I’ve setup my login functions in CodeIgniter (email/password). The email field is validating properly against the database, but as long as the email is validated any password is accepted–even blank passwords.

I need to figure out why only the email field is being checked against the database and how to get the password field to validate against the database.

Sidebar: I’m planning to encrypt the passwords next, but want to be sure the field is validating against the database first. Then I’ll add the security layers.

From the login controller:

 function login_validation()

{
    $this->load->model('foo_model');
    $query = $this->foo_model->validate();

    if($query) 
    {
        $data = array(
            'email' => $this->input->post('email'),
                            'password' => $this->input->post('password'),
            'is_logged_in' => true
        );
        $this->session->set_userdata($data);
        redirect('foodash');
    }
    else
    {
        $this->index(); // login page
    }
}

From the foo model:

function validate()
{
    $this->db->where('email', $this->input->post('email'));
    $this->db->where('password', $this->input->post('password'));

    $query = $this->db->get('footable');

    if($query->num_rows == 1)
    {
        return true;
    }           
}   

}

FIGURED IT OUT:
I was masking my password field using jquery so that the text wasn’t visible when entered. I had to change the name of my password field–once I changed it in the model, everything worked perfectly.