Jump to content

proper syntax


RalphLeMouf

Recommended Posts

Hello - I've tried various combinations of this and have scoured syntax validators. The closet one I could find told me I had an extra ')' but not what the problem was.

 

Thanks in advance.

 

$this->db->where('password', $this->encrypt->sha1($salt . $this->encrypt->sha1. $this->input->post('password')));

Link to comment
Share on other sites

Break it out into different pieces and you'll find the problem.

$this->db->where('password', $this->encrypt->sha1($salt . $this->encrypt->sha1. $this->input->post('password')));

becomes

$posted_pw = $this->input->post('password');
$salted_pw = $salt . $this->encrypt->sha1 . $posted_pw;
$encrypted_pw = $this->encrypt->sha1($salted_pw);
$this->db->where('password', $encrypted_pw);

That said, I didn't see any extra parens. What is the error you get?

Link to comment
Share on other sites

$this->encrypt->sha1() is a function, you're trying to concat it.  Also, i've found that passing an array to a where is easier.

 

<?php

// prep data
$data = array(
    'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1( $this->input->post('password') ) )
);

// send data
$user = $this->model->get_user($data);

// receive data
function get_user( $data = array() ) {
    // validate data
    if( empty($data) || !is_array( $data ) ) return FALSE;

    // make query
   $query = $this->db->where($data);

    // Check if query row exists
    if($query->row())
        return $query->row();
    else
        return FALSE;

Link to comment
Share on other sites

@jesirose - I've adapted your code chunk to my application, however I"m getting the same error message

 

A PHP Error was encountered
Severity: Notice
Message: Undefined property: CI_Encrypt::$sha1
Filename: models/user_model.php
Line Number: 31

 

$salt = $this->_salt();
$this->load->library('encrypt');
$this->db->where('email', $this->input->post('email'));
$password = $this->input->post('password');
$salted_password = $salt . $this->encrypt->sha1 . $password;
$encrypted_password = $this->encrypt->sha1($salted_password);
$this->db->where('password', $encrypted_password);
$query = $this->db->get('users');

Link to comment
Share on other sites

I've added to my array what I think seems logical, however I"m still having trouble with the syntax for the pw section in the array

 

'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1 . $this->input->post('password')))

 

here is the validate() in the model

 

function validate()
{
	$salt = $this->_salt();
	$this->load->library('encrypt');
	$this->db->where('email', $this->input->post('email'));
	$this->db->where('password', $salt . $this->input->post(sha1('password')));

	if($query->num_rows == 1)
	{
		return true;
	}
}

Link to comment
Share on other sites

not sure in what context you mean? yes one is from my controller and one is from my model. They are the two functions working together.

 

CONTROLLER

 

function validate_credentials()
{
	$this->load->model('user_model');
	$query = $this->user_model->validate();

	if($query)
	{
		$data = array(
			'email' => $this->input->post('email'),
			'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1 . $this->input->post('password')))
			'is_logged_in' => true
		);

		$this->session->set_userdata($data);
		redirect('account/dashboard');
	}

	else

	{
		$this->index();
	}
}

 

MODEL:

 

function validate()
{
	$salt = $this->_salt();
	$this->load->library('encrypt');
	$this->db->where('email', $this->input->post('email'));
	$this->db->where('password', $salt . $this->input->post(sha1('password')));

	if($query->num_rows == 1)
	{
		return true;
	}
}

Link to comment
Share on other sites

^^ Furthermore

 

'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1 . $this->input->post('password'))) <- controller

'password', $salt . $this->input->post(sha1('password'))); <- model

the two are not the same

 

when you hash passwords, you are comparing the stored hash to the user's input that's been hashed in the same method.

 

If you're storing it as per the first method, your login controller should take the password input, re-perform the encrypt method and compare the re-hash to the stored value.

 

Link to comment
Share on other sites

I'm thinking you guy's mean something more like this ( although still posing syntax errors  :'(

 

MODEL:

 

function validate()
{
	$salt = $this->_salt();
	$this->load->library('encrypt');
	$this->db->where('email', $this->input->post('email'));
	$this->db->where->this->encrypt('password', $salt . $this->input->post(sha1('password')));

	if($query->num_rows == 1)
	{
		return true;
	}
}

 

CONTROLLER:

 

function validate_credentials()
{
	$this->load->model('user_model');
	$query = $this->user_model->validate();

	if($query)
	{
		$data = array(
			'email' => $this->input->post('email'),
			'password' => $this->input->post(sha1('password', $salt)))
			'is_logged_in' => true
		);

		$this->session->set_userdata($data);
		redirect('account/dashboard');
	}

	else

	{
		$this->index();
	}
}

Link to comment
Share on other sites

moreover I realize that and that is what I am trying to accomplish. I am just not sure on how to WRITE it in a syntactically correct manor. ALL I'm trying to do right now is compare what the user inputs in the password field and MATCH it with what I have stored in the db. Which has been hashed and salted a certain way. To be clear that I understand what is going on.

Link to comment
Share on other sites

what i would is is why separation between controllers and models are so important.  what i would do is start with looking for a user in the table that matches the inout username  if that first step passes, you have the row's salt, right? take that salt, and use it against the same strategy you employed to creqte the hash in the first place  if that result matches the earlier query's column value, then the "passwors" matches the user and a valid login has been established

Link to comment
Share on other sites

Once again. That's exactly what I've been trying to do this whole time. Being new with codeigniter and MVC all together, the struggle/issue here is  my inability and or lack of knowledge on how to write that syntactically correct. It's a very simple concept that I understand fully. Just don't know how to write it!

Link to comment
Share on other sites

So, there's three things that you need to understand how to use.

