0

Every time I try and submit my login form it takes past 25 seconds to submit and still never does I just stop it passed that. I'm wondering if there's something I'm missing somewhere. I'm wondering if its something like some returns somewhere or something. Any ideas?

UNFLATTENED

public function form_is_valid()
{
    /* Set validation rules for post data */
    $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
    $this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
    $this->form_validation->set_rules('remember', 'Remember Me', 'trim|xss_clean|integer');

    /* Form validation passed */
    return $this->form_validation->run();
}

public function is_user_locked($user_data)
{
    if ($user_data->lock_date !== '0000-00-00 00:00:00')
    {
        /* User is locked out */

        if (strtotime(gmdate('Y-m-d H:i:s', time())) < strtotime($user_data->lock_date))
        {
            /* User is still locked out */
            return TRUE;
        }
        else
        {
            /* User is no longer locked out */
            return FALSE;
        }

    }
}

public function check_user_status($user_data)
{
    /* Match user status */
    switch ($user_data->user_status_id) 
    {
        case 1:
            $this->output('Sorry you must verify your account before logging in!', 'Account Unverified', 'Error');
            break;
        case 3:
            $this->output('Your account has been suspended!', 'Account Suspended', 'Error');
            break;
        case 4:
            $this->output('Your account has been suspended!', 'Account Banned', 'Error');
            break;
        case 5:
            $this->output('Your account has been deleted!', 'Account Deleted', 'Error');
            break;
        default:
            return;
    }
}

public function output($message, $title, $status = 'Success') 
{
    switch ($status)
    {
        case 'Error':
            array('status' => 'Error');
            break;
        case 'Notice':
            array('status' => 'Notice');
            break;
        case 'Success':
            array('status' => 'Success');
            break;
    }
    echo json_encode($status, $title, $message);
}

public function start_user_session()
{
    /* Start session with user id and clear previous failed login attempts */
    $this->session->set_userdata('uid', $user_data->user_id);
    $this->session->unset_userdata('failed_logins');
    $this->users_model->insert_session($user_data->user_id, gmdate('Y-m-d H:i:s', time()));
    return;
}

public function submit($post_username = NULL, $post_password = NULL) 
{   
    if (!$this->form_is_valid())
    {   
        echo 'test';
        die();
        $this->output('The form did not validate successfully!', 'Form Not Validated', 'Error');
    }   

    /* Post values from login form */
    $post_username = $this->input->post('username');
    $post_password = $this->input->post('password');

    /* Test to see value of posted login form */
    //echo '<pre>';
    //var_dump($post_username);
    //var_dump($post_password);
    //echo '</pre>';
    //die();

    /* Get user data from post username value */
    $user_data = $this->users_model->get_by('username', $post_username);

    /* Test to see value of $user_data */
    //echo '<pre>';
    //var_dump($user_data);
    //echo '</pre>';
    //die();

    if (count($user_data) == 0)
    {
        /* User was not found in database */
        $this->output('The user was not found in the database!', 'User Not Found', 'Error');
    }

    /* User was found in database */

    if ($this->is_user_locked($user_data->lock_date))
    {
        /* User is locked from logging in from too many failed attempts */
        $this->output('This user account is currently locked!', 'Account Locked', 'Error');    
    }
    else
    {
         /* User can be unlocked and form be resubmitted */
         $this->users_model->unlock_user($user_data->user_id);
         $this->submit($post_username, $post_password);
         return FALSE;
    }

    /* User is unlocked from logging in */

    if ($user_data->user_status_id != 2)
    {
        /* User has a status that is not allowed to proceed */
        $this->user_status_message($user_data->user_status_id);
    }                   

    /* User is registered and validated */                      

    $regenerated_post_password = $this->genfunc->reGenPassHash($post_password, $user_data->password_hash);

    $failed_logins = $this->session->userdata('failed_logins');

    if ($regenerated_post_password !== $user_data->password)
    {
        /* Password from login from does not match user stored password */

        if ($failed_logins == 0)
        {
            /* First time user has not entered username and password successfully */
            $this->session->set_userdata('failed_logins', 1);
            $this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
            $this->output('Incorrect username and password credentials!', 'Incorrect Login Credentials', 'Error');
        }

        /* User has atleast one failed login attempt for the current session */

        if ($failed_logins !== 4)
        {      
            /* User has a few more chances to get password right */
            $failed_logins++;
            $this->session->set_userdata('failed_logins', $failed_logins);
            $this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
            $this->output('Incorrect username and password credentials!', 'Incorrect Login Credentials', 'Error');
        }

        $this->users_model->lock_out_user($user_data->user_id, gmdate('Y-m-d H:i:s', time()+(60*15)));
        //$this->functions_model->send_email('maximum_failed_login_attempts_exceeded', $user_data->email_address, $user_data)
        $this->output('Your account is currently locked, we apologize for the inconvienence. You must wait 15 minutes before you can log in again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>', 'Account Locked', 'Error');            

    } 

    /* Password from login form matches user stored password and user may login */

    $this->output('Successful login! Sending you to the dashboard!', 'Login Sucessful', 'Success');
}

UPDATE: This was the original submit function that completely works however the reason for my post was because I was having problems with how I was trying to flatten it.

