I have the following controller named admin
class Admin extends CI_Controller {
public function __construct() {
parent::__construct();
$this->load->model('admin_model');
}
public function index()
{
$this->load->library('session');
$this->load->database();
if (!$this->session->userdata('user_id') || !$this->session->userdata('user_name'))
{
header("Location: /admin/login");
}
else
{
$user_id = $this->session->userdata('user_id');
$user_name = $this->session->userdata('user_name');
if (!$this->admin_model->verify($user_id, $user_name))
header("Location: /admin/login");
}
$this->load->view('templates/header');
$this->load->view('admin/index');
$this->load->view('templates/footer');
}
public function login()
{
$this->load->view('templates/header');
$this->load->helper('form');
$this->load->library('form_validation');
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == FALSE)
{
$data['run'] = false;
}
else if (!$this->admin_model->loginverify($this->input->post('username'),
$this->input->post('password')))
{
$data['run'] = false;
}
else
{
$data['run'] = true;
}
$this->load->view('admin/login', $data);
$this->load->view('templates/footer');
}
}
And I have the following model called Admin_model
class Admin_model extends CI_Model
{
public function __construct() {
parent::__construct();
$this->load->database();
}
public function verify($id, $name)
{
if (!is_numeric($id))
return false;
else
{
$query = $this->db->get_where('users', array('id'=>$id, 'username'=>$name), 1);
if ($query->result()->num_rows() === 0)
return false;
else
return true;
}
}
public function loginverify($name, $pass)
{
$pass = md5($pass);
//$query = $this->db->get_where('users', array('username'=>$name, 'passwd'=>$pass), 1);
$query = $this->db->query("SELECT * FROM users WHERE username='$name' AND passwd='$pass' LIMIT 1");
if ($query->result()->num_rows() === 0)
return false;
else
return true;
}
}
And my form is like the following:
<?php if (!$run)
{
?>
<form method="post" action="/admin/login">
<h5>Username</h5>
<input type="text" id="username" name="username" value="" size="50" />
<h5>Password</h5>
<input type="password" id="password" name="password" value="" size="50" />
<div><input type="submit" id="submit" name ="submit" value="Login" /></div>
</form>
<?php
}else{
echo "successfully login";
}
?>
I got a blank page when I submit, and when I inspect the network in Chrome, I see the post has caused a 500 internal server error.
When I change the direct query to get_where as in the above commented line, I got a severity 8192 with error message mysql_escape_string(): This function is deprecated; use mysql_real_escape_string() instead.
I am using manual form here but my CSRF is set to false. I've tried using form_open('admin/login') but then ridiculously it was turned to localhost/?admin/login with an extra ?.
I have been running into all these problems here and I just don't know what I should do. I appreciate any help given.
your form is not pointing to a correct url maybe, so i sugget you to change this:
<form action="/admin/login">
to
<form action="<?php echo site_url('admin/login'); ?>">
then try replacing all the headers() methods :
header("Location: /admin/login");
with
redirect(site_url('admin/login'),'',302);
sincerily, never used header(); with Codeigniter