+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Best way to build a wizard with CodeIgniter? (/showthread.php?tid=32464)
Best way to build a wizard with CodeIgniter? - El Forum - 07-24-2010
[eluser]parham90[/eluser]
Hi there,
My client requires a sign-up wizard. I originally began implementing it with URI's like:
http://example.com/users/signup/1
and
http://example.com/users/signup/2
It occurs to me that this method is very insecure (E.G. the steps could be modified, tampered with, etc), and I wouldn't have sufficient data to add to the database in the end. So, should I just say that the data is not complete, or make it based on session data (I.E. store the current step in the session)? I have heard that session data also can be modified, so that's why I am not sure whether or not I should trust that one.
Thanks!
Best way to build a wizard with CodeIgniter? - El Forum - 07-24-2010
[eluser]WanWizard[/eluser]
Keep track of the current step in the session.
Let's session says 2, and someone requests 4, just redirect back to 2. If nothing present in the session, redirect to 1.
Session data is very difficult to tamper with, especially if you encrypt it (which you should). If you already have a database active at this point, go for database sessions instead of cookie sessions. That way no user data will be send to the client, just a cookie with the encrypted session_id. The session library also takes care of session_id rotation (default every 300 seconds), so even if someone steals the cookie, they have to use it to hack in within 300 seconds, after which the stolen cookie is invalid.
Best way to build a wizard with CodeIgniter? - El Forum - 07-24-2010
[eluser]Higher Ground Studio[/eluser]
The way I would go to implement it easily would be to use the jquery plugin, Smart Wizard (http://plugins.jquery.com/project/SmartWizard). I would use database sessions like wanwizard suggested.
Best way to build a wizard with CodeIgniter? - El Forum - 07-24-2010
[eluser]Jelmer[/eluser]
Take a look at my implementation at Bitbucket (als forum topic).
Best way to build a wizard with CodeIgniter? - El Forum - 07-25-2010
[eluser]parham90[/eluser]
Hi,
Thanks. I looked at that one, but didn't actually understand how it works (it is something on my side, not your fault). I just can't wrap my head around the concept, so I think I'd better just go with the session library and store sessions in a table in the database.
Thanks!
[quote author="Jelmer" date="1280005876"]Take a look at my implementation at Bitbucket (als forum topic).[/quote]