我目前能够允许用户登录并且登录表单具有验证规则以确保字段不为空,但是......如果在用户登录的字段中键入任何随机名称或字母。如何停止此操作并仅允许数据库中的实际用户登录?我的模型和控制器在
下面控制器
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login extends CI_Controller{
public function __construct()
{
parent::__construct();
$this->load->model('login_model');
}
public function index()
{
if(($this->session->userdata('username')!=""))
{
$this->welcome();
} else {
$data['title']= 'MVC Application';
$this->load->view('templates/header', $data);
$this->load->view('templates/nav');
$this->load->view('login/signin', $data);
$this->load->view('templates/footer');
}
}
public function welcome()
{
$data['title']= 'MVC Application';
$this->load->view('templates/header', $data);
$this->load->view('templates/nav');
$this->load->view('login/welcome', $data);
$this->load->view('templates/footer');
}
public function login()
{
$email=$this->input->post('email');
$password=$this->input->post('pass');
$this->load->library('form_validation');
// field name, error message, validation rules
$this->form_validation->set_rules('email', 'email', 'trim|required');
$this->form_validation->set_rules('pass', 'password', 'trim|required');
if($this->form_validation->run() == FALSE) {
$this->index();
} else {
$this->login_model->login($email,$password);
$this->welcome();
}
}
public function logout()
{
$newdata = array(
'id' =>'',
'username' =>'',
'email' => '',
'logged_in' => FALSE,
);
$this->session->unset_userdata($newdata );
session_destroy();
redirect('login/index');
}
function update() {
if(!empty($_POST)) {
// Form submitted -- update database
$data = array (
'username' => $this->input->post('username'),
'email' => $this->input->post('email'),
'password' => $this->input->post('password')
);
$this->load->model('login_model');
$this->login_model->update($data);
redirect('login/welcome');
} else {
// Display form
// Prepare data to pass to the view
$data = array (
'title' => 'MVC Application',
'username' => $this->session->userdata('username'),
'email' => $this->session->userdata('email'),
'password' => $this->session->userdata('password')
);
$this->load->view('templates/header', $data);
$this->load->view('templates/nav');
$this->load->view('login/update', $data);
$this->load->view('templates/footer');
}
}
}
?>
模型
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Login_model extends CI_Model {
public function __construct()
{
$this->load->database();
}
public function login($email, $password)
{
$this->db->where("email",$email);
$this->db->where("password",$password);
$query=$this->db->get("mvc_user");
if($query->num_rows()>0)
{
foreach($query->result() as $rows)
{
//add all data to session
$newdata = array(
'id' => $rows->id,
'username' => $rows->username,
'email' => $rows->email,
'password' => $rows->password,
'logged_in' => TRUE,
);
}
$this->session->set_userdata($newdata);
return true;
}
return false;
}
function update($data) {
$my_id = $this->session->userdata('id');
if($my_id !== false) { // Just making sure we're logged in
$this->db->where('id', $my_id);
$this->db->update('mvc_user', $data);
$this->session->set_userdata($data);
}
}
}
?>
答案 0 :(得分:2)
在你的模特中。将登录功能更改为:
table在您的控制器登录中:
var $clone =$("#id_form").clone();
$clone.find('table').remove();
var $frm = $clone.serialize(); // <-----here
您也可以使用public function login($email, $password)
{
$this->db->where('email',$email);
$this->db->where('password',$password);
$query = $this->db->get('mvc_user');
if($query->num_rows()>0)
{
foreach($query->result() as $row)
{
//add all data to session
$newdata = array(
'id' => $row->id,
'username' => $row->username,
'email' => $row->email,
'password' => $row->password,
'logged_in' => TRUE,
);
}
$this->session->set_userdata($newdata);
return true;
}
return false;
}
而不是
public function login()
{
$email = $this->input->post('email');
$password = $this->input->post('pass');
$this->load->library('form_validation');
// field name, error message, validation rules
$this->form_validation->set_rules('email', 'email', 'trim|required');
$this->form_validation->set_rules('pass', 'password', 'trim|required');
if ($this->form_validation->run() && $this->login_model->login($email, $password)) { //If success login
$this->welcome();
//Here we can echo success because both the form validation was successfull and the login.
} else {
$this->index();
//Here goes the Error message
}
}
如果你喜欢短代码
答案 1 :(得分:1)
在“登录”操作中,而不仅仅是:
$this->login_model->login($email,$password);
$this->welcome();
你必须检查它的真或假
if($this->login_model->login($email,$password)) {
$this->welcome();
} else {
// HERE is the place for wrong user/pass message to be triggered
}
第二件事...... 从用户模型中的UPDATE和Login方法中删除任何会话更新。而是添加另一种方法,并从登录和更新中调用它。
private function setSessionData($userid){
$this->db->where('user_id', $userid);
$this->db->select('*');
$query = $this->db->get('users');
if($row = $query->row()){
$newdata = array(
'id' => $rows->id,
'username' => $rows->username,
'email' => $rows->email,
'password' => $rows->password,
'logged_in' => TRUE,
);
$this->session->set_userdata($newdata);
return true;
}
return false;
}
通过这种方式,您可以更轻松地从不同位置设置会话数据。