RalphLeMouf

Ok - I think I'm in the right spot and understanding everything. For some reason the post pw field is not getting hashed via $this->output->enable_profiler(TRUE); I've made new comments for everything: CONTROLLER: function validate_credentials() { // WHEN THE VIEW IS LOADED THIS FUNCTION IS CALLED AND LOADS MODEL AS WELL AS DEFINES THE SALT VARIABLE AND LOADS THE ENCRYPTING HELPER LIBRARY $this->load->model('user_model', 'um'); $login = $this->input->post('submit'); $salt = $this->_salt(); $this->load->library('encrypt'); //IF THE SUBMIT BUTTON IS TRIGGERED THE POST DATA IS SENT TO THE VALIDATE FUNCTION IN THE MODEL VIA VARIABLES CREATED if($login) { $data = array( 'email' => $this->input->post('email'), 'password' => $this->encrypt->sha1($user->salt. $this->encrypt->sha1($this->input->post('password'))) ); $user = $this->um->validate($data); } // IF ITS A REAL USER OPEN THE GATE AND LET THEM IN if($user) { $this->session->set_userdata($data); redirect('account/dashboard'); } else { // RELOAD THE LOGIN VIEW IF INFO DOESN'T CHECK OUT $this->index(); } } MODEL: function validate($data) { $this->output->enable_profiler(TRUE); // TAKING THE DATA FROM THE MODEL AND CHECKING IT AGAINST THE STORED INFO IN THE DB $query = $this->db->where($data)->get('users', 1); if($query->row()) { return $query->row(); } }

I just noticed a mistake I made. I went ahead and fixed it and changed $user = $this->um->get_user(array('email' => $this->input->post('email'))); to $user = $this->um->validate(array('email' => $this->input->post('email')));

ok I think I'm super close. I've fixed my salt problem and added 'alnum' so it's hashing properly and have stored it in a row in my db. However I am not sure on how to pass the method to the user model ( undefined method error ) It seems that I'm doing that with $data: Here is my current configuration - CONTROLLER: function validate_credentials() { $this->load->model('user_model', 'um'); $login = $this->input->post('submit'); $user = $this->um->validate( array('email' => $this->input->post('email')) ); if($login) { $user = $this->um->get_user(array('email' => $this->input->post('email'))); } if($user) { $data = array( 'email' => $user->email, 'password' => $this->encrypt->sha1($user->salt. $this->encrypt->sha1($this->input->post('password'))) ); $user = $this->um->get_user($data); } if($query) { $this->session->set_userdata($data); redirect('account/dashboard'); } else { $this->index(); } } MODEL: function validate($data) { $this->output->enable_profiler(TRUE); $query = $this->db->where($data)->get('users', 1); if($query->row()) { return $query->row(); } }

*edit* // I changed 'get_user' to validate $this->load->model('user_model', 'users'); $login = $this->input->post('submit'); $user = $this->users->validate( array('email' => $this->input->post('email')) ); if($login) { $query = $this->user_model->validate(); }

Ok so I adopted your method to my existing code: One question I have is in this portion of the array - 'password' => $this->encrypt->sha1($user->salt. $this->encrypt->sha1($this->input->post('password'))) I am using your method of creating the salt on the fly withOUT storing the users unique salt in the database. So I'm assuming $user->salt will work? Lastly, I am getting the Fatal error: Call to undefined method User_model::get_user() in /Users/michaelsanger/Sites/cl_ci_new/application/controllers/auth.php on line 34 error again. Here is a complete look of what I have with comments of how I'm understanding everything. Thanks for being patient and helping me learn. CONTROLLER: function validate_credentials() { // loading the model with the the second object being the database name? $this->load->model('user_model', 'users'); // when the user hits submit and enters their info, the following checks takes what they entered and stores it in $data and sends over to the model to run and check the query log the user in and start their session. $login = $this->input->post('submit'); if($login) { $user = $this->users->get_user( array('email' => $this->input->post('email')) ); $query = $this->user_model->validate(); } if($user) { $data = array( 'email' => $user->email, 'password' => $this->encrypt->sha1($user->salt. $this->encrypt->sha1($this->input->post('password'))) ); $user = $this->users->get_user($data); } if($query) { $data = array( 'email' => $this->input->post('email'), 'is_logged_in' => true ); $this->session->set_userdata($data); redirect('account/dashboard'); } else { $this->index(); } } MODEL: // takes the data created by the user from the controller and checks it with the database function validate($data) { $this->output->enable_profiler(TRUE); $query = $this->db->where($data)->get('users', 1); if($query->row()) { return $query->row(); } }

