笨用户注册：分流登录失败在2个条件的条件当有人填充<em>登记表</em>并将其提交到覆盖“帐户无效”情况下

Question

我已经作出了注册和登录应用与笨3.

成功时，“用户”表中的“活动”列中接收值0，作为可见图像中的波纹管：

用户将能够前激活他们的帐户小号。IGN在

在Signin.php控制器我有signin()功能：

public function signin() 
{ 
    $this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email'); 
    $this->form_validation->set_rules('password', 'Password', 'required|trim'); 
    $this->form_validation->set_error_delimiters('<p class="error">', '</p>'); 
    if ($this->form_validation->run()) 
    { 
    $email = $this->input->post('email'); 
    $password = $this->input->post('password'); 
    $this->load->model('Usermodel'); 
    $current_user = $this->Usermodel->user_login($email, $password, $active); 
    // Set the current user's data 
    if ($current_user) { 
    $this->session->set_userdata(
     array(
     'user_id' => $current_user->id, 
     'user_email' => $current_user->email, 
     'user_first_name' => $current_user->fname, 
     'is_logged_in' => TRUE 
     ) 
     ); 
    redirect('home'); 
    } else { 
     $this->session->set_flashdata("signin_failure", "Incorrect email or password"); 
     redirect('signin'); 
    } 
    } 
    else 
    { 
    $this->load->view('signin'); 
} 
} 

我想要的，而不是在代码行$this->session->set_flashdata("signin_failure", "Incorrect email or password");以上，以便能够“分裂”登录失败条件在2：不正确的电子邮件或密码和帐户未被激活。

if (condition here) { 
     $this->session->set_flashdata("signin_failure", "Your account has not been activated"); 
    } else { 
     $this->session->set_flashdata("signin_failure", "Incorrect email or password"); 
} 

我问题：我应该怎么放，而不是condition here在上面的代码？

更具体地说：我怎么说的：如果“活动”列中的值是0做$this->session->set_flashdata("signin_failure", "Your account has not been activated");？

的USER_LOGIN（）内部函数的的usermodel：

public function user_login($email, $password, $active) { 
     $query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]); 
     return $query->row(); 
} 

UPDATE：

我想出了这一点：

public function signin() 
    { 
    $this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email'); 
    $this->form_validation->set_rules('password', 'Password', 'required|trim'); 
    $this->form_validation->set_error_delimiters('<p class="error">', '</p>'); 
    if ($this->form_validation->run()) 
    { 
    $email = $this->input->post('email'); 
    $password = $this->input->post('password'); 
    $this->load->model('Usermodel'); 
    $current_user = $this->Usermodel->user_login($email, $password); 
     // If we find a user 
    if ($current_user) { 
     // If the user found is active 
     if ($current_user->active == 1) { 
     $this->session->set_userdata(
     array(
      'user_id' => $current_user->id, 
      'user_email' => $current_user->email, 
      'user_first_name' => $current_user->fname, 
      'user_active' => $current_user->active, 
      'is_logged_in' => TRUE 
     ) 
     ); 
     redirect('home'); 
     } else { 
     // If the user found is NOT active 
     $this->session->set_flashdata("signin_failure", "Your account has not been activated"); 
     redirect('signin'); 
     } 
    } else { 
     // If we do NOT find a user 
     $this->session->set_flashdata("signin_failure", "Incorrect email or password"); 
     redirect('signin'); 
    } 
    } 
    else 
    { 
    $this->load->view('signin'); 
} 
} 

但在它的一个缺陷，因为即使当电子邮件地址和密码是否正确，但用户不活跃，该消息是：“不正确的电子邮件或密码”而不是“您的帐户尚未激活”。

Answer 1

刚刚从user_login函数模型删除主动检查。因为你已经检查ID的用户是主动或不在您的控制器。它不应该影响你的工作。

$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password)]); 

编辑：

那么在笨论坛阐述了答案贡献JayAdrahere

这是因为你的第一个if语句是：

if ($current_user) { 

哪样为非活动用户返回false，作为你的que ry是：

$query = $this->db->get_where('users', ['email' => $email, 'password' => md5($password), 'active' => 1]); 

注意，检查“active”=> 1，这意味着它不会为非活动用户返回任何记录。

所以，你的第一个if语句返回false，因此将其拥有的其他条款：

$this->session->set_flashdata("signin_failure", "Incorrect email or password"); 

所以你可能需要检查，如果用户是第一次激活时，检查前如果他们的用户名/密码是正确的。

我建议将你的“user_login”功能分成两个不同的功能。一个用于检查用户是否处于活动状态，另一个用于测试用户/传递组合。

最后，我注意到你将密码存储为md5字符串......这是一个坏主意。这并不安全。使用bcrypt或类似的。

Answer 2

/***************************************/ // model function 
function user_login($email,$password) 
{ 
    $this->db->select("*"); 
    $this->db->from('table_name'); 
    $this->db->where(array('email'=>$email,'password'=>$password)); 
    $this->db->limit(1); 
    $query = $this->db->get(); 
    if(!$query->num_rows()) 
     return false; 
    return $query->row_array(); 
} 
/***************************************/ // controller 
public function signin() 
{ 
    $this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email'); 
    $this->form_validation->set_rules('password', 'Password', 'required|trim'); 
    $this->form_validation->set_error_delimiters('<p class="error">', '</p>'); 
    if ($this->form_validation->run()){ 
     $email = $this->input->post('email'); 
     $password = $this->input->post('password'); 
     $this->load->model('Usermodel'); 
     $current_user = $this->Usermodel->user_login($email, $password); 
     // If we find a user 
     if ($current_user) { 
      // If the user found is active 
      if ($current_user['active'] == 1) { 
       $this->session->set_userdata(array(
        'user_id' => $current_user['id'], 
        'user_email' => $current_user['email'], 
        'user_first_name' => $current_user['fname'], 
        'user_active' => $current_user['active'], 
        'is_logged_in' => TRUE 
       )); 
       redirect('home'); 
      }else { 
       // If the user found is NOT active 
       $this->session->set_flashdata("signin_failure", "Your account has not been activated"); 
       redirect('signin'); 
      } 
     }else { 
      // If we do NOT find a user 
      $this->session->set_flashdata("signin_failure", "Incorrect email or password"); 
      redirect('signin'); 
     } 
    } 
    else{ 
     $this->load->view('signin'); 
    } 
}