passing data secure - Printable Version

passing data secure - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: passing data secure (/showthread.php?tid=42367)

passing data secure - El Forum - 06-05-2011

[eluser]mvn1990[/eluser]
hi, i've got a problem and i think it is not that difficult, in my view i have a table like this where i show all the projects...

Code:
<table class="940">

        <tr>

            <td class="titelbalk" width="500px;">Name</td>

            <td class="titelbalk" width="180px;" id="td_center">Holder</td>

            <td class="titelbalk" width="200px;" id="td_center">Ends</td>

            <td class="titelbalk" id="td_right">Entries</td>

        </tr>

        <tbody>

        &lt;?php foreach($projects as $project): ?&gt;

        <tr class="tr_res">

            <td class="td_res"><a >id_project .'') ?&gt;" rel="">&lt;?php echo $project->name; ?&gt;</a></td>

            <td class="td_res" id="td_center">&lt;?php echo $project->holder; ?&gt;</td>

            <td class="td_res" id="td_center">&lt;?php echo $project->end; ?&gt;</td>

            <td class="td_res" id="td_right">&lt;?php echo $project->entries; ?&gt;</td>

        </tr>

        &lt;?php endforeach; ?&gt;

        </tbody>

        </table>

but now i pass the project id to my controller in the url, of course this isn't safe so what is the best way to call the function in the controller and pass the data?

thanks in advance

passing data secure - El Forum - 06-05-2011

[eluser]cideveloper[/eluser]
Why do you think this is not safe? You are just passing a number in the url. Its up the controller/method to make sure only an authorized user is viewing the specific project.

passing data secure - El Forum - 06-07-2011

[eluser]mvn1990[/eluser]
ah okay, but how do i secure the controller/method because now when you type a differt id in the url you can see the project of other people...

passing data secure - El Forum - 06-07-2011

[eluser]cideveloper[/eluser]
I assume $projects is being pulled from the database. You need to set a where clause that says where user = logged_in_user. the model can be something like this

Code:
function get_projects($user_id = $this->session->userdata('user_id')){

    $this->db->where('user_id', $user_id);

    $this->db->where('id', $this->uri->segment(3));

    $query = $this->db->get('projects');

    if ($query->num_rows() > 0){

        return $query->result();

    }

    return false;

}

passing data secure - El Forum - 06-09-2011

[eluser]dj_voc[/eluser]
ya i think it will be safe if u build some login form and session, so user will just view their projects only Smile

passing data secure - El Forum - 06-09-2011

[eluser]cideveloper[/eluser]
Ion Auth is a very good auth library for things like this.