Session / Login help - Printable Version

Session / Login help - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Session / Login help (/showthread.php?tid=51349)

Pages: 1 2

Session / Login help - El Forum - 04-30-2012

[eluser]gbd_dee[/eluser]
Im new to CI. I want to restrict views to logged in members of my site. Im currently using session class but not sure if its working correctly. When I destroy the session I still have access to restricted content. Can someone go into detail on how I would code this correctly.
Every user has a profile page (only the logged in user can access its own person profile information/page)
Profile controller

Basically I want to only allow a session to be active for 30 minutes without activity, if a window or tab is closed I want the user to have to login again.

I need a code snippet that I add to every view that I want protect from non logged in members. Thanks in advance

Session / Login help - El Forum - 04-30-2012

[eluser]Aken[/eluser]
You're probably checking if a session_id exists on your protected pages. A session_id will ALWAYS exist - it's what assigns a session to a user. You need to add your own userdata that says whether they're logged in or not, and check that.

Session / Login help - El Forum - 04-30-2012

[eluser]gbd_dee[/eluser]
This is the code snippet that I have at the top of my restricted views

Code:
if(!$this->session->userdata('user_email')==$email)

redirect(base_url(). 'User/login');

else

    echo 'Logged in';

if I destroy the session is will still let me access restricted content

Session / Login help - El Forum - 04-30-2012

[eluser]InsiteFX[/eluser]
Because you need also to unset the session userdata!

Code:
$this->session->unset_userdata('some_name');

Session / Login help - El Forum - 04-30-2012

[eluser]Stefan Hueg[/eluser]
This won't work because you can not set a redirect in your view.
This has to be done in your controller in any restricted function OR if your whole controller should be protected, in your controller's __construct(){...}

Session / Login help - El Forum - 04-30-2012

[eluser]gbd_dee[/eluser]
This still isnt working

Code:
class Profile extends CI_Controller {

    function Profile()

    {

        parent::__construct();

    }

    public function index()

    {

        $this->login();

    }

    public function login()

     {

        $email = $this->Login_Model->getEmail();

        if(strcmp($this->session->unset_userdata('user_email'),$email)!=0)

            redirect(base_url(). 'User/login');

        else

           echo 'Logged in';

        }//login

Session / Login help - El Forum - 04-30-2012

[eluser]gbd_dee[/eluser]
I added the strcmp out of desperation... lol

Session / Login help - El Forum - 04-30-2012

[eluser]Stefan Hueg[/eluser]
I believe InsiteFX's post has misdirected you, here is the solution:

Code:
public function login()

 {

  $email = $this->Login_Model->getEmail();

  if($this->session->userdata('user_email') != $email)

   redirect(base_url(). 'User/login');

  else

   echo 'Logged in';

 }//login

Your function name is misleading, it should be something like is_logged_in() to make things clear.

Session / Login help - El Forum - 04-30-2012

[eluser]InsiteFX[/eluser]

Code:
class Profile extends CI_Controller {

    // this is wrong and your big ERROR! Should not be Profile()

    // Should be function __construct()

    // And since you are not setting anything you do not even need this method!

    function __construct()

    {

        parent::__construct();

    }

    public function index()

    {

        $this->login();

    }

    public function login()

     {

        // how does this know which email address to retrive?

        $email = $this->Login_Model->getEmail();

        if(strcmp($this->session->unset_userdata('user_email'),$email)!=0)

            redirect(base_url(). 'User/login');

        else

           echo 'Logged in';

        }//login

Your code that you are showing doe's not really make any since!

@stefan Hueg,
And how do you figure I have missed directed him?

If you do not unset the session userdata it will still exist, because there is no telling when the garbage collector will clear out the session!

Look at your session table and tell me how many sessions you have left in it...

Session / Login help - El Forum - 04-30-2012

[eluser]gbd_dee[/eluser]
So I did some restructuring I have a login and logout controller (2 separate controllers)
here is my login controller

Code:
&lt;?php

class Login extends CI_Controller {

    function Login()

    {

        parent::__construct();

    }

    public function index()

    {

        $this->is_logged_in();

    }//index

    public function is_logged_in()

    {

        $email = $this->Login_Model->getEmail();

        if($this->session->userdata('user_email') != $email)

        redirect(base_url(). 'User/login');

        else

           echo 'Logged in';

    }//is_logged_in

}