Home/ Questions/Q 9225033
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T04:28:41+00:00

I am using codeigniter framework. I have a login model and a controller with

  • 0

I am using codeigniter framework. I have a login model and a controller with a view. I have admin as username and admin as password set in the users table in my db for test purpose.
But when ever I use admin13356 or admindsgsd or adminWHATEVER with admin as password, the login is successful. I dont understand why.

My controller function is as follows.

function check(){
        $this->load->model('loginModel');
        $query = $this->loginModel->validate();
        if($query){
            $data = array('username' => $this->input->post('username'),
                           'is_logged_in' => true
                        );
            $this->session->set_userdata($data);
            //redirecting to appropriate page 
            redirect('success');
        }else{
            $this->session->set_flashdata('loginCheck','Username/Password Comination Incorrect!');
            redirect('login');
        }
    }

And my model is as below.

function validate(){
            $this->db->where('username', $this->input->post('username'));
            $this->db->where('password', md5($this->input->post('password')));
            $query = $this->db->get('users');
            if($query->num_rows() == 1){
                return true;
            }

        }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What version of PHP are you running? I’ve had problems with PHP before where it returns TRUE for non returns.

    Try adding return false to your validate() method:

    function validate(){
    $this->db->where('username', $this->input->post('username'));
    $this->db->where('password', md5($this->input->post('password')));
    $query = $this->db->get('users');
    if($query->num_rows() == 1){
        return true;
    }

    return false;
}

    Also, Model’s should be input agnostic. Definitely think about moving the $this->input->post() to the controller and pass the values in as parameters:

    This allows you to use the validate() method in other scenarios. For example (re-validating the password when the username isn’t supplied via post but via session).

    Controller

    function check(){
    $this->load->model('loginModel');
    $query = $this->loginModel->validate($this->input->post('username'), $this->input->post('password'));
    if($query){
        $data = array(
           'username' => $this->input->post('username'),
           'is_logged_in' => true
        );
        $this->session->set_userdata($data);
        //redirecting to appropriate page 
        redirect('success');
    }else{
        $this->session->set_flashdata('loginCheck', 'Username/Password Combination Incorrect!');
        redirect('login');
    }
}

    Model

    function validate($username, $password){
    $this->db->where('username', $username);
    $this->db->where('password', md5($password));
    $query = $this->db->get('users');
    if($query->num_rows() == 1){
        return true;
    }

    return false;
}
    • 0