0

im currently learning how to make a working multi level login using code igniter using multi table because every type of user have some uniqueness and i tried to use md5 in the past but someone tell me that md5 is not save, so i try to use password-hash/password-verify but when i try to fill the login form it just telling me that the password is wrong even though i fill it with the same password "123456789" when create the account

This is my AuthController

namespace App\Controllers;
use App\Models\AdminModel;
use App\Models\GuruModel;
use App\Models\MuridModel;
use App\Models\WalimuridModel;

class Auth extends BaseController
{
    public function __construct()
    {
        $this->adminModel = new AdminModel();
        $this->guruModel = new GuruModel();
        $this->muridModel = new MuridModel();
        $this->walimuridModel = new WalimuridModel();
        
        $this->validation = \Config\Services::validation(); 
        $this->session = \Config\Services::session();   
    }

    public function valid_login()
    {
        //Take data from the login form
        $nama_user = $this->request->getVar('username');
        $password = $this->request->getVar('password');
        
        //Take data from database that have the same username 
        $admin = $this->adminModel->where('username_admin', $nama_user)->first();
        $guru = $this->guruModel->where('username_guru', $nama_user)->first();
        $murid = $this->muridModel->where('username_murid', $nama_user)->first();
        $walimurid = $this->walimuridModel->where('username_walimurid', $nama_user)->first();
        
        //check if username founded
        if($admin){
            $verify_pass = password_verify($password, $admin['password_admin']);
            if($verify_pass){
                $sessLogin = [
                    'isLogin' => true,
                    'username' => $admin['username_admin'],
                    'password' => $admin['password_admin'],
                    'email' => $admin['email_admin'],
                    'nama' => $admin['nama_admin'],
                    'jeniskelamin' => $admin['jenis_kelamin'],
                    'fotoprofil' => $admin['foto_profile'],
                    'level' => 'admin'
                    ];
                $this->session->set($sessLogin);
                return redirect()->to('/admin/index');
            }
            else {
                session()->setFlashdata('password', 'Password salah');
                return redirect()->to('/login');
            }
        }
        else if($guru){
            
            if($guru['password_guru'] == md5($data['password'])){
                $sessLogin = [
                    'isLogin' => true,
                    'username' => $guru['username_guru'],
                    'password' => $guru['password_guru'],
                    'email' => $guru['email_guru'],
                    'nama' => $guru['nama_guru'],
                    'jeniskelamin' => $guru['jenis_kelamin'],
                    'fotoprofil' => $guru['foto_profile'],
                    'level' => 'guru'
                    ];
                $this->session->set($sessLogin);
                return redirect()->to('/guru/index');
                }
            }
        else if($murid){

            if($murid['password_murid'] == md5($data['password'])){
                $sessLogin = [
                    'isLogin' => true,
                    'nisn' => $murid['nisn'],
                    'username' => $murid['username_murid'],
                    'password' => $murid['password_murid'],
                    'email' => $murid['email_murid'],
                    'nama' => $murid['nama_murid'],
                    'jeniskelamin' => $murid['jenis_kelamin'],
                    'fotoprofil' => $murid['foto_profile'],
                    'level' => 'murid'
                    ];
                $this->session->set($sessLogin);
                return redirect()->to('/murid/index');
                }
            }
            else if($walimurid){

            
                if($walimurid['password_walimurid'] == md5($data['password'])){
                    $sessLogin = [
                        'isLogin' => true,
                        'username' => $walimurid['username_walimurid'],
                        'password' => $walimurid['password_walimurid'],
                        'email' => $walimurid['email_walimurid'],
                        'nama' => $walimurid['nama_walimurid'],
                        'nisnanak' => $walimurid['nisn_murid'],
                        'jeniskelamin' => $walimurid['jenis_kelamin'],
                        'fotoprofil' => $walimurid['foto_profile'],
                        'level' => 'walimurid'
                        ];
                    $this->session->set($sessLogin);
                    return redirect()->to('/walimurid/index');
                }
            }
        
