login using codeigniter
I have developed a login using codeigniter, but I have this problem when loged in any one can type another address in another address and go to another account. how to avoid that? please instruct me?
This is the way how I coded the login:
function index()
{
$this->is_logged_in();
}
function is_logged_in(){
$is_logged_in = $this->session->userdata('is_logged_in');
if(!isset($is_logged_in)||$is_logged_in!= TRUE ){
echo 'you are not logged in ';
echo anchor('login_controller','Login');
开发者_开发问答 }else{
$this->main();
}
}
i've worked with two approaches with user authentication in CI
you can do it on a per-page basis, via the __construct()
function, checking if the user is logged in and then redirecting them accordingly.
alternatively you can extend the base controllers so that you have (for example) a regular controller, for pages that require no authentication, a "Public" controller which require you to be logged in, and an "Admin" controller that allows only certain types of user.
I refer once again to Phil Sturgeon for this - extending base controllers
i'd also recommend looking at some Auth Libraries - Ion Auth and Tank Auth are generally accepted as very good - but there are plenty available.
Your function is also fairly limited - the user can only ever do one option (main).
The better approach is
<?php
class Foo extends Controller {
function __construct()
{
$is_logged_in = $this->session->userdata('is_logged_in');
if(!isset($is_logged_in)||$is_logged_in!= TRUE )
{
redirect('login');
}
}
// else, logged in..proceed
}
for instance.
You will have to create a session after users gets logged in eg specified correct credentials. Once you have done that, you will have to put up session check on every page that needs to be viewed only by logged in users.
Take a look at CI's Session Class for more information.
You said:
i have this problem when loged in any one can type another address in another address and go to another account
As I understand, when you validate the credentials of a user you are no storing in your session the ID of that user.
You need to store the ID in every session to know who is viewing each page and what you need to show him.
Controller Example:
function validate_credentials() {
$this->load->model('users_model');
if($this->users_model->check_pass() == true) {
$data = array(
'email' => $this->input->post('email'),
'is_logged_in' => true,
'user_id' => $this->users_model->get_userid()
);
$this->session->set_userdata($data);
}
}
Model Example:
function get_userid() {
$this->db->where('email', $this->input->post('email'));
$q = $this->db->get('users');
$r = $q->row();
return $r->id;
}
Now you can load the content dynamically based on $this->session->userdata('user_id'); and determine what they should see on every page.
PS: If you want to have roles you only have to store the user role in your session adding another 'key' => 'val'
Hope that helps.
//model
function fetchrowlogin($info,$table){
$this->db->select('*');
$this->db->where($info);
$this->db->from($table);
$query = $this->db->get();
if($query->num_rows() > 0){
$row = $query->row_array();
return $row;
}
}
///controller
function login(){
if(isset($_POST['login'])){
$log['email'] = $_POST['email'];
$log['password'] = $_POST['password'];
$details = $this->User_model->fetchrowlogin($log,'candidate');
if(count($details)){
$ids = $details['id'];
$email = $details['email'];
$fname = $details['fname'];
$this->session->set_userdata(array(
'custid' => $ids,
'emailid'=> $email,
'fname'=> $fname,
));
redirect('http://localhost/test27/index.php/welcome/dashboard');
}else{
redirect(base_url().'front1');
}
}
$this->load->view('front/login');
}
精彩评论