I appreciate all your time and am glad your not writing it for me! I've gone and taken all input values out of my model and reconstructed everything ( although written inproperly) This is how I am understanding your logic flow but please bare with the syntax as it's really wrong :\ CONTROLLER: function validate_credentials() { $this->load->model('user_model'); $query = $this->user_model->validate(); if($query) { $data = array( 'email' => $this->input->post('email'), 'password' => $this->encrypt->sha1($salt . $this->input->post('password')), 'is_logged_in' => true ); $this->session->set_userdata($data); redirect('account/dashboard'); } else { $this->index(); } } MODEL: function validate() { $this->output->enable_profiler(TRUE); $salt = $this->_salt(); $this->load->library('encrypt'); $query = $this->db->get('users'); $this->db->get('email'); $this->encrypt->sha1($this->db->get('password' $salt)); if($query->num_rows == 1) { return true; } } Is this more of what you are talking about logic wise?

Once again. That's exactly what I've been trying to do this whole time. Being new with codeigniter and MVC all together, the struggle/issue here is my inability and or lack of knowledge on how to write that syntactically correct. It's a very simple concept that I understand fully. Just don't know how to write it!

moreover I realize that and that is what I am trying to accomplish. I am just not sure on how to WRITE it in a syntactically correct manor. ALL I'm trying to do right now is compare what the user inputs in the password field and MATCH it with what I have stored in the db. Which has been hashed and salted a certain way. To be clear that I understand what is going on.

haha ok thanks!

fair enough. Will do ASAP. Is my logic at least in the correct place? On the right track at least as far logical structure?

I'm thinking you guy's mean something more like this ( although still posing syntax errors :'( MODEL: function validate() { $salt = $this->_salt(); $this->load->library('encrypt'); $this->db->where('email', $this->input->post('email')); $this->db->where->this->encrypt('password', $salt . $this->input->post(sha1('password'))); if($query->num_rows == 1) { return true; } } CONTROLLER: function validate_credentials() { $this->load->model('user_model'); $query = $this->user_model->validate(); if($query) { $data = array( 'email' => $this->input->post('email'), 'password' => $this->input->post(sha1('password', $salt))) 'is_logged_in' => true ); $this->session->set_userdata($data); redirect('account/dashboard'); } else { $this->index(); } }

not sure in what context you mean? yes one is from my controller and one is from my model. They are the two functions working together. CONTROLLER function validate_credentials() { $this->load->model('user_model'); $query = $this->user_model->validate(); if($query) { $data = array( 'email' => $this->input->post('email'), 'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1 . $this->input->post('password'))) 'is_logged_in' => true ); $this->session->set_userdata($data); redirect('account/dashboard'); } else { $this->index(); } } MODEL: function validate() { $salt = $this->_salt(); $this->load->library('encrypt'); $this->db->where('email', $this->input->post('email')); $this->db->where('password', $salt . $this->input->post(sha1('password'))); if($query->num_rows == 1) { return true; } }

I've added to my array what I think seems logical, however I"m still having trouble with the syntax for the pw section in the array 'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1 . $this->input->post('password'))) here is the validate() in the model function validate() { $salt = $this->_salt(); $this->load->library('encrypt'); $this->db->where('email', $this->input->post('email')); $this->db->where('password', $salt . $this->input->post(sha1('password'))); if($query->num_rows == 1) { return true; } }

I see! Thanks, guy's I will keep you posted on the proposed success.