        else{
            //jika username tidak ditemukan, balikkan ke halaman login
            session()->setFlashdata('username', 'Username tidak ditemukan');
            return redirect()->to('/login');
            }
        }

this is my Admin Model

<?php

namespace App\Models;

use CodeIgniter\Model;

class AdminModel extends Model
{
    protected $table            = 'admin';
    protected $primaryKey       = 'id_admin';
    protected $useAutoIncrement = true;
    protected $protectFields    = true;
    protected $allowedFields    = ["id_admin","username_admin","password_admin","email_admin","nama_admin","jenis_kelamin","foto_profile"];
}

every model is basically the same

this is my login.php (login form)

<form method="post" action="/auth/valid_login">
    <div class="wrap">
          <input type="username" name="username" class="input" placeholder="username">
                 <span class="underline"></span><br>
                 <?php if($username){ ?>
                 <div class="alert alert-danger" role="alert">
                      <?php echo $username?>
                 </div>
                       <?php } ?> 
     </div>
     <div class="wrap">
           <input type="password" name="password" class="input" placeholder="Password">
                     <span class="underline"></span><br>
                     <?php if($password){ ?>
                     <div class="alert alert-danger" role="alert">
                            <?php echo $password?>
                     </div>
                            <?php } ?>
     </div>
     <div class="col-md-12 text-center">
          <button type="submit" class="btn-a">Login</button>
     </div>
</form>

this is my create admin form

<form method="post" action="/admin/save_admin">
            Username: <br>
            <input type="text" name="username" required><br>
            Password: <br>
            <input type="password" name="password" required><br>
            Email: <br>
            <input type="email" name="email" required><br>
            Nama: <br>
            <input type="text" name="nama_admin" required><br>
            Jenis Kelamin: <br>
            <input type="text" name="jenis_kelamin" required><br>
            Foto Profil: <br>
            <input type="text" name="fotoprofil" required><br>
            <button type="submit">Register</button>
        </form>

and my create function

 public function save_admin()
    {
        $data = $this->request->getPost();
        $this->validation->run($data, 'cradmin');
        $errors = $this->validation->getErrors();

        if($errors){
            session()->setFlashdata('error', $errors);
            return redirect()->to('/admin/admin/create');
        }

        $password = password_hash($data['password'], PASSWORD_DEFAULT);

        $this->adminModel->save([
            'username_admin' => $data['username'],
            'password_admin' => $password,
            'email_admin' => $data['email'],
            'nama_admin' => $data['nama_admin'],
            'jenis_kelamin' => $data['jenis_kelamin'],
            'foto_profile' => $data['fotoprofil'],
        ]);

        session()->setFlashdata('add', 'Data Admin berhasil dibuat');
        return redirect()->to('/admin/admin/index');
    }

i have tried to change the requirement of login like if the password same as the database it will make session or if password wrong go to login form and make session and none of it work sorry if my english is bad

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Tatsuya
  • 11
  • 3
  • 1
    Does this answer your question? [How to use PHP's password\_hash to hash and verify passwords](https://stackoverflow.com/questions/30279321/how-to-use-phps-password-hash-to-hash-and-verify-passwords) – DarkBee Feb 15 '23 at 08:20
  • 1
    I'd suggest that having different tables for each different type of user is a bad idea. You already have to have four different queries to figure out what kind of user is logging in, then four different code blocks to check credentials. Also, don't store the password in your session variables. – droopsnoot Feb 15 '23 at 08:36
  • 1
    Are you certain that the user you're testing with is an admin user, as you haven't updated the code for the other types, you're still using `md5()`. Did you make the column long enough to store a hashed password? Recommendation is varchar(255), I think. – droopsnoot Feb 15 '23 at 08:37
  • 1
    Agreed, this code is far too overcomplicated. Users should be all in one table. Store the type of user in a column in that table. After that, go and learn the principles of relational database design, which this database seems to lack. – ADyson Feb 15 '23 at 08:47

0 Answers0