Login function not working correctly in CodeIgniter

[Kirasiris]

Hello,

I've been working on a login system in which the function will check if three values on my database are equal to TRUE(1) or FALSE(0). So far I have an user account with the three values set to true so it should allow me to log in and redirect to the admin page but it does not. Can somebody help me with this, is there an error that I may be missing?
 
 

public function admin_login(){
 
//Check if logged in
$this->User_model->session_comprobate_admin();
 
//Set rules
        $this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[4]');
        $this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[4]');
 
 
        if ($this->form_validation->run() == FALSE) {
            //Load View Into Template
            $this->template->load('admin', 'login', 'users/login');
        } else {
            // Get Post Data
            $username = $this->input->post('username');
            $password = $this->input->post('password');
            $enc_password = md5($password);
            $data_user = $this->User_model->login($username, $enc_password);
// Verify variables
if($data_user){
            $user_id = $this->User_model->get_username($username);
            $users   = $this->User_model->get_userid($user_id);
 
//Check if active or banned
if($users->active == 0){
 
                // Create Error
                $this->session->set_flashdata('error', 'This account is banned or inactive.');
 
                // Redirect to pages
                redirect('admin/login');
 
}
 
//Check if is admin
if($users->is_admin == 0){
 
// Create Error
$this->session->set_flashdata('error' , 'Sorry, you can not access to this page.');
 
// Redirect
redirect('admin/login');
 
}
 
//Check if is member
if($users->is_member == 0){
 
// Create Error
$this->session->set_flashdata('error' , 'This account does not exists. Please try again.');
 
 
} else {
 
//Check if variables are true
                $user_data = array(
                    'user_id'   => $user_id,
                    'username'  => $username,
                    'is_admin' => true,
'active' => true,
'is_member' => true,
                );
 
                // Set Session Data
                $this->session->set_userdata( 'is_admin',$user_data);
$this->UserModel->is_admin($user_id);
 
                // Create Message
                $this->session->set_flashdata('success', 'You are logged in');
 
                // Redirect to pages
                redirect('admin');
}
} else {
                // Create Error
                $this->session->set_flashdata('error', 'Invalid Login');
// Redirect to pages
                redirect('admin/login');
}
}
}

 
This is my user_model info:

//I need to work on these two
    public function get_username($users) {
        $this->db->select('id');
        $this->db->from('users');
        $this->db->where('username', $users);
        return $this->db->get()->row('id');
    }


    public function get_userid($user_id) {
        $this->db->select('id');
$this->db->from('users');
        $this->db->where('id', $user_id);
        return $this->db->get()->row();
    }
///
//Check if admin
    public function is_admin($id) {
        $this->db->select('is_admin');
        $this->db->from('users');
        $this->db->where('id', $id);
        $is_admin = $this->db->get()->row('is_admin');
        if ($is_admin == 0) {
            redirect('/');
        } else {
            redirect('admin');
        }
    }


//Check if member
    public function is_member($id) {
        $this->db->select('is_member');
        $this->db->from('users');
        $this->db->where('id', $id);
        $is_member = $this->db->get()->row('is_member');
        if ($is_member == 0) {
            redirect('/');
        } else {
            redirect('dashboard/login');
        }
    }


//Check if active
    public function is_active($id) {
        $this->db->select('active');
        $this->db->from('users');
        $this->db->where('id', $id);
        $is_active = $this->db->get()->row('active');
        if ($is_active == 0) {
            redirect('/');
        } else {
            redirect('dashboard/login');
        }
    }
//Verify if username and email is already registered
    public function existent_username($username) {
        $query = $this->db->get_where('users', array('username' => $username));
        return $query->row_array();
    }
    public function existent_email($email) {
        $query = $this->db->get_where('users', array('email' => $email));
        return $query->row_array();
    }
//
    public function session_comprobate_member() {
        if ($this->session->userdata('is_member') != NULL) {
            redirect('dashboard');
        }
    }


    public function session_comprobate_admin() {
        if ($this->session->userdata('is_admin') != NULL) {
            redirect('admin');
        }
    }

It was working well but I just added the is_admin and is_member checks and it stop working..

[benanamen]

Using md5 for passwords is very, very outdated and insecure. You need to use password_hash and password_verify.

 

Querying the DB for an existing username and email is the wrong approach. You need to set a unique constraint on those fields, attempt the insert, and catch the duplicate error if any. Your approach creates a race condition wherein simultaneous checks for the same username or email will both get the OK to insert. If there is not a unique constraint you will get duplicates, otherwise one insert will work, the other will fail, even though they both got the OK to insert.