
Custom login check in CodeIgniter fails to correctly verify user credentials

Whenever I call this function, I get the user_id correctly but the password isnt checked...


class Prometheus_model extends CI_Model {

        var $tables = array(
                'bots' => 'bots',
                'users' => 'users'

        function __construct() {

        public function tablename($table = NULL) {
                if(! isset($table)) return FALSE;
                return $this->tables[$table];

        public function get($table, $where = array(), $order = NULL) {
            if(isset($order)) {
            $q = $this->db->get_where($this->tablename($table),$where);
            $result = $q->result_array();
            // You should use $q->num_rows() to detect the number of returned rows
            if($q->num_rows()) {
            return $result[0];
            return $result;

        public function update($table, $where = array(), $data) {
                return $this->db->affected_rows();

        public function insert($table, $data) {
                return $this->db->insert_id();

        public function delete($table, $where = array()) {
                return $this->db->affected_rows();

        public function explicit($query) {
                $q = $this->db->query($query);
                if(is_object($q)) {
                        return $q->result_array();
                } else {
                        return $q;

        public function num_rows($table, $where = NULL) {
                $q = $this->db->get($table);
                return $q->num_rows();

        public function get_bot_data_by_hw_id($bot_hw_id) {
                $q = $this->get('bots', array('bot_hw_id' => $bot_hw_id));
                return $q;

        public function check_user_data($user_incredials, $user_password) {

                if($this->num_rows('users', array('user_name' => $user_incredials, 'user_password' => $this->encrypt->decode($user_password))) == 1){
                        $q = $this->get('users', array('user_name' => $this->security->xss_clean($user_incredials)));
                        return $q['user_id'];
                return FALSE;



My function-calling at the controller:

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Login extends CI_Controller {

        public function index(){

                        var_dump($this->prometheus_model->check_user_data($this->input->post('user_incredials'), $this->input->post('user_password')));



How can i fixx this ?


  • In your check_user_data() method you are using

    if($this->num_rows('users', array('user_name' => $user_incredials, 'user_password' => $this->encrypt->decode($user_password))) == 1)

    I think (logically) following code


    should be


    because, you are calling num_rows() method and it is

    public function num_rows($table, $where = NULL)
        $q = $this->db->get($table);
        return $q->num_rows();

    which is actually querying the data base something like, for example,

    select * from USERS where user_name = 'heera' and password = decode('abcde12345')

    In this case, the password you are trying to match is need to be encrypted using encode (not decode) method, because the user has given you a non-encrypted (plain) password and the password saved in the database is already encrypted, so encode the plain password using encode method before you query the database to match with already encoded passwords.