1

每当我调用此函数时,我都会正确获取 user_id 但未检查密码...

模型:

<?php
class Prometheus_model extends CI_Model {

        var $tables = array(
                'bots' => 'bots',
                'users' => 'users'
        );

        function __construct() {
                parent::__construct();
        }

        public function tablename($table = NULL) {
                if(! isset($table)) return FALSE;
                return $this->tables[$table];
        }

        public function get($table, $where = array(), $order = NULL) {
            $this->db->where($where);
            if(isset($order)) {
            $this->db->order_by($order);
            }
            $q = $this->db->get_where($this->tablename($table),$where);
            $result = $q->result_array();
            // You should use $q->num_rows() to detect the number of returned rows
            if($q->num_rows()) {
            return $result[0];
            }
            return $result;
    }

        public function update($table, $where = array(), $data) {
                $this->db->update($this->tablename($table),$data,$where);
                return $this->db->affected_rows();
        }

        public function insert($table, $data) {
                $this->db->insert($this->tablename($table),$data);
                return $this->db->insert_id();
        }

        public function delete($table, $where = array()) {
                $this->db->delete($this->tablename($table),$where);
                return $this->db->affected_rows();
        }

        public function explicit($query) {
                $q = $this->db->query($query);
                if(is_object($q)) {
                        return $q->result_array();
                } else {
                        return $q;
                }
        }

        public function num_rows($table, $where = NULL) {
                if(isset($where)){
                $this->db->where($where);
                }
                $q = $this->db->get($table);
                return $q->num_rows();
        }

        public function get_bot_data_by_hw_id($bot_hw_id) {
                $q = $this->get('bots', array('bot_hw_id' => $bot_hw_id));
                return $q;
        }

        public function check_user_data($user_incredials, $user_password) {

                if($this->num_rows('users', array('user_name' => $user_incredials, 'user_password' => $this->encrypt->decode($user_password))) == 1){
                        $q = $this->get('users', array('user_name' => $this->security->xss_clean($user_incredials)));
                        return $q['user_id'];
                }
                return FALSE;
        }

}

?>

我在控制器上的函数调用:

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Login extends CI_Controller {

        public function index(){


                if($this->input->post('user_login')){
                        var_dump($this->prometheus_model->check_user_data($this->input->post('user_incredials'), $this->input->post('user_password')));
                }

                $this->load->view('login_index');
        }

}

我该如何解决这个问题?

4

1 回答 1

2

在您check_user_data()使用的方法中

if($this->num_rows('users', array('user_name' => $user_incredials, 'user_password' => $this->encrypt->decode($user_password))) == 1)

我认为(逻辑上)以下代码

$this->encrypt->decode($user_password)

应该

$this->encrypt->encode($user_password)

因为,你正在调用num_rows()方法,它是

public function num_rows($table, $where = NULL)
{
    if(isset($where)){
        $this->db->where($where);
    }
    $q = $this->db->get($table);
    return $q->num_rows();
}

这实际上是在查询数据库,例如,

select * from USERS where user_name = 'heera' and password = decode('abcde12345')

在这种情况下,您尝试匹配的密码需要使用encode(不解码)方法进行加密,因为用户给了您一个未加密(明文)的密码,并且保存在数据库中的密码已经加密,所以请编码在encode查询数据库以匹配已编码的密码之前使用普通密码的方法。

于 2013-06-23T04:36:09.553 回答