CodeIgniter Forums

Full Version: Strange Login Issue
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
If my when I login on my HMVC login controller. It checks a couple of callbacks.

And then it throws the suitable error message belong to that callback.

One thing I have noticed if I refresh the page it logs in any way it does not stop user from login to dashboard not sure why?

Any suggestion why I can refresh page then logins in direct?

Note: I am thinking because I have not unset the user id in login controller so there for may redirect would that be correct?


PHP Code:
<?php

class Login extends MX_Controller {

    public function 
__construct() {
        
parent::__construct();
        
$this->lang->load('admin/common/login''english');
        
$this->load->library('form_validation');
    }

    public function 
index() {
        
$this->document->setTitle($this->lang->line('heading_title'));

        
$data['heading_title'] = $this->lang->line('heading_title');

        
$userinfo $this->session->userdata['admin'];

        if (isset(
$userinfo['user_id'])) {

            
redirect('admin/common/dashboard');

        } else {

            
$this->form_validation->set_rules('username''Username''trim|required|min_length[4]|callback_validate|callback_validate_approved|callback_validate_status');
            
$this->form_validation->set_rules('password''Password''trim|required|min_length[4]|max_length[30]');

 
                       // $this variable is from MY_Form_validation library to make callbacks work with hmvc.

            
if ($this->form_validation->run($this) == FALSE) {
         
                
$data['header'] = Modules::run('admin/common/header/index');
                
$data['footer'] = Modules::run('admin/common/footer/index');

                
$this->load->view('common/login_view'$data);

            } else {

                
redirect('admin/common/dashboard');
            }

        }
    }

    public function 
validate() {
        if (
$this->user->login() == true) {
            return 
true;
        } else {
            
$this->form_validation->set_message('validate'$this->lang->line('text_callback_validate'));
            return 
false;
        }
    }

    public function 
validate_approved() {
        if (
$this->user->get_approved() == true) {
            return 
true;
        } else {
            
$this->form_validation->set_message('validate_approved'$this->lang->line('text_callback_validate_approved'));
            return 
false;
        }
    }

    public function 
validate_status() {
        if (
$this->user->get_status() == true) {
            return 
true;
        } else {
            
$this->form_validation->set_message('validate_status'$this->lang->line('text_callback_validate_status'));
            return 
false;
        }
    }

    public function 
check() {
        if (
$this->uri->segment(1) == 'admin') {

                
$route $this->uri->segment(1) .'/'$this->uri->segment(2) .'/'$this->uri->segment(3);

                
$ignore = array(
                    
'admin/common/login',
                    
'admin/common/logout',
                    
'admin/common/header',
                    
'admin/common/footer',
                    
'admin/common/filemanager',
                    
'admin/common/profile'
                
);

            if (!
in_array($route$ignore)) {
                    
                if (
$this->user->is_logged() == FALSE) {
                    
                    
redirect('admin/common/logout');
                    
                    return 
FALSE;

                } else {
                    
                    return 
TRUE;
                    
                }

            }

        }
    }


Unless it's your intention to build another authentication system for CI and spend hundreds of hours working out the details, you should just use somebody elses. I built one, and know from experience that I could have spent all that time doing something else. I made Community Auth. If you don't like it there is also Ion Auth, and maybe some others.