0

Let's say I have a table called user

enter image description here

I want to make a HTTP call roughly like this http://my.awesome.server/dev_api/index.php/login/get_user.php?user=steven&password=12345

Which checks the database if there's a user 'steve' with the password '12345'. These are my codes.

controller

<?php
if(!defined("BASEPATH")) exit("No direct script access allowed");

class login extends CI_Controller
{
  public function index()
  {
    $this->load->model("login_model"); 
    $data["users"]=$this->login_model->get_user(); 

    $this->load->view("login_view", $data);
  }
}

model 

    class Login_model extends CI_Model {

        function get_user(){
            // get username, like $_GET['user']
            $user = $this->input->get('user');

            // get the password and MD5-ed it, like md5($_GET['password'])
            $md5_pass = md5($this->get('password'));

            // the where condition
            $this->db->where(array('userName' => $user, 'password' => $md5_pass)); 

            // ok, now let's query the db
            $q = $this->db->get('user');

            if($q->num_rows() > 0){

                foreach ($q->result() as $row){
                    $data[] = $row;
                }
            }
            return $data;
        }
    }

?>

view

<?php

if (!empty($users)){
    foreach ($users as $u){
        echo $u->userId .' '. $u->userName.' '.$u->password.' ';
    }
}

?>

Then I opened this on browser: http://my.awesome.server/dev_api/index.php/login/. The result is enter image description here

How to properly make a HTTP call, then?

Improve this question
3
  • 1
    Why would you make a HTTP call to the same system? That adds a bunch of needless overhead and will be quite slow. You also need to stop using MD5 for passwords - it's incredibly insecure. Commented Mar 21, 2018 at 16:16
  • Dont use md5 for passwords not to be used for passwords these days php.net/manual/en/faq.passwords.php Commented Mar 22, 2018 at 0:52
  • Also I would not put password in url. Commented Mar 22, 2018 at 8:54

3 Answers 3

Reset to default
2

The method in your model is name as get_user() while you call it as login_model->get()

More over you should use POST instead of GET for username and password.

Also use bcrypt or another hashing algorithm instead of MD5 it's more secure. DO NOT USE MD5

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You are trying to work against the framework you are using.

CodeIgniter abstract working with GET parameters by proposing you to use URL segments.

The URI scheme in CodeIgniter is as follow (see docs): controller/method/params...

It is divided in segments:

  1. the controller (mandatory)
  2. the method (mandatory, but may be implied in case of index, see below)
  3. the first param (optional)
  4. the second param (optional)
  5. ... and so on

You want to use the method index() of the controller Login, it translates to

http://my.awesome.server/dev_api/index.php/login/index

Also, with mode_rewrite activated with htaccess, it could be simplified in

http://my.awesome.server/dev_api/login/index

Now, index() is a special method as it is the one called by default in a controller. Hence the final URL would be:

http://my.awesome.server/dev_api/login

Now, if you want to pass parameters to your function, CodeIgniter does this through subsequent segments.

But you need to declare them in the controller method.

class login extends CI_Controller
{
    public function index($user = null, $password = null)
    { 
        // Check for $user / $password emptiness

        // ...

        // Use $user / $password as needed
        $data["users"]=$this->login_model->get_user($user , $password); 

        // use the results...
    }
}

And now you could call with:

http://my.awesome.server/dev_api/login/index/steven/12345

Notice that I've put index in the URL? It's because when passing parameters, the method is mandatory.

That said, I will reiterate what other people have said:

  1. Avoid passing login/password through GET. Prefer POST.
  2. Use an encrypted connection (HTTPS)
  3. Do NOT hash your password with md5 or even sha1. You need a strong algorithm. You also need to salt. Anyway, PHP got you covered with password_hash. Don't reinvent the wheel.

Good luck.

Improve this answer

2 Comments

Hmm I see. But the database query is done in the model. How do I pass $user & $password to it?
Update your get_user() function from login_model to accept $user and $password as parameters... See my update.
0

if you are passing data via url http://my.awesome.server/dev_api/index.php/login/get_user.php?user=steven&password=12345

You can retrieve it via URI segment

$user= $this->uri->segment(3); 
$password= $this->uri->segment(4);

Sorce: https://www.codeigniter.com/userguide3/libraries/uri.html

It is posible that this line $md5_pass = md5($this->get('password')); is setting the error if $this->get('password') is empty.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.