+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Passing Global Data MY_Controller Safe? (/showthread.php?tid=63527)
Passing Global Data MY_Controller Safe? - wolfgang1983 - 11-09-2015
I am using codeigniter MY_Controller to pass some global data so do not have to load it in every page.
The question I have: Is it safe to do so because I have never really done it before through MY_Controller passing data.
I have all ways load data each time in to different controllers.
PHP Code:
<?php
class MY_Controller extends CI_Controller {
public $data = array();
public function __construct() {
parent::__construct();
$this->global_data();
$this->session_check();
$this->permission_check();
}
public function global_data() {
if ($this->session->userdata('user_id') == TRUE) {
$this->data['home'] = site_url('common/dashboard');
$this->data['is_logged'] = $this->session->userdata('is_logged');
$this->data['username'] = $this->user->get_username();
$this->data['user_profile'] = site_url('user/edit/' . $this->user->get_user_id());
$this->load->library('profile');
$user_profile = $this->profile->user_info();
if ($user_profile) {
$this->data['firstname'] = $user_profile['firstname'];
$this->data['lastname'] = $user_profile['lastname'];
$this->data['username'] = $user_profile['username'];
$this->data['user_permission'] = $user_profile['user_permission'];
$this->data['image'] = '';
} else {
$this->data['username'] = '';
$this->data['image'] = '';
}
}
}
}
RE: Passing Global Data MY_Controller Safe? - sintakonte - 11-10-2015
the problem with your approach is, what are you doing with your data if you need them in one of your models ?
do you pass them through one of your controllers ?
RE: Passing Global Data MY_Controller Safe? - mwhitney - 11-10-2015
The question of safety really depends on whether you have controllers which should not have access to the data but which extend this controller.
Additionally, you should make the method(s) protected instead of public, since CodeIgniter will make public methods routable if they don't start with an underscore. It may not matter in this particular instance, with the method simply setting a property in the controller, but if someone later changed it to return the data, it could potentially expose data to the outside world. A protected method will still be available to controllers which extend this controller, it just won't be available to other code (or via the URL).
RE: Passing Global Data MY_Controller Safe? - wolfgang1983 - 11-10-2015
I have added protected now is this correct?
PHP Code:
<?php
class MY_Controller extends CI_Controller {
protected $data = array();
public function __construct() {
parent::__construct();
$this->_global_data();
$this->_session_check();
$this->_permission_check();
}
protected function _session_check() {
if ($this->uri->segment(1) == TRUE) {
$uri_string = $this->uri->segment(1) . '/' . $this->uri->segment(2);
$ignore = array(
'common/login',
'common/logout',
'common/forgotten',
'common/reset',
'error/not_found',
'error/permission'
);
if (in_array($uri_string, $ignore)) {
return TRUE;
} else {
if ($this->session->userdata('is_logged') == FALSE) {
redirect('common/logout');
}
}
}
}
protected function _permission_check() {
if ($this->uri->segment(1)) {
$uri_string = $this->uri->segment(1) . '/' . $this->uri->segment(2);
$ignore = array(
'common/dashboard',
'common/login',
'common/logout',
'common/forgotten',
'common/reset',
'error/not_found',
'error/permission'
);
if (in_array($uri_string, $ignore)) {
return TRUE;
} else {
if ($this->user->hasPermission('access', $uri_string) == FALSE) {
redirect('error/permission');
} else {
return TRUE;
}
}
}
}
protected function _global_data() {
// Common Data
$this->data['home'] = site_url('/');
$this->data['is_logged'] = '';
// Menu Data
if ($this->session->userdata('is_logged') == TRUE) {
$this->data['home'] = site_url('common/dashboard');
$this->data['is_logged'] = $this->session->userdata('is_logged');
$this->data['username'] = $this->user->get_username();
$this->data['user_profile'] = site_url('user/edit/' . $this->user->get_user_id());
$this->load->library('profile');
$user_profile = $this->profile->user_info();
if ($user_profile) {
$this->data['firstname'] = $user_profile['firstname'];
$this->data['lastname'] = $user_profile['lastname'];
$this->data['username'] = $user_profile['username'];
$this->data['user_permission'] = $user_profile['user_permission'];
$this->data['image'] = '';
} else {
$this->data['username'] = '';
$this->data['image'] = '';
}
}
$this->data['text_dashboard'] = 'Dashboard';
$thid->data['dashboard'] = site_url('common/home');
}
}
RE: Passing Global Data MY_Controller Safe? - mwhitney - 11-12-2015
You don't need the underscore at the beginning of the method name if it's protected, unless that's part of your project's coding style guidelines.