我想统计数据库中登录的用户,我的代码出了什么问题
public function index(){
//validasi
$valid = $this->form_validation;
$valid->set_rules('username', ' Username', 'required',
array('required' => 'Username harus diisi'));
$valid->set_rules('password', 'Password', 'required|min_length[6]',
array('required' => 'password harus diisi',
'min_length' => 'Password minimal 6 karakter'));
if($valid->run()===FALSE){
//end validasi
$data = array('title' => 'Login Admin Tempat Ngaji');
$this->load->view('back-end/login_view', $data, FALSE);
//cek username dan password
}else{
$i = $this->input;
$username = $i->post('username');
$password = $i->post('password');
//cek di database
$check_login = $this->admin_model->login($username, $password);
//jika ada di db
//jika ada data 1
if(count($check_login) == 1) { `//row 40`
$this->session->set_userdata('username', $username);
$this->session->set_userdata('akses_level', $check_login->akses_level);
$this->session->set_userdata('id_admin', $check_login->id_admin);
$this->session->set_userdata('nama', $check_login->nama);
$this->session->set_userdata('status', $check_login->status);
redirect(base_url('admin/dashboard'), 'refresh');
}else{
//jika tidak cocok error
$this->session->set_flashdata('msg', 'Username atau password tidak cocok');
redirect(base_url('admin/login'), 'refresh');
}
功能登录
function login
public function login($username, $password){
$this->db->select('*');
$this->db->from('admin');
$this->db->where(array('username' => $username,
'password' => sha1($password)));
$query = $this->db->get();
return $query->row();
}
我看到一些人在他们的代码中有这个错误,但我没有在phpMyAdmin中找到任何收到它的人。。。
我应该给什么
试试这个:
型号:
public function login($username, $password){
$this->db->select('*');
$this->db->from('admin');
$this->db->where(array('username' => $username,
'password' => sha1($password)));
$query = $this->db->get();
if ($query->num_rows() !== 1) {
return false;
}
return $query->row();
}
控制器:
if($check_login) { `//row 40`
$this->session->set_userdata('username', $username);
$this->session->set_userdata('akses_level', $check_login->akses_level);
$this->session->set_userdata('id_admin', $check_login->id_admin);
$this->session->set_userdata('nama', $check_login->nama);
$this->session->set_userdata('status', $check_login->status);
redirect(base_url('admin/dashboard'), 'refresh');
}else{
//jika tidak cocok error
$this->session->set_flashdata('msg', 'Username atau password tidak cocok');
redirect(base_url('admin/login'), 'refresh');
}
类似md5的sha1也不安全(SHA-1容易受到长度扩展攻击(:
警告不建议使用此功能来保护密码,由于这种哈希算法的快速性。请参阅密码哈希常见问题解答,了解详细信息和最佳实践。
http://php.net/manual/en/function.sha1.php