Home/ Questions/Q 8961031
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T15:47:35+00:00

Well I’m going crazy here. This is something that seems like it should be

  • 0

Well I’m going crazy here. This is something that seems like it should be so simple and maybe it’s just staring me in the face and I’m not seeing it. I have specific instructions to make a login page in Kohana 3.2 that uses AJAX to process the form and authenticate just to the model with a plain text username and password. It’s just an exercise clearly designed to embarrass me, hehe. So no, security is not an issue here. There is no database and no content to be exploited.

I currently have the login form working just using Auth using the default ‘file’ driver in the auth config file.

application/config/auth.php

  return array(

    'driver'       => 'file',
    'hash_method'  => 'sha256',
    'hash_key'     => 'testkey',
    'lifetime'     => 30000,
    'session_type' => Session::$default,
    'session_key'  => 'auth_user',

    // Username/password combinations for the Auth File driver
    'users' => array(
                    'admin' => 'be4039381cf04bb778de68e6520a77c7d8b5e6d146f932f0759e681a46bfc120',
                    ),

);

However I have been searching and searching for an example of how to change this to submit and authorize using AJAX. I’m swimming in a sea of is_ajax and Controller_Templates etc. I’ve used Kohana for approximately 28 hours now. Will anyone help me figure this out?

application/views/user/login.php

<?= Form::open('user/login',array('class'=>'form-signin')); ?>
<h2 class="form-signin-heading">Sign in</h2>
<?php if (isset($message)) : ?>
    <h3 class="message">
        <?= $message; ?>
    </h3>
<?php endif; ?>

<!-- Username Field -->
<?php $uArray = array('type'=>'text','class'=>'input-block-level','placeholder'=>'Username = admin'); ?>
<?= Form::input('username',NULL,$uArray); ?>

<!-- Password Field -->
<?php $pwArray = array('class'=>'input-block-level', 'placeholder'=>'Password = password'); ?>
<?= Form::password('password',NULL,$pwArray); ?>

<!-- Checkbox -->
<?= Form::checkbox('remember','remember'); ?>
<?= Form::label('remember', 'Remember Me',array('class'=>'checkbox','label'=>'Remember')); ?>
<br />

<!-- Submit Buton -->
<?= Form::submit('login', 'Login',array('class'=>'btn btn-large btn-primary')); ?>

<?= Form::close(); ?>

application/classes/controller/user.php

<?php defined('SYSPATH') or die('No direct script access.');

class Controller_User extends Controller_Template {

    public function action_index()
    {
        $this->template->content = View::factory('user/index');
        // Load the user information
        $user = Auth::instance()->get_user();
        // if a user is not logged in, redirect to login page
        if ($user)
        {
            $this->template->content = View::factory('user/welcome')
            ->bind('user', $user);
        }
    }

    public function action_login()
    {
        // if a user is already logged in then redirect them to the index.
        if (Auth::instance()->logged_in())
            {
                // User is logged in, continue on
                Request::current()->redirect('user/index');
            }

        $this->template->content = View::factory('user/login')
            ->bind('message', $message);

        if (HTTP_Request::POST == $this->request->method())
        {
            // Attempt to login user
            $remember = array_key_exists('remember', $this->request->post()) ? (bool) $this->request->post('remember') : FALSE;
            $user = Auth::instance()->login($this->request->post('username'), $this->request->post('password'), $remember);

            // If successful, redirect user
            if ($user)
            {
                $this->template->content = View::factory('user/welcome')
                ->bind('user', $user);
            }
            else
            {
                $message = 'Login failed';
            }
        }
    }

    public function action_logout()
    {
        // Log user out
        Auth::instance()->logout();

        // Redirect to login page
        Request::current()->redirect('user/login');
    }

}

application/classes/model/user.php

<?php defined('SYSPATH') OR die('No Direct Script Access');

I am unfamiliar enough with Kohana that I’m not even sure what to put in the model. Right now Auth is using it’s own file to store the users array. But my instructions are to have a model store the username and password.

