1

I have successfully created a registration and login system. I have used username and password in the login form and i want to put the userid in other form like hidden field

login model cliente.php:

public function login($username,$password){
    $this->db->select('IdCliente');
    $this->db->where('LoginCliente',$username);
    $this->db->where('PassCliente',$password);
    $q = $this->db->get('clientes');

    if($q->num_rows()>0){
        return true;
    }else{
        return false;
    }

login controller login.php:

   public function index(){
    if($this->session->userdata('LoginCliente')){
        redirect('profile');
    }
    if(isset($_POST['password'])){
        $this->load->model('cliente');
        if($this->cliente->loginemp($_POST['username'],$_POST['password'])){
            $this->session->set_userdata('Login',$_POST['username']);
            redirect('PanelIndex');
        }elseif(isset($_POST['password'])){
        $this->load->model('cliente');
        if($this->cliente->login($_POST['username'],$_POST['password'])){
            $this->session->set_userdata('LoginCliente',$_POST['username']);
            $this->session->userdata('IdCliente');
            redirect('profile');
        }else{
            redirect('login');              
        }
    }

    }

    $this->load->view('inicio/loginview');  

}

profile.php

public function index()
{


         $this->load->view("/clientes/clienteindex");

}
lalo
  • 35
  • 1
  • 6
  • If session data is stored on a session once then you can simply get it in the view like I answered. ** At the Profile(at the View):** – always-a-learner Jun 19 '17 at 04:06
  • 1
    I hope you don't store plan password in database if you do not good idea hash using http://php.net/manual/en/function.password-hash.php and verify http://php.net/manual/en/function.password-verify.php –  Jun 19 '17 at 04:14
  • @lalo is it this question not fixed? – Kamarul Anuar Jun 26 '17 at 15:35

2 Answers2

0

If you want to IdCliente you need to return it first from the login function.

public function login($username,$password){
    $this->db->select('IdCliente,LoginCliente');
    $this->db->where('LoginCliente',$username);
    $this->db->where('PassCliente',$password);
    $q = $this->db->get('clientes');

    if($q->num_rows()>0){
        return $q->row_array();
    }else{
        return false;
    }
}

Now In Index Function:

$session_data = $this->cliente->login($_POST['username'],$_POST['password'])
if(isset($session_data) && !empty($session_data){            
        $this->session->userdata('session_data',$session_data);
        redirect('profile');
 }

At the Profile(at the View):

$session_data = $this->session->userdata('session_data');
    $IdCliente= $session_data['IdCliente'];
    $LoginCliente= $session_data['LoginCliente'];
always-a-learner
  • 3,671
  • 10
  • 41
  • 81
  • you mean in index replace this part if($this->session->userdata('LoginCliente')){ redirect('profile'); } ??? – lalo Jun 19 '17 at 04:18
  • parsing error (T_IF) in $session_data = $this->cliente->login($_POST['username'],$_POST['password']) if(isset($session_data) && !empty($session_data){ – lalo Jun 19 '17 at 04:31
0

Create Simple_login.php file from your CI libraries folder and put this code.

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

/******************
* SHAHBLOGGER.COM*
******************/

class Simple_login {

   // SET SUPER GLOBAL
   var $CI = NULL;

   /**
    * Class constructor
    *
    * @return   void
    */
   public function __construct() {
       $this->CI =& get_instance();
   }


   public function login($email, $password, $referer) {

       //check username and password
       $query = $this->CI->db->get_where('clientes',array('LoginCliente'=>$username,'PassCliente' => $password)); // better use md5($password)

       if($query->num_rows() == 1) {
           //let start query

           $row  = $query;
           $user = $row->row();
           $id   = $user->IdCliente;


           //set session user

           $this->CI->session->set_userdata('id', $id);

           redirect($referer);

       }else{

           //redirect them to you login page
           redirect(site_url('login'));
       }
        return false;
    }



   /* check If They're login. If yes, set userdata */
   public function check_login() {

       //check session id set or not set. if not set, they're not login
       if($this->CI->session->userdata('id') == '') {


           //they're not login so redirect them to login page
           redirect(site_url('login'));

       } 
   }



   // Unset session data
   public function logout() {   
       $this->CI->session->unset_userdata('id');
       redirect(site_url('login'));
   }
}

then modify your controller

<?php
 defined('BASEPATH') OR exit('No direct script access allowed');

 class Login extends CI_Controller { //<<-- change 'Login' to your own class base on your controller file name 

     public function index() {

         // Fungsi Login
         $valid = $this->form_validation;
         $username= $this->input->post('username');
         $password = $this->input->post('password');
         $referer = $_SERVER['HTTP_REFERER'];// change where you want user redirect after success login
         $valid->set_rules('username','Username','required');
         $valid->set_rules('password','Password','required');


         if($valid->run()) {

             $this->simple_login->login($username,$password, $referer);
         }
         // End login

           $this->load->view('you_login_view');

     }

     public function logout(){
         $this->simple_login->logout();
     }
 }

  1. makesure activated Codeigniter Autoload features. Follow this link

  2. to call id of login user use this $this->session->userdata('id');

  3. to make page only can access by login user user, paste this at controller $this->simple_login->check_login();

Updated: Base on comment below. I've changed Query to modified Query (Codeigniter Active Record) to avoid SQL Injection

Kamarul Anuar
  • 312
  • 4
  • 16
  • how i edit this field if my page after sucess login is controllers/profile.php??? ---> $referer = $_SERVER['HTTP_REFERER']; – lalo Jun 19 '17 at 07:55
  • play with url . mybe site_url('profile'); . if your profile page login is sitename.com/profile – Kamarul Anuar Jun 19 '17 at 10:16
  • it shuold be working. if you having problerm with this code, just let me know. but if it success to call user id. please accept my question. thanks – Kamarul Anuar Jun 19 '17 at 10:30
  • Do not use this code, it is vulnerable to SQL injection. – Alex Howansky Jun 20 '17 at 14:09
  • @AlexHowansky can you explain about **it is vulnerable to SQL injection** to me? I'm not using standard PHP query to SQL in this answer. But I'm used Codeigniter Active Record (modified PHP query) to prevent SQL injection. check this https://stackoverflow.com/a/12490093 – Kamarul Anuar Jun 26 '17 at 14:43
  • You're using string concatenation to build a query: `'SELECT IdCliente FROM clientes where LoginCliente = "'.$username.'" AND PassCliente = "'.$password.'"'` If either of those variables contains a single quote, you have SQL injection. – Alex Howansky Jun 26 '17 at 14:55
  • Edited the asnswer: @AlexHowansky , I missed it. Thanks for it – Kamarul Anuar Jun 26 '17 at 15:33