Secure login and registration with password hashing in Codeigniter

In this tutorial I will explain you how to create Secure login and registration with password hashing in Codeigniter.
Codeigniter work on MVC approach. I will explain you how to create a secure login with the hashing password
technique in codeigniter.Hope this tutorial will help you.So lets start.

First create a table

CREATE TABLE IF NOT EXISTS `user` (
 `id` int(100) NOT NULL AUTO_INCREMENT,
 `userName` varchar(50) NOT NULL,
 `email` varchar(50) NOT NULL,
 `password` varchar(255) NOT NULL,
 PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

After creating table we will make a registration page where user will register yourself.
Now create view register.php (Location:codeigniter/application/view)

Copy and paste the code below in the file and save

<a href="<?php echo site_url('user/register');?>">Register</a>
<a href="<?php echo site_url('user/login');?>">login</a>
<?php if (isset($error)) { echo $error;} ?>
<h1>Register</h1>
<form method="POST" action="<?php echo site_url('user/register');?>">
<div>
<input name="username" type="text" placeholder="Enter a username" />
<p>At least 4 characters, letters or numbers only</p>
</div>
<div>
<input name="email" type="text" placeholder="Enter your email" />
<p>A valid email address</p>
</div>
<div>
<input name="password" type="password" placeholder="Enter a password" />
<p>At least 6 characters</p>
</div>
<div>
<input name="password_confirm" type="password" placeholder="Confirm your password" />
<p>Must match your password</p>
</div>
<div>
<input type="submit" name = "submit" value="Register" />
</div>
</form>

Now create another file in the view folder login.php

Copy and paste the following code in file.

<?php if (isset($error)) : ?>
<div class="col-md-12">
<div class="alert alert-danger" role="alert">
<?= $error ?>
</div>
</div>
<?php endif; ?>
<h1>Login</h1>
<form method="POST" action="<?php echo site_url('user/login');?>">
<div class="login">
<input type="text" class="form-control" id="username" name="username" placeholder="Your username">
<input type="password" class="form-control" id="password" name="password" placeholder="Your password">
<input type="submit" class="btn btn-default" value="Login">
</div>
</form>
<a href="<?php echo site_url('user/register');?>">Register</a>
<a href="<?php echo site_url('user/login');?>">login</a>

Now we will go to the controller section which we will use to control the view and model section. Now create another file name User.php file in the controller folder(location controller/application/controller) copy and paste the below code which we will use to register and login.

<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class User extends CI_Controller
{
public function __construct()
{
parent::__construct();
$this->load->helper(array('url'));
$this->load->model('user_model');
}
function index()
{
$this->load->view('login');
}
public function register()
{
// create the data object
if(isset($_POST))
{
$data = new stdClass();
$username = $this->input->post('username');
$email = $this->input->post('email');
$password = $this->input->post('password');
if ($this->user_model->create_user($username, $email, $password))
{
echo "Registration successfull";
}
else
{
$data->error = 'There was a problem creating your new account. Please try again.';
$this->load->view('register', $data);
}
}
else{
$this->load->view('register');
}
}
public function login()
{
// create the data object
$data = new stdClass();
// load form helper and validation library
$this->load->helper('form');
$this->load->library('form_validation');
// set validation rules
$this->form_validation->set_rules('username', 'Username', 'required|alpha_numeric');
$this->form_validation->set_rules('password', 'Password', 'required');
if ($this->form_validation->run() == false)
{
$this->load->view('login');
}
else
{
// set variables from the form
$username = $this->input->post('username');
$password = $this->input->post('password');
if ($this->user_model->resolve_user_login($username, $password))
{
$user_id = $this->user_model->get_user_id_from_username($username);
$user = $this->user_model->get_user($user_id);
echo "logged in success";
}
else
{
$data->error = 'Wrong username or password.';
$this->load->view('login', $data);
}
}
}
}

Now create a new file inside the model folder with name User_model.php(location codeigniter/application/model)
Here we will do Secure login and registration with password hashing in Codeigniter . We will use model to select and add data in the database and return it will back to the controller.
copy and paste the below code:
User_model.php

<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class User_model extends CI_Model
{
public function __construct()
{
parent::__construct();
$this->load->database();
}
public function create_user($username, $email, $password)
{
$data = array(
'userName' =>$username,
'email' =>$email,
'password' =>$this->hash_password($password)
);
//print_r($data);die;
return $this->db->insert('user', $data);
}
public function resolve_user_login($username, $password)
{
$this->db->select('password');
$this->db->from('user');
$this->db->where('username', $username);
$hash = $this->db->get()->row('password');
return $this->verify_password_hash($password, $hash);
}
public function get_user_id_from_username($username)
{
$this->db->select('id');
$this->db->from('user');
$this->db->where('username', $username);
return $this->db->get()->row('id');
}
public function get_user($user_id)
{
$this->db->from('user');
$this->db->where('id', $user_id);
return $this->db->get()->row();
}
private function hash_password($password)
{
return password_hash($password, PASSWORD_BCRYPT);
}
private function verify_password_hash($password, $hash)
{
return password_verify($password, $hash);
}
}

Hope this blog will help you.Feel free to ask any question.Keep reading.

  • John

    Hi,
    This is a great article. This was exactly for what I was looking. Password hashing in codeigniter I have searched everywhere on google finally I find this. Great.

    • Ricky

      Thanks John, Keep visiting this site you will find more useful content in future also.

  • Pingback: Session handling in Codeigniter()

  • Pingback: Programadores en C++, HTML, XHTML,PHP, MySQL, CSS b├ísico | Just another My blog Sites site()

  • tsioh

    You need to change some of the settings similar to this:

    application/config/routes.php:
    $route[‘default_controller’] = ‘user’;

    application/config/database.php:
    ‘username’ => ‘your_db_user_name_here’,
    ‘password’ => ‘your_db_password_here’,
    ‘database’ => ‘your_db_here’,

  • Moch. Faisal Rasid

    and don’t forget ci/application/config/config.php
    $config[‘base_url’] = ‘http://yourhost/ci_folder/’;

  • Denis

    Call to undefined function password_hash()

    • Edgar

      I have the same problem, some solution?