User Authentication - Placement of code? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: User Authentication - Placement of code? (/showthread.php?tid=5420) |
User Authentication - Placement of code? - El Forum - 01-21-2008 [eluser]RyanH[/eluser] I realize there are libraries out there (such as ErkanaAuth) that do this for you. However for the purposes of learning I'm trying to create some user authentication of my own. I'm not doing this in the form of a library but rather just placing the code into the controllers/view files. That being said, this brings me to my question. How do you setup your files and the placement of your code? For example, I have a login page (login controller) that requires only an email and a password. The login controller, within the index function, validates the fields and then checks the database to see if the email and passwords match and if they do, redirects them to a login_complete view file. If it fails, it reloads the login page. I've also added sessions into the mix and so far they seem to be working fine. However, what I'd like to know is what code to use, and where to place it (view files or controllers), that checks to see if the user is logged in, and if not, displays the login page. Essentially right now my login_complete page looks basically like this: Code: <? if(!$this->session->userdata('session_id')) Thanks. User Authentication - Placement of code? - El Forum - 01-21-2008 [eluser]dawnerd[/eluser] You're doing it correct, however it's not very secure. Ideally you would store the session in a database and use unique hashes to check if the user is actually who they say they are. To log the user out, just destroy the session. Like I said before, basing it only off session id's is just asking to be hacked. User Authentication - Placement of code? - El Forum - 01-21-2008 [eluser]RyanH[/eluser] [quote author="dawnerd" date="1200962457"]You're doing it correct, however it's not very secure. Ideally you would store the session in a database and use unique hashes to check if the user is actually who they say they are. To log the user out, just destroy the session. Like I said before, basing it only off session id's is just asking to be hacked.[/quote]Thanks. I am actually storing the session information in the database, this was just an example. However, what would be a more secure way to check to see if the user is who they say they are? Where would the code go to destroy the session? Also, is there a way to modify the CI code to allow for the storing of custom information, such as usernames or what have you? The user guide says that you can use the information but upon reading the Wiki and searching the forums it appears that you can't, at least currently, store anything beyond the standard session information in the database. User Authentication - Placement of code? - El Forum - 01-21-2008 [eluser]Eric Cope[/eluser] I am not sure if this is what you are looking for, but you can store variables in the session this way: Code: $session_data["var1"] = $var1; User Authentication - Placement of code? - El Forum - 01-21-2008 [eluser]RyanH[/eluser] According to the user guide, you can use an array, such as this: Code: $userdata = array('key' =>$this->validation->email, 'key2' => $this->validation->something); User Authentication - Placement of code? - El Forum - 01-21-2008 [eluser]Pascal Kriete[/eluser] The method mentioned above is the same as the array method you outline, only split up into multiple lines. That said, unless you have used set_fields, $this->validation->whatever won't exist. Since the post data is overwritten when the validation runs you could try: Code: $this->session->set_userdata('email', $this->input->post('email')); User Authentication - Placement of code? - El Forum - 01-21-2008 [eluser]ekeretex[/eluser] Hi Ryan, Why not do the redirection in the controller? Either at the beginning of the class method or in the constructor if you need it to apply to all the methods/pages in that class. Technically, authentication is not a view function. User Authentication - Placement of code? - El Forum - 01-21-2008 [eluser]RyanH[/eluser] [quote author="inparo" date="1200970502"]The method mentioned above is the same as the array method you outline, only split up into multiple lines. That said, unless you have used set_fields, $this->validation->whatever won't exist. Since the post data is overwritten when the validation runs you could try: Code: $this->session->set_userdata('email', $this->input->post('email')); [quote author="ekeretex" date="1200970502"]Hi Ryan, Why not do the redirection in the controller? Either at the beginning of the class method or in the constructor if you need it to apply to all the methods/pages in that class. Technically, authentication is not a view function.[/quote]Could you elaborate a bit more on this, please? I'm certainly open to improving my code but still learning CI. As such, I'm not sure how you would put the code in the controller as opposed to the view file? User Authentication - Placement of code? - El Forum - 01-21-2008 [eluser]ekeretex[/eluser] Using a profile page as an example: In the controller: Code: class Account extends Controller { Code: <p>Welcome <?php echo $session_id; ?></p> The difference here is that the view file is not making decisions just displaying data passed to it from the controller. To apply to all the functions in a class, put in the constructor e.g. Code: class Account extends Controller { Of course 'login' will have to be in a different class to avoid an infinite loop. User Authentication - Placement of code? - El Forum - 01-21-2008 [eluser]RyanH[/eluser] I tried your method, but a bit modified and I got this error: Error Wrote:Fatal error: Can't use method return value in write context in /home/.sera/thirdnet/thirdwatchnet.com/erbooks/system/application/controllers/home.php on line 12This is the code that I have: Code: class Home extends Controller{ |