RalphLeMouf Posted August 3, 2012 Share Posted August 3, 2012 Hello - I've tried various combinations of this and have scoured syntax validators. The closet one I could find told me I had an extra ')' but not what the problem was. Thanks in advance. $this->db->where('password', $this->encrypt->sha1($salt . $this->encrypt->sha1. $this->input->post('password'))); Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 3, 2012 Share Posted August 3, 2012 Break it out into different pieces and you'll find the problem. $this->db->where('password', $this->encrypt->sha1($salt . $this->encrypt->sha1. $this->input->post('password'))); becomes $posted_pw = $this->input->post('password'); $salted_pw = $salt . $this->encrypt->sha1 . $posted_pw; $encrypted_pw = $this->encrypt->sha1($salted_pw); $this->db->where('password', $encrypted_pw); That said, I didn't see any extra parens. What is the error you get? Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted August 3, 2012 Share Posted August 3, 2012 $this->encrypt->sha1() is a function, you're trying to concat it. Also, i've found that passing an array to a where is easier. <?php // prep data $data = array( 'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1( $this->input->post('password') ) ) ); // send data $user = $this->model->get_user($data); // receive data function get_user( $data = array() ) { // validate data if( empty($data) || !is_array( $data ) ) return FALSE; // make query $query = $this->db->where($data); // Check if query row exists if($query->row()) return $query->row(); else return FALSE; Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 6, 2012 Author Share Posted August 6, 2012 @jesirose - I've adapted your code chunk to my application, however I"m getting the same error message A PHP Error was encountered Severity: Notice Message: Undefined property: CI_Encrypt::$sha1 Filename: models/user_model.php Line Number: 31 $salt = $this->_salt(); $this->load->library('encrypt'); $this->db->where('email', $this->input->post('email')); $password = $this->input->post('password'); $salted_password = $salt . $this->encrypt->sha1 . $password; $encrypted_password = $this->encrypt->sha1($salted_password); $this->db->where('password', $encrypted_password); $query = $this->db->get('users'); Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 6, 2012 Share Posted August 6, 2012 Fortunately, you got more than one reply which pointed out the real problem. Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 6, 2012 Author Share Posted August 6, 2012 I see! Thanks, guy's I will keep you posted on the proposed success. Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 6, 2012 Author Share Posted August 6, 2012 I've added to my array what I think seems logical, however I"m still having trouble with the syntax for the pw section in the array 'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1 . $this->input->post('password'))) here is the validate() in the model function validate() { $salt = $this->_salt(); $this->load->library('encrypt'); $this->db->where('email', $this->input->post('email')); $this->db->where('password', $salt . $this->input->post(sha1('password'))); if($query->num_rows == 1) { return true; } } Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted August 6, 2012 Share Posted August 6, 2012 the two are not the same Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 6, 2012 Author Share Posted August 6, 2012 not sure in what context you mean? yes one is from my controller and one is from my model. They are the two functions working together. CONTROLLER function validate_credentials() { $this->load->model('user_model'); $query = $this->user_model->validate(); if($query) { $data = array( 'email' => $this->input->post('email'), 'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1 . $this->input->post('password'))) 'is_logged_in' => true ); $this->session->set_userdata($data); redirect('account/dashboard'); } else { $this->index(); } } MODEL: function validate() { $salt = $this->_salt(); $this->load->library('encrypt'); $this->db->where('email', $this->input->post('email')); $this->db->where('password', $salt . $this->input->post(sha1('password'))); if($query->num_rows == 1) { return true; } } Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 6, 2012 Share Posted August 6, 2012 $this->encrypt->sha1() is a function, you're trying to concat it. Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted August 6, 2012 Share Posted August 6, 2012 ^^ Furthermore 'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1 . $this->input->post('password'))) <- controller 'password', $salt . $this->input->post(sha1('password'))); <- model the two are not the same when you hash passwords, you are comparing the stored hash to the user's input that's been hashed in the same method. If you're storing it as per the first method, your login controller should take the password input, re-perform the encrypt method and compare the re-hash to the stored value. Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 6, 2012 Author Share Posted August 6, 2012 I'm thinking you guy's mean something more like this ( although still posing syntax errors :'( MODEL: function validate() { $salt = $this->_salt(); $this->load->library('encrypt'); $this->db->where('email', $this->input->post('email')); $this->db->where->this->encrypt('password', $salt . $this->input->post(sha1('password'))); if($query->num_rows == 1) { return true; } } CONTROLLER: function validate_credentials() { $this->load->model('user_model'); $query = $this->user_model->validate(); if($query) { $data = array( 'email' => $this->input->post('email'), 'password' => $this->input->post(sha1('password', $salt))) 'is_logged_in' => true ); $this->session->set_userdata($data); redirect('account/dashboard'); } else { $this->index(); } } Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 6, 2012 Share Posted August 6, 2012 I think you need to get a better understanding of how classes work. You seem to be just randomly using ., -> and () without any idea why. Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 6, 2012 Author Share Posted August 6, 2012 fair enough. Will do ASAP. Is my logic at least in the correct place? On the right track at least as far logical structure? Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted August 6, 2012 Share Posted August 6, 2012 bro... you've already established a salt for the user. you need to use THAT salt to compare it. Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 6, 2012 Author Share Posted August 6, 2012 haha ok thanks! Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 6, 2012 Author Share Posted August 6, 2012 moreover I realize that and that is what I am trying to accomplish. I am just not sure on how to WRITE it in a syntactically correct manor. ALL I'm trying to do right now is compare what the user inputs in the password field and MATCH it with what I have stored in the db. Which has been hashed and salted a certain way. To be clear that I understand what is going on. Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted August 6, 2012 Share Posted August 6, 2012 what i would is is why separation between controllers and models are so important. what i would do is start with looking for a user in the table that matches the inout username if that first step passes, you have the row's salt, right? take that salt, and use it against the same strategy you employed to creqte the hash in the first place if that result matches the earlier query's column value, then the "passwors" matches the user and a valid login has been established Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 7, 2012 Author Share Posted August 7, 2012 Once again. That's exactly what I've been trying to do this whole time. Being new with codeigniter and MVC all together, the struggle/issue here is my inability and or lack of knowledge on how to write that syntactically correct. It's a very simple concept that I understand fully. Just don't know how to write it! Quote Link to comment Share on other sites More sharing options...
Jessica Posted August 7, 2012 Share Posted August 7, 2012 So, there's three things that you need to understand how to use. . is the concatenator. It glues strings together. () pair of parens is a function call (or object creation). IE: $var = new Var(); or $data = doStuffWithData($someData); -> is calling a method from an object. IE $var = new Var(); $var->doStuff(); $this can only be used within the object you're in. An object can contain other objects so you can end up with $this->otherObj->doSomething(); Starting from the beginning: $plainPW = $this->input->post('password'); This line means there is an object called input within this object we're in, and the input object has a method called post. At this point you should have your user's inputted password. You can echo it to make sure you got the right thing. Now you want to compare it to the saved password, so you need to hash it the same way. Find the code in your model which creates the user and takes their original password and hashes it. Can you post that code here? Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted August 7, 2012 Share Posted August 7, 2012 It's a very simple concept that I understand fully. Just don't know how to write it! It's not going to do you any good if I wrote it for you. I'm trying to push you in the right direction, even giving you logic flow. All you need to do is implement it. Again, this comes back to what I've been telling you for weeks: separate the concerns between your controllers and models. STOP doing logic in your models with input values. The only thing you should be doing in your model is talking to the database. Look at your credentials method. You're not doing what you said (which you claim to be in your last post). Instead, you're trying to match with some random $salt variable. Go back to my last post, and use my flow. Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 7, 2012 Author Share Posted August 7, 2012 I appreciate all your time and am glad your not writing it for me! I've gone and taken all input values out of my model and reconstructed everything ( although written inproperly) This is how I am understanding your logic flow but please bare with the syntax as it's really wrong :\ CONTROLLER: function validate_credentials() { $this->load->model('user_model'); $query = $this->user_model->validate(); if($query) { $data = array( 'email' => $this->input->post('email'), 'password' => $this->encrypt->sha1($salt . $this->input->post('password')), 'is_logged_in' => true ); $this->session->set_userdata($data); redirect('account/dashboard'); } else { $this->index(); } } MODEL: function validate() { $this->output->enable_profiler(TRUE); $salt = $this->_salt(); $this->load->library('encrypt'); $query = $this->db->get('users'); $this->db->get('email'); $this->encrypt->sha1($this->db->get('password' $salt)); if($query->num_rows == 1) { return true; } } Is this more of what you are talking about logic wise? Quote Link to comment Share on other sites More sharing options...
