1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
<?php
Class User extends CI_Model {
/*
* Constructor
*/
function __construct() {
parent::__construct();
//Load required libraries
$this->load->database();
$this->load->library('session');
}
//Queries the DB and for a matching username and password. Returns result or false.
/*
* Constructor
*/
public function login($username, $password)
{
//Generate a salted hash
$hash = $this->getSaltedHash($password);
//Query-structure
$this->db->select('userName, name, passwd, userType, ssn');
$this->db->from('Users');
$this->db->where('userName', $username);
$this->db->where('passwd', $hash);
$this->db->limit(1);
//Execute query
$query = $this->db->get();
$result = $query->result();
//If a matching DB record is found.
if($result) {
//Prepare session data
$userDetails = array();
foreach($result as $row) {
$userDetails = array(
'username' => $row->userName,
'name' => $row->name,
'usertype' => $row->userType,
'ssn' => $row->ssn
);
}
//Set session data
$this->session->set_userdata('authenticated', $userDetails);
//Return success
return TRUE;
} else {
//Return fail
return FALSE;
}
}
/*
* This function logs the user out.
*/
public function logout() {
//Unset session data
$this->session->unset_userdata('authenticated');
}
/*
* This function return TRUE if the user is logged in and FALSE otherwise.
*/
public function isLoggedIn() {
if ($this->session->userdata('authenticated')) {
return TRUE;
} else {
return FALSE;
}
}
//Generates a password hash using a user-unique salt.
private function getSaltedHash($pwd)
{
/* Salt algorithm:
* Step 1: Get encryption key
* Step 2: Salt is set to password (reversed)
* Step 3: Salt is encrypted with MD5
* Step 4: Salt is reversed (again)
* Step 5: Salt is encrypted with SHA1
*/
$salt = '';
//UNCOMMENT TO ACTIVATE SALT LATER IN DEVELOPMENT!!!
//$salt = sha1(strrev(md5(strrev($this->config->item('encryption_key')))));
//Generate SHA1 hash using salt
$hash = sha1($salt.$pwd);
return $hash;
}
}
?>
|