you'd need a User controller and model, not a model for user registration and login. Furthermore you should refrain from loading libraries inside your model, this is considered ugly when working with an MVC framework.
您想要对任何用户输入的密码进行哈希处理,然后根据数据库检查哈希值,而不是用户输入的原始字符串。
You want to hash any user-entered password and then check the hash against the database, not the raw string the user entered.