@jesirose - I've adapted your code chunk to my application, however I"m getting the same error message A PHP Error was encountered Severity: Notice Message: Undefined property: CI_Encrypt::$sha1 Filename: models/user_model.php Line Number: 31 $salt = $this->_salt(); $this->load->library('encrypt'); $this->db->where('email', $this->input->post('email')); $password = $this->input->post('password'); $salted_password = $salt . $this->encrypt->sha1 . $password; $encrypted_password = $this->encrypt->sha1($salted_password); $this->db->where('password', $encrypted_password); $query = $this->db->get('users');

Hello - I've tried various combinations of this and have scoured syntax validators. The closet one I could find told me I had an extra ')' but not what the problem was. Thanks in advance. $this->db->where('password', $this->encrypt->sha1($salt . $this->encrypt->sha1. $this->input->post('password')));

that works beautifully! thanks!

@Mahngiel, I've implemented your method as a start and have it working. However I'm getting an undefined variable variable with $length . They also raises the question of where is that being used after creation?

Hello - I am currently creating a user and storing their info in the database. There seems to be a number of ways to hash passwords using sha1 and md5 and the encryption_class , however I am looking for the best way to do this combining sha1 and salting it with my random string I have set in my encryption key. Obviously I am going to want to be able to log the user back in with the encryption in tact and overall am looking for the most secure way to do all of this.Any suggestion or link to a tutorial or example would be greatly appreciated. Thanks in advance. MODEL: <?php class User_model extends CI_Model { function __construct() { parent::__construct(); } function create_member() { $this->load->library('encrypt'); $new_member_insert_data = array( 'first_name' => $this->input->post('first_name'), 'last_name' => $this->input->post('last_name'), 'email' => $this->input->post('email'), 'password' => $this->input->post('password') ); $insert = $this->db->insert('users', $new_member_insert_data); return $insert; } } VIEW: <div class="home_left clearfix"> <div class="sign_up"> <div class="sign_up_title"> Join Today! </div> <?php echo validation_errors(); echo form_open('auth/create_member'); echo "<div class='form_text_signup'>"; echo "First Name"; echo "</div>"; echo form_input('first_name', set_value('first_name')); echo "<div class='form_text_signup'>"; echo "Last Name"; echo "</div>"; echo form_input('last_name', set_value('last_name')); echo "<div class='form_text_signup'>"; echo "Email"; echo "</div>"; echo form_input('email', set_value('email')); echo "<div class='form_text_signup'>"; echo "Password"; echo "</div>"; echo form_label('', 'password', array('type'=>'password')); $data = array( 'name' => 'password', 'class' => 'input', 'size' => 30 ); echo form_password($data, set_value('sha1(password)')); echo "<div class='form_text_signup'>"; echo "Confirm Password"; echo "</div>"; echo form_label('', 'password2', array('type'=>'password')); $data = array( 'name' => 'password2', 'class' => 'input', 'size' => 30 ); echo form_password($data, set_value('sha1(password2)')); echo form_submit('submit', 'Submit'); echo validation_errors('<p class="error">'); echo form_close(); ?> </div> </div> <div class="home_right clearfix"> <div class="home_image_bg"> </div> <div class="resources"> <div class="node_title_resources"> <a href=""> Resources </a> </div> </div> <div class="grant"> <div class="node_title_grant"> <a href=""> Grant </a> </div> </div> <div class="living"> <div class="node_title_le"> <a href=""> Living Xtreme </a> </div> </div> <div class="browse clearfix"> </div> </div> </div> CONTROLLER: <?php class Auth extends CI_Controller { function __construct() { parent::__construct(); } function create_member() { $this->load->library('form_validation'); $this->form_validation->set_rules('first_name', 'First Name', 'trim|required'); $this->form_validation->set_rules('last_name', 'Last Name', 'trim|required'); $this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email'); $this->form_validation->set_rules(sha1('password', 'trim|required|max_length[32]')); $this->form_validation->set_rules('password2', 'Confirm Password', 'trim|required|matches[password]'); if($this->form_validation->run() == FALSE) { $data['main_content'] = 'home/home_page'; $this->load->view('includes/templates/home_page_template', $data); } else { $this->load->model('user_model'); if($query = $this->user_model->create_member()) { $data['main_content'] = 'account/welcome'; $this->load->view('includes/templates/main_page_template', $data); } else { $this->load->view('home/home_page'); } } } }

ok. Np. Thanks for all your time.

