Codeigniter 用户注册:在 2 个条件下拆分登录失败条件以涵盖 "account inactive" 个案例
Codeigniter user registration: split login fail condition in 2 conditions to cover "account inactive" case
我已经使用 Codeigniter 3 创建了一个注册和登录应用程序。
当有人填写注册表并成功提交时,"users"table的"active"列收到值0,如下图所示:
用户必须先激活他们的帐户才能登录。
在 Signin.php 控制器中我有 signin() 功能:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password, $active);
// Set the current user's data
if ($current_user) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
我想要,而不是上面代码中的 $this->session->set_flashdata("signin_failure", "Incorrect email or password"); 行,能够 "split" 2 中的登录失败条件:不正确的电子邮件或密码 and 账户未激活.
if (condition here) {
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
} else {
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
}
我的问题:我应该在上面的代码中放什么而不是 condition here?
更具体地说:我怎么说:如果 "active" 列的值为 0,则执行 $this->session->set_flashdata("signin_failure", "Your account has not been activated");?
用户模型中的user_login()函数:
public function user_login($email, $password, $active) {
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
return $query->row();
}
更新:
我想到了这个:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
但它有一个缺陷,因为即使电子邮件和密码正确,但用户不活跃,消息是:"Incorrect email or password" 而不是 "Your account has not been activated".
/***************************************/ // model function
function user_login($email,$password)
{
$this->db->select("*");
$this->db->from('table_name');
$this->db->where(array('email'=>$email,'password'=>$password));
$this->db->limit(1);
$query = $this->db->get();
if(!$query->num_rows())
return false;
return $query->row_array();
}
/***************************************/ // controller
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run()){
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user['active'] == 1) {
$this->session->set_userdata(array(
'user_id' => $current_user['id'],
'user_email' => $current_user['email'],
'user_first_name' => $current_user['fname'],
'user_active' => $current_user['active'],
'is_logged_in' => TRUE
));
redirect('home');
}else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
}else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else{
$this->load->view('signin');
}
}
只需从模型中的 user_login 函数中删除活动检查。由于您已经在检查 id 用户是否在您的控制器中处于活动状态。它应该不会影响你的工作。
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password)]);
编辑:
详尽的答案 JayAdra 在 Codeigniter 论坛 here
中的贡献
这是因为您的第一个 if 语句是:
if ($current_user) {
对于不活跃的用户,这将 return 错误,因为您的查询是:
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
注意,“活跃”检查 => 1,这意味着它不会 return 不活跃用户的任何记录。
所以你的第一个 if 语句 returns false,因此转到具有以下内容的 else 子句:
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
所以您可能需要先检查用户是否活跃,然后再检查他们的 username/password 是否正确。
我建议将您的“user_login”函数拆分为两个不同的函数。一种用于检查用户是否处于活动状态,另一种用于测试 user/pass 组合。
最后,我注意到您将密码存储为 md5 字符串...这是个坏主意。这不安全。使用 bcrypt 或类似的。
我已经使用 Codeigniter 3 创建了一个注册和登录应用程序。
当有人填写注册表并成功提交时,"users"table的"active"列收到值0,如下图所示:
用户必须先激活他们的帐户才能登录。
在 Signin.php 控制器中我有 signin() 功能:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password, $active);
// Set the current user's data
if ($current_user) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
我想要,而不是上面代码中的 $this->session->set_flashdata("signin_failure", "Incorrect email or password"); 行,能够 "split" 2 中的登录失败条件:不正确的电子邮件或密码 and 账户未激活.
if (condition here) {
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
} else {
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
}
我的问题:我应该在上面的代码中放什么而不是 condition here?
更具体地说:我怎么说:如果 "active" 列的值为 0,则执行 $this->session->set_flashdata("signin_failure", "Your account has not been activated");?
用户模型中的user_login()函数:
public function user_login($email, $password, $active) {
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
return $query->row();
}
更新:
我想到了这个:
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run())
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user->active == 1) {
$this->session->set_userdata(
array(
'user_id' => $current_user->id,
'user_email' => $current_user->email,
'user_first_name' => $current_user->fname,
'user_active' => $current_user->active,
'is_logged_in' => TRUE
)
);
redirect('home');
} else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
} else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else
{
$this->load->view('signin');
}
}
但它有一个缺陷,因为即使电子邮件和密码正确,但用户不活跃,消息是:"Incorrect email or password" 而不是 "Your account has not been activated".
/***************************************/ // model function
function user_login($email,$password)
{
$this->db->select("*");
$this->db->from('table_name');
$this->db->where(array('email'=>$email,'password'=>$password));
$this->db->limit(1);
$query = $this->db->get();
if(!$query->num_rows())
return false;
return $query->row_array();
}
/***************************************/ // controller
public function signin()
{
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('password', 'Password', 'required|trim');
$this->form_validation->set_error_delimiters('<p class="error">', '</p>');
if ($this->form_validation->run()){
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('Usermodel');
$current_user = $this->Usermodel->user_login($email, $password);
// If we find a user
if ($current_user) {
// If the user found is active
if ($current_user['active'] == 1) {
$this->session->set_userdata(array(
'user_id' => $current_user['id'],
'user_email' => $current_user['email'],
'user_first_name' => $current_user['fname'],
'user_active' => $current_user['active'],
'is_logged_in' => TRUE
));
redirect('home');
}else {
// If the user found is NOT active
$this->session->set_flashdata("signin_failure", "Your account has not been activated");
redirect('signin');
}
}else {
// If we do NOT find a user
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
redirect('signin');
}
}
else{
$this->load->view('signin');
}
}
只需从模型中的 user_login 函数中删除活动检查。由于您已经在检查 id 用户是否在您的控制器中处于活动状态。它应该不会影响你的工作。
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password)]);
编辑:
详尽的答案 JayAdra 在 Codeigniter 论坛 here
中的贡献这是因为您的第一个 if 语句是:
if ($current_user) {
对于不活跃的用户,这将 return 错误,因为您的查询是:
$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]);
注意,“活跃”检查 => 1,这意味着它不会 return 不活跃用户的任何记录。
所以你的第一个 if 语句 returns false,因此转到具有以下内容的 else 子句:
$this->session->set_flashdata("signin_failure", "Incorrect email or password");
所以您可能需要先检查用户是否活跃,然后再检查他们的 username/password 是否正确。
我建议将您的“user_login”函数拆分为两个不同的函数。一种用于检查用户是否处于活动状态,另一种用于测试 user/pass 组合。
最后,我注意到您将密码存储为 md5 字符串...这是个坏主意。这不安全。使用 bcrypt 或类似的。