Sachini Karunaratne Sachini Karunaratne - 8 days ago 5
PHP Question

password related validation error in codeigniter

The follwing code is related to the signup part in my web application developed using codeigniter

<?php
class user extends CI_Controller
{
public function __construct()
{
parent::__construct();
$this->load->helper(array('form','url'));
$this->load->library(array('session', 'form_validation', 'email'));
$this->load->database();
$this->load->model('user_model');
}

function index()
{
$this->register();
}

function register()
{
//set validation rules
$this->form_validation->set_rules('fname', 'First Name', 'trim|required|alpha|min_length[3]|max_length[30]');
$this->form_validation->set_rules('lname', 'Last Name', 'trim|required|alpha|min_length[3]|max_length[30]');
$this->form_validation->set_rules('email', 'Email ID', 'trim|required|valid_email|is_unique[user.email]');
$this->form_validation->set_rules('password', 'Password', 'trim|required|matches[cpassword]|md5');
$this->form_validation->set_rules('cpassword', 'Confirm Password', 'trim|required');

//validate form input
if ($this->form_validation->run() == FALSE)
{
// fails
$this->load->view('user_registration_view');
}
else
{
//insert the user registration details into database
$data = array(
'fname' => $this->input->post('fname'),
'lname' => $this->input->post('lname'),
'email' => $this->input->post('email'),
'password' => $this->input->post('password')
);

// insert form data into database
if ($this->user_model->insertUser($data))
{
// send email
if ($this->user_model->sendEmail($this->input->post('email')))
{
// successfully sent mail
$this->session->set_flashdata('msg','<div class="alert alert-success text-center">You are Successfully Registered! Please confirm the mail sent to your Email-ID!!!</div>');
redirect('user/register');
}
else
{
// error
$this->session->set_flashdata('msg','<div class="alert alert-danger text-center">Oops! Error. Please try again later!!!</div>');
redirect('user/register');
}
}
else
{
// error
$this->session->set_flashdata('msg','<div class="alert alert-danger text-center">Oops! Error. Please try again later!!!</div>');
redirect('user/register');
}
}
}

function verify($hash=NULL)
{
if ($this->user_model->verifyEmailID($hash))
{
$this->session->set_flashdata('verify_msg','<div class="alert alert-success text-center">Your Email Address is successfully verified! Please login to access your account!</div>');
redirect('user/register');
}
else
{
$this->session->set_flashdata('verify_msg','<div class="alert alert-danger text-center">Sorry! There is error verifying your Email Address!</div>');
redirect('user/register');
}
}
}
?>


I have done the relevant validations for the relevant fields. But when trying to signup I get the error password does not match with the confirm password field though i entered same values for the password and confirm password fields! How can i correct it?

Answer

It's been a while since I used codeigniter(CI). I think you're hashing (md5) the first password but not the confirmation password. What happens if you try the following:

$this->form_validation->set_rules('password', 'Password', 'trim|required|matches[cpassword]');
$this->form_validation->set_rules('cpassword', 'Confirm Password', 'trim|required');

If this fixes your problem you can hash if afterwards.

I'd recommend not using md5, especially not without a salt. You might want to check out crypt(), password_hash() and the top answer here.