FLATTENED

public function submit($post_username = NULL, $post_password = NULL)
{
    /* Set variable defaults */
    $output_status = 'Notice';
    $output_title = 'Not Processed';
    $output_message = 'The request was unprocessed!';

    /* Number of error flags */
    $flags = 0;

    /* Set validation rules for post data */
    $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
    $this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
    $this->form_validation->set_rules('remember', 'Remember Me', 'trim|xss_clean|integer');

    if ($this->form_validation->run() == TRUE)
    {
        /* Form validation passed */

        /* Post values from login form */
        $post_username = $this->input->post('username');
        $post_password = $this->input->post('password');

        /* Test to see value of posted login form */
        //echo '<pre>';
        //var_dump($post_username);
        //var_dump($post_password);
        //echo '</pre>';
        //die();

        /* Get user data from post username value */
        $user_data = $this->users_model->get_by('username', $post_username);

        /* Test to see value of $user_data */
        //echo '<pre>';
        //var_dump($user_data);
        //echo '</pre>';
        //die();

        if (count($user_data) > 0)
        {
            /* User was found in database */

            if ($user_data->lock_date !== '0000-00-00 00:00:00')
            {
                /* User is locked out */

                if (strtotime(gmdate('Y-m-d H:i:s', time())) < strtotime($user_data->lock_date))
                {
                    /* User is still locked out */
                    $output_status = 'Error';
                    $output_title = 'Account Locked';
                    $output_message = 'This user account is currently locked!';
                    $flags++;
                }
                else
                {
                    /* User can be unlocked and form be resubmitted */
                    $this->users_model->unlock_user($user_data->user_id);
                    $this->submit($post_username, $post_password);
                    return FALSE;
                }

            }

            if ($flags == 0)
            {
                /* User is not locked out and no error messages reported */

                /* Match user status */
                switch ($user_data->user_status_id) 
                {
                    case 1:
                        $output_status = 'Error';
                        $output_title = 'Account Unverified';
                        $output_message = 'Sorry you must verify your account before logging in!';
                        $flags++;
                        break;
                    case 3:
                        $output_status = 'Error';
                        $output_title = 'Account Suspended';
                        $output_message = 'Your account has been suspended!';
                        $flags++;
                        break;
                    case 4:
                        $output_status = 'Error';
                        $output_title = 'Account Banned';
                        $output_message = 'Your account has been banned!';
                        $flags++;
                        break;
                    case 5:
                        $output_status = 'Error';
                        $output_title = 'Account Deleted';
                        $output_message = 'Your account has been deleted!';
                        $flags++;
                        break;
                }

                if ($flags == 0)
                {
                    /* User is registered and validated and no error messages reported */                   
                    $regenerated_post_password = $this->genfunc->reGenPassHash($post_password, $user_data->password_hash);

                    $failed_logins = $this->session->userdata('failed_logins');

                    if ($regenerated_post_password == $user_data->password)
                    {
                        /* Password from login form matches user stored password */

                        /* Start session with user id and clear previous failed login attempts */
                        $this->session->set_userdata('uid', $user_data->user_id);
                        $this->session->unset_userdata('failed_logins');
                        $this->users_model->insert_session($user_data->user_id, gmdate('Y-m-d H:i:s', time()));
                        $output_status = 'Success';
                        $output_title = 'Login Success';
                        $output_message = 'Successful login! Sending you to the dashboard';
                    }
                    else
                    {
                        /* Password from login from does not match user stored password */
                        if ($failed_logins > 0)
                        {
                            /* User has atleast one failed login attempt for the current session */
                            if ($failed_logins == 4)
                            {      
                                $this->users_model->lock_out_user($user_data->user_id, gmdate('Y-m-d H:i:s', time()+(60*15)));
                                //$this->functions_model->send_email('maximum_failed_login_attempts_exceeded', $user_data->email_address, $user_data)
                                $output_status = 'Error';
                                $output_title = 'Account Locked';
                                $output_message = 'Your account is currently locked, we apologize for the inconvienence. You must wait 15 minutes before you can log in again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>';
                            }
                            else
                            {
                                /* User has a few more chances to get password right */
                                $failed_logins++;
                                $this->session->set_userdata('failed_logins', $failed_logins);
                                $output_status = 'Error';
                                $output_title = 'Incorrect Login Credentials';
                                $output_message = 'Incorrect username and password credentials!';
                            }
                        }
                        else
                        {
                            /* First time user has not entered username and password successfully */
                            $this->session->set_userdata('failed_logins', 1);
                            $output_status = 'Error';
                            $output_title = 'Incorrect Login Credentials';
                            $output_message = 'Incorrect username and password credentials!';
                        }

