0

I have a login form that I'm doing 2 part validations: The client-side and the server side. Client-side: check if valid email, check if password is minimal 6 characters, etc. If something goes wrong on the client-side I can show the user the error messages on the same page with the login form, because it page never got reloaded because it will not send a post to the server if the client-side validation isn't true.

But when it is true, then I'm doing a server side validation -> check if email and password matches to effectively log in into the website. But if the login credentials aren't matching, I need to show a error message. This is the part where I'm stuck. Where and how do I get a message on the same page (login form) because page gets posted and refreshed so I'm losing data. Now when credentials aren't correct I'm redirecting the user back to the login page, but without any messages. But I'm trying to achieve that he'll see the message 'credentials aren't correct'. Can someone help me with this?

Login View

<?php

    $loginEmail = array('placeholder' => "Email", 'name' => "loginEmail");
    $loginPassword = array('placeholder' => "Wachtwoord", 'name' => "loginPassword");
    $loginSubmit = array('name' => "loginSubmit", 'class' => "btn", 'value' => "Inloggen");

    echo form_open('login/inloggen', array('class' => 'grid-100 formc'));
    echo form_input($loginEmail, set_value('loginEmail'));
    echo form_password($loginPassword);
    echo form_submit($loginSubmit);
    echo form_close();
?>

Login Controller 

 function index(){
        $logged_in =  $this->logged_in->is_logged_in();

        if($logged_in){
            $this->load->view('profile_view'); 
        }
        else{
            $data['content'] = 'login_view';
            $this->load->view('templates/template', $data);
        }       
  } 

  function inloggen(){

        if($this->input->post('loginSubmit')){
            if($this->form_validation->run('login_validation_rules') == FALSE){
                $this->index();
            }
            else{
                $this->load->model('login_model');
                $query = $this->login_model->validate();


                if($query){
                    $data = array(
                        'username' => $this->input->post('loginEmail'),
                        'is_logged_in' => true
                        );

                        $this->session->set_userdata($data);
                        redirect('profile');
                }
                else{
                    $this->index();// If credentials aren't correct, redirect them to login page. But how I set a message here?
                }
             }
        }       
   }

Login Model

function validate(){

    $this->db->where('email', $this->input->post('loginEmail'));
    $this->db->where('password', md5($this->input->post('loginPassword')));

    $query = $this->db->get('tbl_users');

    if($query->num_rows == 1){
        return true;
    }
    else{
        return false;
    }

}
mXX
  • 3,595
  • 12
  • 44
  • 61

2 Answers2

1

I will prefer do to in one controller, and it will be more clear. I make one simple example, just to tell you the way how I think is good.

function login(){

        $data['error_message']  = "";
        $data['username']       = $this->input->post('username');
        $data['password']       = $this->input->post('password');

        if($this->input->post('loginSubmit')){

            // Make rules of validation that need to be required

            if($this->form_validation->run('login_validation_rules')){ // If true it goes IN

                $this->load->model('login_model');
                $query = $this->login_model->validate();

                if($query){
                    $data = array(
                        'username' => $this->input->post('loginEmail'),
                        'is_logged_in' => true
                        );

                        $this->session->set_userdata($data);
                        redirect('profile'); // Go IN profile

                } else {
                    $data['error_message'] = "Something went wrong"; // This error you write on View
                }

            }

        }

        $this->load->view('login_view', $data) //Load view of login
}

I didn't test, and it will need to adapt in your data, but I just want to explain the way. It you have any problem, write an comment, and we will find the solution together.

Lev Levitsky
  • 63,701
  • 20
  • 147
  • 175
Erman Belegu
  • 4,074
  • 25
  • 39
  • I did not completely use your method, but I did help me a lot to implement it the way I did. I'll post an answer the way I did it. But I don't understand why you have `$data['username']` and `$data['password']`. Can you please explain that to me? – mXX Jul 20 '13 at 10:32
  • Yes, I write it in the start. When you go in login, Password and Username will be blank. After submit, you go in same controller, and get the Password and Username with post (now not blank) and use it for Checking and put inside in Session. But if user don't write the correct username, then these $data (username and password) will load in login_view and, shown. I don't know if I was clear in explain, but the main reason is to be more CLEAN, and less Code. (One Controller method, One View and good user experience) – Erman Belegu Jul 20 '13 at 10:39
  • I think I get it, but isn't it unsecure to store username and password in a session, as CI is using cookies as session? – mXX Jul 20 '13 at 10:41
  • 1
    Using CodeIgniter sessions with database is going to be fairly secure. You just don't have to trust the input that the user gives. Even if you are using AJAX, the CodeIgniter session will work just like any standard call, so the same security goes on. Read this: http://ellislab.com/codeigniter/user-guide/libraries/sessions.html and this: http://stackoverflow.com/questions/8441641/codeigniter-session-security It will help you to understand more. – Erman Belegu Jul 20 '13 at 10:52
0

I have solved this problem like so: Basically when the model sends a false. I make var with a message in it and then in my index I check if that var is there or not. The only thing I want to know is, is it okay to set a message in my controller or should I have done that somewhere elsewhere?? 

function index(){
            $logged_in =  $this->logged_in->is_logged_in();

            if($logged_in){
                $this->load->view('profile_view'); 
            }
            else{
                //Check here if my redirection submitted also a message
                if(isset($this->ongeldig)){
                    $data['ongeldig'] = $this->ongeldig;
                } 
                else{
                    $data['ongeldig'] = '';
                }

                $data['content'] = 'login_view';
                $this->load->view('templates/template', $data);
            }       
        }   

        function inloggen(){

            if($this->input->post('loginSubmit')){
                if($this->form_validation->run('login_validation_rules')){

                    $this->load->model('login_model');


                    $query = $this->login_model->validate();        

                    if($query){
                        $data = array(
                            'username' => $this->input->post('loginEmail'),
                            'is_logged_in' => true
                        );

                        $this->session->set_userdata($data);
                        redirect('profile');
                    }
                    else{// set a error message, when the models function returns false.
                        $this->ongeldig = "Ongeldig wachtwoord/gebruikersnaam";
                        $this->index();

                    }
                }
                else{
                    $this->index();
                }
            }       
        }
Erman Belegu
  • 4,074
  • 25
  • 39
mXX
  • 3,595
  • 12
  • 44
  • 61