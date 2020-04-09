Try debugging function validate(…) and printing the return value
print_r($result);
I think you will get a surprise
In my messing around last night i may have hashed out the line that calls the table in the db…
function validate($email,$password)
{
$this->db->where('email',$email);
$hash = $this->db->where('password', $password);
return password_verify($hash, $password);
$result = $this->db->get('dealers');
//print_r($result);
return $result;
Good spot John, unfortunately it doesn’t cure the issue of password_verify expects string but gets object.
I think the function calls return far too soon and will not execute any script after the return statement.
What value should function password_verify(…) return?
Should $result be the function return value?
Fair point.
I need
password_verify to compare the users password in a hashed format against the users hashed password thats stored on the database.
Once the
password_verify function has compared the 2 hashes and agreed they match for the script to continue accordingly.
Can you try the following:
// return password_verify($hash, $password);
$tmp = password_verify($hash, $password);
echo gettype($tmp);
die;
Hey John
Thanks for the suggestion. I got the following error:-
Message: password_verify() expects parameter 1 to be string, object given
and then Boolean echo’d out underneath the error message.
Is the $hash value a partial build query setting and the result used to get $this->db->get(…);?
function validate($email,$password)
{
// $this->db->where('email',$email);
// $hash = $this->db->where('password', $password);
// return password_verify($hash, $password);
// $result = $this->db->get('dealers');
$this->db->where('email',$email);
$this->db->where('password', $password);
$hash = $this->db->get('dealers');
$result = password_verify($hash, $password);
var_dump($result);
// print_r($result);
return $result;
}//
@oli_d111 You need to retrieve the user by username then pass the retrieved hashed password to the password_verify function.
Trying to use the password in a where statement is fundamentally wrong. The hashed password stored in the database contains a builtin salt value which means that even using the same plaintext password you will never be able to generate the same hash. password_verify takes care of that for you.
And I know it’s off-topic but what is motivating you to learn CI? Which version? You might find that using a more popular framework might be more effective.
Hi John
To be fair, i’m just trying to figure out a way of getting the password_verify function to work. Whether it be initially called in the controller or model. Would it be helpful if i posted the remainder of the controller so that you can see?
Thanks for the code, unfortunately i got the same error + another:-
password_verify() expects parameter 1 to be string, object given
Call to a member function num_rows() on bool
Hi Ahundaiak
Appreciate your advice & i completely get it ultimately its what i’m aiming for but unfortunately being new to OOP i’m not sure how exactly to accomplish this.
As for learning CI (V3.0), it looked like an easier approach to learning MVC after battling and failing with installing Composer for Laravel i ended up just trying CI as it was uber quick to get up and running. Ultimatley i know that Laravel is better framework but for now i’m just learning. Besides frameworks aside, would i not have the same issue in Laravel as i do in CI for this pw verify issue?
Yes more code would help.
It is quite some time since I used CI’s Query builder and was never a big fan because I prefer to use a SQL statement.
The error messages show the query is returning a $hash object instead of a string.
Could you also add the following to show the generated SQL statement:
$sql = $this->db->get_compiled_select('dealers');
echo $sql;
Are you aware of CodeIgniter’s latest version? It started a couple of years ago and the new release is imminent. I get the impression and hopefully that this version is written "standing on the shoulder’s of giants". The new version appears to use only the best features from existing PHP Frameworks. I have used the GitHub version and it is a vast improvement over the first version first Released February 28, 2006!
Yes indeed I am aware that there is a yet to be released new version coming out. From my admittedly cursory reading, I don’t think CI4 will really share much with CI3. Hence my skepticism that CI is really the best platform for learning OOP. But of course this discussion is off-topic.
It just seems that it should be easy to query for the user’s password for a given email. And then use password_verify. But I am not seeing any evidence of that.
Hey John, heres the rest of the Controller for reference:-
public function auth()
{
$email = $this->input->post('email',TRUE);
$usrpassword = $this->input->post('password', TRUE);
$validate = $this->loginmodel->validate($email, $usrpassword);
if($validate->num_rows() > 0)
{
$data = $validate->row_array();
$firstname = $data['fname'];
$email = $data['email'];
$level = $data['user_level'];
$sesdata = array(
'fname' => $firstname,
'email' => $email,
'user_level' => $level,
'logged_in' => TRUE
);
$this->session->set_userdata($sesdata);
if($level === '99'){ // access login for admin
redirect('admin');
}
elseif($level === '1') // access login for dealer
{
redirect('dealer');
}
else
{
echo $this->session->set_flashdata('msg','Username or Password is Wrong');
redirect('login');
}
}
}
Of course, the echo produced:
SELECT * FROM dealers``
I couldn’t agree more. I think there is probably a simple way i’m just not seeing it being new to OOP & MVC. Looking forward to seeing what CI4 holds though. Looking at the documentation it definitely looks positive.
If i could get ruddy composer installed i would start learning Laravel
There’s also Symfony you know
Given the choice I’d personally always go with that.
Your swimming in the wrong pool my friend. A framework of any sort is not the place to start learning OOP, or any other technology What you are really learning is how to use X framework, not necessarily OOP, although you are using it.
I would highly recommend you start with learning the basic concepts of Object Oriented Programming. Start with some basic concepts like how to write a Class, Visibility, Dependency Injection, etc…
Since you have an interest in a “multilevel user login system”, perhaps write it up in procedural. When you have it finished and essentially bug-free then start refactoring it to OOP.
That does not seem right because WHERE is missing.
I would be tempted to create two cases:
$sql = "SELECT * from `dealers` WHERE email='$email` AND `password`='$password' ";
$result = $this->db->query($sql);
echo '<pre>'; var_dump($result); echo '</pre>';
die;
Try to use CodeIgniter’s Query Builder and get the same results.
John, your Case #1 won’t work when using
password_hash as that can give different results for the same password when running it multiple times. You need to select the password rrij the database and then verify using
password_verify.
That is a very valid point. And i have been reading OOP on the side of building this project.
In regards to the multiuser login system, i have actually got this in procedural and working however i’m just trying to rebuild the project in a framework & MVC as its scaling up quickly and since working with CI my procedural looks so messy lol.
Hey John
According to the CI docs, that method just returns the SQL query as a string.
Query Builder
$sql = $this->db->get_compiled_select('mytable');
echo $sql;
// Prints string: SELECT * FROM mytable
Thanks for the advice. I may give that a go in the future however for now i’m keen on getting to grips on the CI framework. ;).
My mistake, guessing from a tablet.
Try last_query which should show details of the WHERE clause:
https://codeigniter.com/userguide3/database/helpers.html?highlight=last_query
