Login

Attiq · 04-29-2017, 03:55 AM

I develop an application in code igniter. I have problem with sessions. When my application user log into their account, it shows the other user session name. I am using bluehost hosting and this problem holds only with bluehost hosting, because the same application hosted on godaddy hosting works properly. kindly tell me what is the problem exactly? is it hosting problem or something else ...

Attached Files Thumbnail(s)

PaulD · 04-29-2017, 09:45 AM

Can you show where $result comes from?

If you are accidentally getting all your user data, the foreach loop will loop through them all and return the last user found, not the current user.

You should, limit the query to one result and test if the result was found or not.

webdev25 · 04-29-2017, 10:57 AM

There may be a better way to do this depending on where and how you're getting $result, see if something like this helps:

PHP Code:
if( $result->num_rows() ) {
 
     $user = $result->row();

      $this->session->set_userdata(array(
           'user_id' => $user->user_id,
           'user_name' => $user->user_name,
           'role' => $user->role,
           'cate_permission' => $user->cate_permission,
           'password' => $user->password,
           'email' => $user->email,
           'pages_permissions' => $user->pages_permissions,
           'show_company_detail' => $user->show_company_detail,
           'account_status' => $user->account_status,
           'logged_in' => true,
      ));

} 

arisroyo · 04-29-2017, 05:14 PM

Wow that's a security flow in your hosting.

But for your security
Change $config['sess_cookie_name'] = "myown_application_session_name";

And also change your implementation

$this->session->set_userdata("my_session_keyidentifier",array());

There are those who tell lies with meaning behind them and those meaning less lies!

Attiq · 04-30-2017, 12:23 AM

(04-29-2017, 09:45 AM)PaulD Wrote: Can you show where $result comes from?

If you are accidentally getting all your user data, the foreach loop will loop through them all and return the last user found, not the current user.

You should, limit the query to one result and test if the result was found or not.

Dear My result comes through query from database. i write the following query

$this->db->where('username', $username);
$this->db->where('password', $passwrod);
$result = $this->db->get('tableName');

i also getting the values in $newdata array ...... But the thing is my sessions are not set and also not unset....

Attiq · 04-30-2017, 12:29 AM

(04-29-2017, 10:57 AM)webdev25 Wrote: There may be a better way to do this depending on where and how you're getting $result, see if something like this helps:

PHP Code:
if( $result->num_rows() ) { $user = $result->row(); $this->session->set_userdata(array( 'user_id' => $user->user_id, 'user_name' => $user->user_name, 'role' => $user->role, 'cate_permission' => $user->cate_permission, 'password' => $user->password, 'email' => $user->email, 'pages_permissions' => $user->pages_permissions, 'show_company_detail' => $user->show_company_detail, 'account_status' => $user->account_status, 'logged_in' => true, )); }

i am getting the result through following query

Code:
$this->db->where('username', $username);

$this->db->where('password', $password);

$result = $this->db->get('tableName');

Attiq · 04-30-2017, 12:44 AM

(04-29-2017, 05:14 PM)arisroyo Wrote: Wow that's a security flow in your hosting.

But for your security
Change $config['sess_cookie_name'] = "myown_application_session_name";

And also change your implementation

$this->session->set_userdata("my_session_keyidentifier",array());

recently my sess_cookie_name are stored in the database so in my case what is my_session_keyidentifier exactly ??

an if there is security problem in my hosting so which hosting you suggest me for code igniter application ??

Attiq · 04-30-2017, 01:24 AM

why i avoid foreach loop for $this->session->set_userdata() ??? is this not good practice or any other logical problem ??

Attiq · 04-30-2017, 01:29 AM

(04-29-2017, 10:57 AM)webdev25 Wrote: There may be a better way to do this depending on where and how you're getting $result, see if something like this helps:

PHP Code:
if( $result->num_rows() ) { $user = $result->row(); $this->session->set_userdata(array( 'user_id' => $user->user_id, 'user_name' => $user->user_name, 'role' => $user->role, 'cate_permission' => $user->cate_permission, 'password' => $user->password, 'email' => $user->email, 'pages_permissions' => $user->pages_permissions, 'show_company_detail' => $user->show_company_detail, 'account_status' => $user->account_status, 'logged_in' => true, )); }

why i avoid foreach loop for $this->session->set_userdata() ??? is this not good practice or any other logical problem ??

**InsiteFX** · 04-30-2017, 04:00 AM

Are you hashing the password before checking it with the hashed password in the database?

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )