[Solved] Setting up a user redirect |
[eluser]riwakawd[/eluser]
I would like to know best way to set up my user redirect. So if user if not logged on and try's to access a page it will redirect to my 'admin' I have autoloaded the user library and sessions On the parent construct part of my dashboard controller I have set up my sessions redirect but stops me from logging on. If I remove it I can login fine, very strange. Should let me login while using sessions as a redirect. Dashboard Controller Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); Login Controller Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); Library Code: <?php
[eluser]riwakawd[/eluser]
All working now I after thinking about it over night. I found what was issue. I Removed the trim from my parent construct area User lib Old Code: if (trim($this->CI->session->userdata('user_id'))) { New Code: if ($this->CI->session->userdata('user_id')) { And on my parent construct area on my dashboard controller i put. Code: if ($this->session->userdata('isLogged')) {
[eluser]CroNiX[/eluser]
because if the session variable doesn't exist, session returns boolean false, and trim(false) is an empty string. So you should be using === comparisons when checking session to see if value exists so it checks the variables data TYPE in addition to its value. Code: if ($this->CI->session->userdata('user_id')) { would not pass your check if the user id is 0, even though the user exists in session, so that's not a good check. It might not matter here with this example, but it will with others. Code: if ($this->CI->session->userdata('user_id') !== FALSE) { Also, if you allow Code: $this->CI->db->escape(md5($password)) https://crackstation.net/ https://www.freerainbowtables.com/tables/ http://project-rainbowcrack.com/table.htm
[eluser]riwakawd[/eluser]
[quote author="InsiteFX" date="1409439648"]salt password salt [/quote] I had solved it before I posted what I did to fix it.
[eluser]riwakawd[/eluser]
[quote author="CroNiX" date="1409416117"]because if the session variable doesn't exist, session returns boolean false, and trim(false) is an empty string. So you should be using === comparisons when checking session to see if value exists so it checks the variables data TYPE in addition to its value. Code: if ($this->CI->session->userdata('user_id')) { would not pass your check if the user id is 0, even though the user exists in session, so that's not a good check. It might not matter here with this example, but it will with others. Code: if ($this->CI->session->userdata('user_id') !== FALSE) { Also, if you allow Code: $this->CI->db->escape(md5($password)) https://crackstation.net/ https://www.freerainbowtables.com/tables/ http://project-rainbowcrack.com/table.htm[/quote] I had solved it before I posted what I did to fix it.
[eluser]Tim Brownlaw[/eluser]
Well you made it "Work" without really understanding why! Both CroNiX and InsiteFX know you got it "Working" but make some really good suggestions you shouldn't just ignore! I was about to go into a more detailed explanation of how "if" works and how PHP allows for potential disasters as has been explained above! Things like... Code: if ($this->CI->session->userdata('user_id')) { Does that definitely return a TRUE or a FALSE????? Please don't go replying that you had already fixed it, without acknowledging what has been suggested. If you need more explanation, please ask!
[eluser]riwakawd[/eluser]
[quote author="Tim Brownlaw" date="1409466616"]Well you made it "Work" without really understanding why! Both CroNiX and InsiteFX know you got it "Working" but make some really good suggestions you shouldn't just ignore! I was about to go into a more detailed explanation of how "if" works and how PHP allows for potential disasters as has been explained above! Things like... Code: if ($this->CI->session->userdata('user_id')) { Does that definitely return a TRUE or a FALSE????? Please don't go replying that you had already fixed it, without acknowledging what has been suggested. If you need more explanation, please ask! [/quote] I know all about the md5 issues and that it is only temporary. Until I find a suitable security login system. Most of the ones that I have tried are over the top and sometimes does not work with what I am after. |
Welcome Guest, Not a member yet? Register Sign In |