[eluser]Unknown[/eluser]
I've just created a really simple access control system for my web app. This is the first time I've ever used CI, so I'd love to hear some feedback on how and where I can improve my code!
Ok, so when a user logs in, a session value is set using the following:
Code:
$this->session->set_userdata('confirmed_user', $this->input->post('username'));
I then have something similar to this to determine whether or not the user should be granted access (I've just dropped everything in the controller instead of loading any views for the purpose of this example):
CONTROLLER:
Code:
class Page extends CI_Controller
{
function index()
{
# If user has not logged in.
if ( ! $this->session->userdata('confirmed_user'))
{
redirect('login');
}
$this->load->model('user_model');
$access = $this->user_model->access_control(2, $this->session->userdata('confirmed_user'));
if ($access == TRUE)
{
echo "you have access";
}
else
{
echo "you do NOT have access";
}
}
}
And then finally, I have the access_control function from my model.
MODEL:
Code:
class User_model extends CI_Model
{
# Check whether or not the current user should be able to access the page.
function access_control($minimum_usergroup, $username)
{
$sql = "SELECT usergroup FROM user WHERE username = ?";
$query = $this->db->query($sql, $username);
$row = $query->row();
$usergroup = $row->usergroup;
if ($usergroup >= $minimum_usergroup)
{
return TRUE;
}
else
{
return FALSE;
}
}
}
Hopefully that all makes sense.
Even though it's only in a really simple state at the moment, it seems to be working really well. Are there any holes or security issues that I may have opened up? What would you do to improve this code?
Thanks.