. is the concatenator. It glues strings together.

() pair of parens is a function call (or object creation). IE: $var = new Var(); or $data = doStuffWithData($someData);

-> is calling a method from an object. IE $var = new Var(); $var->doStuff();

 

$this can only be used within the object you're in. An object can contain other objects so you can end up with $this->otherObj->doSomething();

 

Starting from the beginning:

$plainPW = $this->input->post('password');

This line means there is an object called input within this object we're in, and the input object has a method called post.

At this point you should have your user's inputted password. You can echo it to make sure you got the right thing.

 

Now you want to compare it to the saved password, so you need to hash it the same way.

Find the code in your model which creates the user and takes their original password and hashes it. Can you post that code here?

Link to comment
Share on other sites

It's a very simple concept that I understand fully. Just don't know how to write it!

 

It's not going to do you any good if I wrote it for you. I'm trying to push you in the right direction, even giving you logic flow.  All you need to do is implement it.  Again, this comes back to what I've been telling you for weeks: separate the concerns between your controllers and models.  STOP doing logic in your models with input values.  The only thing you should be doing in your model is talking to the database.

 

Look at your credentials method.  You're not doing what you said (which you claim to be in your last post).  Instead, you're trying to match with some random $salt variable.  Go back to my last post, and use my flow.

Link to comment
Share on other sites

I appreciate all your time and am glad your not writing it for me! I've gone and taken all input values out of my model and reconstructed everything ( although written inproperly)

 

This is how I am understanding your logic flow but please bare with the syntax as it's really wrong :\

 

CONTROLLER:

 

function validate_credentials()
{
	$this->load->model('user_model');
	$query = $this->user_model->validate();

	if($query)
	{
		$data = array(
			'email' => $this->input->post('email'),
			'password' => $this->encrypt->sha1($salt . $this->input->post('password')),
			'is_logged_in' => true
		);

		$this->session->set_userdata($data);
		redirect('account/dashboard');
	}

	else

	{
		$this->index();
	}
}

 

MODEL:

 

function validate()
{
	$this->output->enable_profiler(TRUE);
	$salt = $this->_salt();
	$this->load->library('encrypt');
	$query = $this->db->get('users');
	$this->db->get('email');
	$this->encrypt->sha1($this->db->get('password' $salt));

	if($query->num_rows == 1)
	{
		return true;
	}
}

 

Is this more of what you are talking about logic wise?

Link to comment
Share on other sites

You are getting there, but your handshakes are funny.  I fear there is no way to demonstrate without writing code. Try to follow along as i bounce back and forth between classes.

 

Controllers/login

<?php
// load user model
$this->load->model('users_model', 'users');

// catch post
$login = $this->input->post('login_button_name');
if( $login ) {
$user = $this->users->get_user( array('user_email' => $this->input->post('email')) );
// -- cut to 1

 

models/user_model

<?php

function get_user( $data ) {
$query = $this->db->where( $data )->get( 'users', 1 );

if( $query->row() ) return $query->row();

 

controllers/login

<?php
// back to 1
// if your query for a user with the supplied email was returned, then you know a user with that credential exists
if( $user ) {
	// now, using that returned row, grab the salt from it and use it in a second query where you apply the same hash method
	$data = array(
		'user_email' => $user->user_email,
		'user_password' => $this->encrypt->sha1( $user->user_salt . $this->encrypt->sha1($this->input->post('password')))
	);

	// send that new array back to get_user
	$user = $this->users->get_user( $data );

 

Now, based on if the last user there is returned, you can check for validated user, send off to a model ( yes, a model here has one of the very rare uses of applying session data ) to apply session data.

 

Notice how I used the controller for all the logic based off what the model returned.  IMO, that is how you properly utilize the MVC method.

 

 

Link to comment
Share on other sites

Ok so I adopted your method to my existing code:

 

One question I have is in this portion of the array -

'password' => $this->encrypt->sha1($user->salt. $this->encrypt->sha1($this->input->post('password')))

 

I am using your method of creating the salt on the fly withOUT storing the users unique salt in the database. So I'm assuming

 $user->salt

will work?

 

Lastly, I am getting the

 Fatal error: Call to undefined method User_model::get_user() in /Users/michaelsanger/Sites/cl_ci_new/application/controllers/auth.php on line 34

error again.

 

Here is a complete look of what I have with comments of how I'm understanding everything. Thanks for being patient and helping me learn.

 

CONTROLLER:

 

function validate_credentials()
{

                // loading the model with the the second object being the database name? 

	$this->load->model('user_model', 'users');

                // when the user hits submit and enters their info, the following checks takes what they entered and stores it in $data and sends over to the model to run and check the query log the user in and start their session.


	$login = $this->input->post('submit');
	if($login)
	{
		$user = $this->users->get_user( array('email' => $this->input->post('email')) );
		$query = $this->user_model->validate();
	}
	if($user) {
		$data = array(
			'email' => $user->email,
			'password' => $this->encrypt->sha1($user->salt. $this->encrypt->sha1($this->input->post('password')))
			);

			$user = $this->users->get_user($data);
	}

	if($query)
	{
		$data = array(
			'email' => $this->input->post('email'),
			'is_logged_in' => true
		);

		$this->session->set_userdata($data);
		redirect('account/dashboard');
	}

	else

	{
		$this->index();
	}
}

 

MODEL:

 

     

  // takes the data created by the user from the controller and checks it with the database

function validate($data)
{
	$this->output->enable_profiler(TRUE);
	$query = $this->db->where($data)->get('users', 1);
	if($query->row())
	{
		return $query->row();
	}
}

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.