Thanks in advance for any and all help!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Ok I figured it out last night. I’ll answer my own question for future reference. While I’m still using Auth to handle the user session I am not authenticating to it. I’m using

    Auth::instance()->force_login($username)

    to force the login after authenticating to the model as I was asked to do.

    First I changed my login page to simplify and to add some AJAX.

    /application/views/user/login.php

    <form id="loginForm" class="form-signin">

<h2 class="form-signin-heading">Sign in</h2>

<div class="message" id="message"></div>

<!-- Username Field -->
<input type="text" id="username" class="input-block-level" placeholder="Username = admin" />

<!-- Password Field -->
<input type="password" id="password" class="input-block-level" placeholder="Password = password" />

<!-- Submit Buton -->
<input type="submit" id="login" value="Sign In" class="btn btn-large btn-primary" />

</form>

<script type="text/javascript">
$(document).ready(function() {

    $("#login").click(function() {
        var action = $("#loginForm").attr('action');
        var form_data = {
            username: $("#username").val(),
            password: $("#password").val(),
            is_ajax: 1
        };

        $.ajax({
            type: "POST",
            url: '/user/checkLogin',
            data: form_data,
            success: function(response)
            {
                if(response == 'success')
                    window.location.replace('/user');
                else
                    $("#message").html("<div class='alert alert-error'><button type='button' class='close' data-dismiss='alert'>×</button>Invalid username and/or password.</div>");    
            }
        });
        return false;
    });

});
</script>

    Then I added a simple model with plaintext username and password. (again this is prrof of concept and is by no means meant to be a secure way to authenticate).

    /application/classes/model/user.php

    <?php defined('SYSPATH') OR die('No Direct Script Access');

Class Model_User extends Model
{
    public function checkLogin($username, $password)
    {
        // These are the username and password to verify against
        $user = "admin";
        $pass = "password";

        // Compare and return boolean
        if ($username === $user && $password === $pass){
            return TRUE;
        } else {
            return FALSE;
        }
    }
}

    Then I added the checkLogin action to the user controller (because that’s what I’m calling from my AJAX on the login page) to handle the login.

    /application/classes/controller/user.php

    <?php defined('SYSPATH') or die('No direct script access.');

class Controller_User extends Controller_Template {

    public function action_index()
    {
        // Load the user information
        $user = Auth::instance()->get_user();

        // if a user is logged in, redirect to welcome page
        if ($user){
            $this->template->content = View::factory('user/welcome')
            ->bind('user', $user);
        } else {
            $this->template->content = View::factory('user/index');
        }
    }

    public function action_checkLogin()
    {
        //disable auto rendering if requested using ajax
        if($this->request->is_ajax()){
            $this->auto_render = FALSE;
        }

        // Check for post
        if($this->request->post()){
            // Instantiate the Model Object
            $user = new Model_User();

            // Get post variables
            $username = $this->request->post('username');
            $password = $this->request->post('password');

            // Check the login
            if($check = $user->checkLogin($username,$password)){
                // Login the user using auth
                $user = Auth::instance()->force_login($username);
                // Respond with a success
                echo 'success';
            } else {
                // Respond with a fail
                return "fail";
            }
        }
    }

    public function action_login()
    {
        // Load the user information
        $user = Auth::instance()->get_user();

        // if a user is logged in, redirect to welcome page
        if ($user){
            $this->template->content = View::factory('user/welcome')
            ->bind('user', $user);
        } else {
            $this->template->content = View::factory('user/login')
            ->bind('message', $message);
        }
    }

    public function action_logout()
    {
        // Log user out
        Auth::instance()->logout();

        // Redirect to login page
        Request::current()->redirect('user/login');
    }

}

    Now I have a nice simple login page that authenticates to the model using AJAX in the Kohana framework. It’s not rocket surgery but it’s interesting to figure out how these various frameworks function. Hope it helps someone in the future. Cheers!

    • 0