Codeigniter 3 password_hash

Navigation
0

I'm doing a project with CodeIgniter and I need to encrypt the password.

Controller methods: Login.php: 

public function index()
{   
    $this->form_validation->set_rules('usuario', 'Usuario', 'trim|required|xss_clean');
    $this->form_validation->set_rules('password', 'Contraseña', 'trim|required|xss_clean');

    if($this->input->post('usuario') != '' && $this->input->post('password') != '')
    {
        $this->form_validation->set_rules('password', 'Contraseña', 'trim|required|xss_clean|callback_verificar_usuario');
    }

    if($this->form_validation->run() == FALSE) 
    {
        $data['titulo'] = 'Login';
        $data['contenido'] = 'login.php';
        $this->load->view('templates/template', $data);
    }
    else {
        redirect(base_url('admin'));
    }
}

public function verificar_usuario() 
{
    $usuario = $this->security->xss_clean($this->input->post('usuario'));
    $password = $this->security->xss_clean($this->input->post('password'));

    if($this->Login_model->login($usuario, $password)) 
    {
        redirect(base_url('admin'));
        return true;
    }
    else {
        $this->form_validation->set_message('verificar_usuario', 'Los datos son incorrectos.');
        return false;
    }
}

Model methods Login_model.php: 

public function login($usuario, $password) 
{
    $this->db->select('usuario, password, rol')
             ->from('usuarios')
             ->where('usuario', $usuario)
             ->where('password', $password);

    $result = $this->db->get();

    if($result->num_rows() > 0)
    {
        $row = $result->row();

        $data = [
            'usuario'   => $row->usuario,
            'password'  => $row->password,
            'rol'       => $row->rol
        ];

        $this->session->set_userdata($data);
        return true;
    }
    else {  
        return false;
    }
}

In the database, I registered the users with the password_hash() , and I need in the login, to make the password_verify() to compare the password that the user enters with the one in the database. How do I achieve that?

    
asked by fed R 24.02.2017 в 03:42
source

1 answer

2

In Model methods Login_model.php: 

public function login($usuario, $password) 
{
    //Realizas una query que solo verifique
    //si existe el usuario
    //Es importante que el nombre de usuario sea único
    $this->db->select('usuario, password, rol')
             ->from('usuarios')
             ->where('usuario', $usuario);

    $result = $this->db->get();

    if($result->num_rows() > 0)
    {
        $row = $result->row();

        //Verificas que el password sea correcto
        if(password_verify($password, $row->password))
        {
            $data = [
                'usuario'   => $row->usuario,
                //'password'  => $row->password,
                'rol'       => $row->rol
            ];

            $this->session->set_userdata($data);
            return true;
        }
        else
        {
            //En este caso la contraseña es incorrecta
            return false;
        }
    }
    else 
    {  
        //En este caso no existe el usuario
        return false;
    }
}

If I understand, this solves your problem. But it is important that in the user table the username is unique.

Greetings

    
answered by 24.02.2017 / 15:42
source
Java - Doubt with imports Detect text change on a jquery td