right - that is my concern. it very well should be: $active_group = 'default'; $active_record = TRUE; $db['default']['hostname'] = 'localhost'; $db['default']['username'] = 'root'; $db['default']['password'] = 'root'; $db['default']['database'] = 'cysticlife_CI'; $db['default']['dbdriver'] = 'mysql'; $db['default']['dbprefix'] = ''; $db['default']['pconnect'] = TRUE; $db['default']['db_debug'] = TRUE; $db['default']['cache_on'] = FALSE; $db['default']['cachedir'] = ''; $db['default']['char_set'] = 'utf8'; $db['default']['dbcollat'] = 'utf8_general_ci'; $db['default']['swap_pre'] = ''; $db['default']['autoinit'] = TRUE; $db['default']['stricton'] = FALSE;

Ok - this is getting a little despressing :'( haha I went ahead and just tried to transfer all of my files to version 2.1.2 and not worry about updating my current files twice because I was two version behind. I am STILL having data base issues from the get go. A Database Error Occurred Unable to connect to your database server using the provided settings. Filename: core/Loader.php Line Number: 346 and here is that line in my files: require_once(BASEPATH.'database/DB.php'); if ($return === TRUE) { return DB($params, $active_record); } // Initialize the db variable. Needed to prevent // reference errors with some configurations $CI->db = ''; // Load the DB class $CI->db =& DB($params, $active_record); }

I have gone back to the most stripped down version of logging in an user. The form open location is "auth/validate_credentials" as that seems logical. Moreover when I take that out. After hitting submit on the login page it takes me to the index.php ( default view ) no matter what! I also did the updates. Here is what I currently have: Model: <?php class User_model extends CI_Model { function validate() { $this->db->where('email', $this->input->post('email')); $this->db->where('password', sha1($this->input->post('password'))); $query = $this->db->get('users'); if($query->num_rows == 1) { return true; } } } View: <title>Login</title> <!--MAKE SURE SIGNED OUT HEADER IS IMPLEMENTED FOR ALL SIGNED OUT PAGES INCLUDING THIS ONE--> <div class="structure clearfix"> <h1 class="title_header"> Sign In </h1> <div id="signin_form"> <?php echo validation_errors(); echo form_open('auth/validate_credentials'); echo "<div class='form_text_signin'>"; echo "Email"; echo "</div>"; echo form_input('email'); echo "<div class='form_text_signin'>"; echo "Password"; echo "</div>"; echo form_input('password'); echo form_submit('submit', 'Submit'); echo form_close(); ?> </div> </div> Controller: <?php class Auth extends CI_Controller { function __construct() { // Call the Model constructor parent::__construct(); } // this is automatically called if no other function is called // it simply turns around and calls the login() function to show the login page public function index() { $this->login(); } public function login() { $data['main_content'] = 'auth/login'; $this->load->view('includes/templates/main_page_template', $data); } function validate_crendentials() { echo "<pre>"; $this->output->enable_profiler(TRUE); echo "</pre>"; $this->load->model('user_model'); $this->user_model->validate(); if($query) { $data = array( 'email' => $this->input->post('email'), 'is_logged_in' => true ); $this->session->set_userdata($data); redirect('account/dashboard'); } else { $this->index(); } } }

great! Thanks. I'll keep you posted on what unfolds!

it's actually defaulting to the index page when I hit submit no matter if the fields are filled out or not. It seems like a step in the right direction though