Mahngiel Posted August 7, 2012 Share Posted August 7, 2012 You are getting there, but your handshakes are funny. I fear there is no way to demonstrate without writing code. Try to follow along as i bounce back and forth between classes. Controllers/login <?php // load user model $this->load->model('users_model', 'users'); // catch post $login = $this->input->post('login_button_name'); if( $login ) { $user = $this->users->get_user( array('user_email' => $this->input->post('email')) ); // -- cut to 1 models/user_model <?php function get_user( $data ) { $query = $this->db->where( $data )->get( 'users', 1 ); if( $query->row() ) return $query->row(); controllers/login <?php // back to 1 // if your query for a user with the supplied email was returned, then you know a user with that credential exists if( $user ) { // now, using that returned row, grab the salt from it and use it in a second query where you apply the same hash method $data = array( 'user_email' => $user->user_email, 'user_password' => $this->encrypt->sha1( $user->user_salt . $this->encrypt->sha1($this->input->post('password'))) ); // send that new array back to get_user $user = $this->users->get_user( $data ); Now, based on if the last user there is returned, you can check for validated user, send off to a model ( yes, a model here has one of the very rare uses of applying session data ) to apply session data. Notice how I used the controller for all the logic based off what the model returned. IMO, that is how you properly utilize the MVC method. Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 7, 2012 Author Share Posted August 7, 2012 Ok so I adopted your method to my existing code: One question I have is in this portion of the array - 'password' => $this->encrypt->sha1($user->salt. $this->encrypt->sha1($this->input->post('password'))) I am using your method of creating the salt on the fly withOUT storing the users unique salt in the database. So I'm assuming $user->salt will work? Lastly, I am getting the Fatal error: Call to undefined method User_model::get_user() in /Users/michaelsanger/Sites/cl_ci_new/application/controllers/auth.php on line 34 error again. Here is a complete look of what I have with comments of how I'm understanding everything. Thanks for being patient and helping me learn. CONTROLLER: function validate_credentials() { // loading the model with the the second object being the database name? $this->load->model('user_model', 'users'); // when the user hits submit and enters their info, the following checks takes what they entered and stores it in $data and sends over to the model to run and check the query log the user in and start their session. $login = $this->input->post('submit'); if($login) { $user = $this->users->get_user( array('email' => $this->input->post('email')) ); $query = $this->user_model->validate(); } if($user) { $data = array( 'email' => $user->email, 'password' => $this->encrypt->sha1($user->salt. $this->encrypt->sha1($this->input->post('password'))) ); $user = $this->users->get_user($data); } if($query) { $data = array( 'email' => $this->input->post('email'), 'is_logged_in' => true ); $this->session->set_userdata($data); redirect('account/dashboard'); } else { $this->index(); } } MODEL: // takes the data created by the user from the controller and checks it with the database function validate($data) { $this->output->enable_profiler(TRUE); $query = $this->db->where($data)->get('users', 1); if($query->row()) { return $query->row(); } } Quote Link to comment Share on other sites More sharing options...
RalphLeMouf Posted August 7, 2012 Author Share Posted August 7, 2012 *edit* // I changed 'get_user' to validate $this->load->model('user_model', 'users'); $login = $this->input->post('submit'); $user = $this->users->validate( array('email' => $this->input->post('email')) ); if($login) { $query = $this->user_model->validate(); } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.