Tutorial Codeigniter Membuat Login Dengan Password Hash

Keamanan sebuah aplikasi sangatlah vital salah satunya adalah dalam sebuah login kita harus benar benar membuat aplikasi kita secure. pada artikel ini akan memberikan sebuah tutorial bagaimana login system dengan metode password hash dengan menggunakan framework codeigniter.

Untuk mencobanya silahkan gunakan database berikut yang sudah berisi username dan password yang sudah di hash

SQL :

-- phpMyAdmin SQL Dump
-- version 4.5.1
-- http://www.phpmyadmin.net
--
-- Host: 127.0.0.1
-- Generation Time: Aug 20, 2018 at 12:25 AM
-- Server version: 10.1.13-MariaDB
-- PHP Version: 7.0.8

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;

--
-- Database: `admin`
--

-- --------------------------------------------------------

--
-- Table structure for table `tbl_user`
--

CREATE TABLE `tbl_user` (
  `id_user` int(11) NOT NULL,
  `username` varchar(30) NOT NULL,
  `password` varchar(80) NOT NULL,
  `nama_admin` varchar(50) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

--
-- Dumping data for table `tbl_user`
--

INSERT INTO `tbl_user` (`id_user`, `username`, `password`, `nama_admin`) VALUES
(1, 'admin', '$2y$04$tCLmKWYatxKuVExHKyx1SerJpBAoK0quhpwZpnAUF73Fsh5RiAzZq', 'admin ganteng');

--
-- Indexes for dumped tables
--

--
-- Indexes for table `tbl_user`
--
ALTER TABLE `tbl_user`
  ADD PRIMARY KEY (`id_user`);

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

1. Buat sebuah view dengan nama login.php

<body class="login-page">
    <div class="login-box">
        <div class="logo">
            <a href="javascript:void(0);">Admin<b>Login</b></a>
        </div>
        <div class="card">
            <div class="body">
                <?php echo form_open('Login/masuk'); ?>
                <form id="sign_in" method="POST">
                    <div class="msg">Sign in to start your session</div>
                    <div class="input-group">
                        <span class="input-group-addon">
                            <i class="material-icons fa fa-user"></i>
                        </span>
                        <div class="form-line">
                            <input type="text" class="form-control" name="username" placeholder="Username" required autofocus>
                        </div>
                    </div>
                    <div class="input-group">
                        <span class="input-group-addon">
                            <i class="material-icons"></i>
                        </span>
                        <div class="form-line">
                            <input type="password" class="form-control" name="password" placeholder="Password" required>
                        </div>
                    </div>
                    <div class="row">
                        <div class="col-xs-8 p-t-5">
                            <input type="checkbox" name="rememberme" id="rememberme" class="filled-in chk-col-pink">
                            <label for="rememberme">Remember Me</label>
                        </div>
                        <div class="col-xs-4">
                            <button class="btn btn-block bg-pink waves-effect" type="submit" name="btnLogin">SIGN IN</button>
                        </div>
                    </div>
                    <div class="row m-t-15 m-b--20">
                        <div class="col-xs-6">
                            <a href="sign-up.html">Register Now!</a>
                        </div>
                        <div class="col-xs-6 align-right">
                            <a href="forgot-password.html">Forgot Password?</a>
                        </div>
                    </div>
                </form>
            </div>
        </div>
    </div>

2. Kemudian buat controller dengan nama login.php

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class Login extends CI_Controller {

 function __construct(){
  parent::__construct();
  $this->load->model('M_login');
 }

 public function index()
 {
  $this->load->view('login');
 }

 function masuk(){
  $username = $this->input->post('username');
  $password = $this->input->post('password', TRUE);
  $hashPass = password_hash($password, PASSWORD_DEFAULT);
  $this->db->where('username', $username);
  $users = $this->db->get('tbl_user');
  if ($users->num_rows() > 0) {
   $user = $users->row_array();
   if (password_verify($password, $user['password'])) {
    $data = $this->session->set_userdata($user);
    $this->session->set_userdata(array('status_login' => 'ok'));
    redirect('welcome');
   }
  }else{
   $this->session->set_flashdata('message', 'gagal login aplikasi');
  }
 }

 function logout(){
  $this->session->sess_destroy();
  redirect('login');
 }

}

/* End of file Login.php */
/* Location: ./application/controllers/Login.php */

4. Terakhir buat sebuah model dengan nama m_login.php

<?php
defined('BASEPATH') OR exit('No direct script access allowed');

class M_login extends CI_Model {

 function cheklogin($username, $password){
  $this->db->where('username', $username);
  $this->db->where('password', $password);
  $user = $this->db->get('tbl_user')->row_array();
  return $user;
 } 

}

/* End of file M_login.php */
/* Location: ./application/models/M_login.php */

Sekarang kalian sudah membuat keaman login yang lebih kuat dengan menggunakan hash password tentu data di dalam tbl user untuk loginnya pun harus terdapat data password yang sudah di hash.