                        $this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
                    }
                }
            }
        }
        else
        {
            /* User was not found in database */
            $output_status = 'Error';
            $output_title = 'User Not Found';
            $output_message = 'The user was not found in the database!';
        }
    }
    else
    {

        /* Form validation failed */
        $output_status = 'Error';
        $output_title = 'Form Not Validated';
        $output_message = 'The form did not validate successfully!';
    }

    $output_array = array('output_status' => $output_status, 'output_title' => $output_title, 'output_message' => $output_message);

    echo json_encode($output_array);
}
Kevin Smith
  • 731
  • 2
  • 7
  • 21
  • All I see is functions. Is there code actually calling one of them? – Alex W May 27 '13 at 03:04
  • my jquery ajax calls the submit function – Kevin Smith May 27 '13 at 03:07
  • Just post the code that has the method when you post the form and the validation. I don't think anyone wants to analyze this much code. – u54r May 27 '13 at 03:08
  • sorry i just didmt know where my issue is. atleast its easy clean code – Kevin Smith May 27 '13 at 03:11
  • Inspect the response in the Network tab in Chrome Developer Tools or Firebug. Please see [this thread](http://stackoverflow.com/questions/8298165/inspecting-large-json-data-in-chrome). Your webserver is probably reporting an error, but on AJAX calls, it won't write it directly to the document. You need to inspect it yourself in the web tools. This will give you a better idea of what's happening on the server. Pls report back your findings. – Jordan Arsenault May 27 '13 at 05:47

1 Answers1

1

First thing, you are not loading form_validation library. I guess you are auto loading that. The code is pretty messy to debug. You should get right result, if you give correct username and password in 4 attempts. I don't have knowledge about your database, so I hope you are not doing anything wrong in your model. In your is_userdata_locked function, you didn't mention what will happen if the date is '0000-00-00 00:00:00

public function is_user_locked($user_data)
{
if ($user_data->lock_date !== '0000-00-00 00:00:00')
{
    /* User is locked out */

    if (strtotime(gmdate('Y-m-d H:i:s', time())) < strtotime($user_data->lock_date))
    {
        /* User is still locked out */
        return TRUE;
    }
    else
    {
        /* User is no longer locked out */
        return FALSE;
    }
    return true; /*maybe false, considering your logic*/

}
}

You said you aren't seeing any output. In output function you are using json_encode, but giving 3 arguments. It doesn't take 3 arguments. You should make it a array. I don't see any reason to use switch there.

public function output($message, $title, $status = 'Success') 
{
        $stat = array('status' => $status,
                'message' => $message,
                'title' => $title
            );

    echo json_encode($stat);
}

In Your submit function, when user is not found, you are still going to next segment for checkingis_user_locked()`. You should repopulate the form, if user is not found. I have added an die()-

if (count($user_data) == 0)
{
    /* User was not found in database */
    $this->output('The user was not found in the database!', 'User Not Found', 'Error');
    die(); /*Add die to stop executing the rest of the code.*/
}

The next thing is the block where you are calling the submit function after unlocking user. The form_validation only works with post data, so when you are calling the function with argument, it does not get the post data. Form validation will always run false and you will an infinite loop. This is your main problem. I don't get why you have to resubmit. You unlock the user and then authenticate user.

if ($this->is_user_locked($user_data->lock_date))
{
    /* User is locked from logging in from too many failed attempts */
    $this->output('This user account is currently locked!', 'Account Locked', 'Error');
    die(); /*No need to execute rest of the script as user is locked*/
}
else
{
     /* User can be unlocked and form be resubmitted */
     $this->users_model->unlock_user($user_data->user_id);
}

I would say, your if else code blocks are pretty messy. I would suggest rethink your logic. You are probably lost with all those if else condition. If that is the case, you can try a simple flowchart. It would help you to ease your problem.

The last thing, check whether your ERROR REPORTING is on. You should have gotten the json_encode error at least.

UPDATE:

Here is a psudo submit function that should help you

function submit(){
        if (invalid form){ /*form_is_valid function*/
             output invalid_form_error;
             return;
        }

        if( user not exist ){
             output invalid_user_error;
             return;
        }

        if( inappropriate user_status){ /*check_user_status() function*/
             output user_status_error;
             return;

        }

        if(is_user_locked){ /*is_user_locked() function. My opinion if lock time is over, unlock user here*/
             output user_is_locked_error;
             return;
        }

        if( password not match){
            set/increase session variable failed attempt;
            if failed attempt is more than 4 lock user
            output incorrect_password_error/lock_login_error;
            return
        }

        set session variables; /* start_user_session() function */
        output success_message;
        return;
    }

You have to be careful to return appropriately from the submit function with appropriate message as this is ajax based application. This way you won't need any else condition, which will make your life easier. All your functions seems to be alright, but you have to clear your logic.

sakibmoon
  • 2,026
  • 3
  • 22
  • 32
  • Thank you for all of these comments. I updated my post to show my original code which was a bigger submit function that actually works. The flattened part was just after I tried making it smaller. – Kevin Smith May 27 '13 at 15:14