queria sustituir esto:
Código PHP:
$result = $this->db->query("SELECT * FROM user WHERE email ='".$email."' LIMIT 1");
por esto:
Código PHP:
$result = $this->db->get('user',['email'=>$email]);
Pero el segundo permite logearse solo con la contraseña lo cual no debería pasar
login.php
Código PHP:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Login extends CI_Controller {
public function index()
{
$email = $this->input->post('email');
$password = $this->input->post('password');
$this->load->model('user');
$fila = $this->user->getUser($email);
if ($fila != null) {
if ($fila->password == $password) {
$data = [
'email' => $email,
'id' => $fila->id,
'login' => true
];
$this->session->set_userdata($data);
header('Location: '.base_url());
} else {
header('Location: '.base_url());
}
} else {
header('Location: '.base_url());
}
}
public function logout()
{
$this->session->sess_destroy();
header('Location: '.base_url());
}
}
user.php
Código PHP:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class User extends CI_Model {
public function getUser($email = '')
{
$result = $this->db->query("SELECT * FROM user WHERE email ='".$email."' LIMIT 1");
#$result = $this->db->get('user',['email'=>$email]); /*FALLA*/
return $result->num_rows() ? $result->row() : null ;
}
}