我想数数据库中的用户登录,我的代码有什么问题
public function index(){
//validasi
$valid = $this->form_validation;
$valid->set_rules('username', ' Username', 'required',
array('required' => 'Username harus diisi'));
$valid->set_rules('password', 'Password', 'required|min_length[6]',
array('required' => 'password harus diisi',
'min_length' => 'Password minimal 6 karakter'));
if($valid->run()===FALSE){
//end validasi
$data = array('title' => 'Login Admin Tempat Ngaji');
$this->load->view('back-end/login_view', $data, FALSE);
//cek username dan password
}else{
$i = $this->input;
$username = $i->post('username');
$password = $i->post('password');
//cek di database
$check_login = $this->admin_model->login($username, $password);
//jika ada di db
//jika ada data 1
if(count($check_login) == 1) { `//row 40`
$this->session->set_userdata('username', $username);
$this->session->set_userdata('akses_level', $check_login->akses_level);
$this->session->set_userdata('id_admin', $check_login->id_admin);
$this->session->set_userdata('nama', $check_login->nama);
$this->session->set_userdata('status', $check_login->status);
redirect(base_url('admin/dashboard'), 'refresh');
}else{
//jika tidak cocok error
$this->session->set_flashdata('msg', 'Username atau password tidak cocok');
redirect(base_url('admin/login'), 'refresh');
}
功能登录
function login
public function login($username, $password){
$this->db->select('*');
$this->db->from('admin');
$this->db->where(array('username' => $username,
'password' => sha1($password)));
$query = $this->db->get();
return $query->row();
}
寻找我看到有些人在他们的代码中有这个错误,但我没有找到任何人在phpMyAdmin中收到它...
我应该怎么做
试试这个:
模型:
public function login($username, $password){
$this->db->select('*');
$this->db->from('admin');
$this->db->where(array('username' => $username,
'password' => sha1($password)));
$query = $this->db->get();
if ($query->num_rows() !== 1) {
return false;
}
return $query->row();
}
控制器:
if($check_login) { `//row 40`
$this->session->set_userdata('username', $username);
$this->session->set_userdata('akses_level', $check_login->akses_level);
$this->session->set_userdata('id_admin', $check_login->id_admin);
$this->session->set_userdata('nama', $check_login->nama);
$this->session->set_userdata('status', $check_login->status);
redirect(base_url('admin/dashboard'), 'refresh');
}else{
//jika tidak cocok error
$this->session->set_flashdata('msg', 'Username atau password tidak cocok');
redirect(base_url('admin/login'), 'refresh');
}
像sha1这样的md5也不安全(SHA-1容易长度扩展攻击):
警告由于此散列算法的快速性,建议不要使用此功能来保护密码。有关详细信息和最佳做法,请参阅密码哈希常见问题解答。