Provide a valid password before proceeding (Codeigniter)

Tags: , ,



Newbie here. I have a modal where staff can transfer fund to a client. Before transferring fund, the staff must input his/her password before proceeding to transaction. My goal is to have a WORKING FUNCTION about the password validation. I made a slightly working function. I have provided a video below for better explanation.

https://streamable.com/z4vgtv //Correct or wrong password, the result is the same. “Password not match”

Controller:

public function form_validation($userID)
{
    
  
    $this->load->library('form_validation');
    $this->form_validation->set_rules("amount","Amount", 'required|numeric');
    
   
          $password = $this->input->post('password');
          $exists = $this->networks->filename_exists($password);
          
          $count = count($exists);
          if($count >=1)
          {
              
              if($this->form_validation->run())
              {
                  
                  $ref= $this->session->userdata('uid') + time ();
                  $id = $this->input->post('userID');
                  $pData = array(
                      'userID' => $id,
                      'transactionSource' => 'FR',
                      'refNumber' => 'FI-0000' . $ref,
                      "amount" =>$this->input->post("amount"),
                      "transType" =>"in",
                      
                  );
                  
                  $this->networks->fundin($pData);
                  
                  
                  $ref= $this->session->userdata('userID') + time ();
                  
                  $data1 = array(
                      'userID' => $this->session->userdata('uid'),
                      "transactionSource" => 'FR',
                      "refNumber" => 'FO' . $ref,
                      "amount" =>$this->input->post("amount"),
                      "transType" =>"out",
                      
                      
                  );
                     ?>
                    <script> alert("password match");</script>
                    <?php

        
        $this->networks->insert_data($data1);
        
        redirect(base_url() . "network/agents");
                }
        
                else
                    {
                        $this->index();
                    }
                }
                else
                {
                    ?>
                    <script> alert("Password not Match");</script>
                    <?php
                }
                                
 }

Model:

function filename_exists($password)
    {
        $this->db->select('*');
        $this->db->from('users');
        $this->db->where('password', $password);
        $query = $this->db->get();
        $result = $query->result_array();
        return $query->result();
        
    }

Views:

<form id="doBetting" method="post" action="<?php echo base_url('network/form_validation');?>/<?php echo $rows->userID; ?>">
                              <div class="input-group input-group-sm" style="width: 100%" >
                                <input type="hidden" id="usertransferid" name="userID">
                                
                        <div class="col-lg-12" >    
                        
                         
                            <input type="number" placeholder="Enter Amount" name="amount" class="form-control" id="box" required>   
                            
                            <br>
                            <input type="password" placeholder="Enter Password"  name="password" class="form-control"  id="cpass" required onblur="check_if_exists();"> 
                            
                            <br>
                            
                            
                            <!--  buttons -->

                            <input type="submit" class="btn btn-success text-bold" name="save" id="insert" value="Transfer">
                            </div>
                                  </div>
                                </div>
                           </form>       
             </div>
        </div>
                
        </div>   
        
        </div>

Ajax:

    <script>
    <script>
function check_if_exists() {

var password = $("#cpass").val();

$.ajax(
    {
        type:"post",
        url: "<?php echo site_url(); ?>network/form_validation",
        data:{password:password},
        success:function(response)
        {
//            remove alert();
        }
    });
} 

check_if_exists();
</script>

Answer

User always saved password on database with encoded form,but in your case,firstly you need to encode your password(format md5 or which format you are using to encode) and then check with your user password.

public function form_validation($userID) {

$this->load->library('form_validation');
$this->form_validation->set_rules("amount","Amount", 'required|numeric');

 $password = md5(trim($this->input->post('password')));
 $exists = $this->networks->filename_exists($password);

.........

}



Source: stackoverflow