• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Why can't I do this in CI?

#1
[eluser]Yunohoo[/eluser]
I thought it was an issue with my logic, but after more expirementing I'm starting to think the reason my script isn't working has to do with CI.

I'm making an admin panel for my site. It uses it's own custom session class as well. So far I just have the session library and the controller. The controller handles the login, the session class handles the validation of that session. While it's valid, it'll keep the users data meaning s/he is logged in. Once all that becomes unset, the session is considered void.

The admin session class has a variable called $_session_id, which is meant to be set from the admin controller, this is what is not happening for some reason.

Here is my admin controller:
http://pastebin.com/MkGf2hNP

Function set_session is what is not properly setting the session id.

Here is the session class:
http://pastebin.com/hiDhmv4D

I've created my own code not using CI following the same logic which works perfectly.
This is what I came up with:
Code:
<?php
class sessions
{
    protected $session_id;
    
    public function __construct()
    {
        echo $this->session_id;
    }
    public function set_session($sid)
    {
        $this->session_id = $sid;
    }
}

class admin
{
    public function index()
    {
        $this->sessions = new sessions;
        $this->login();
        
        // before - sessions Object ( [session_id:protected] =>  )
        print_r($this->sessions);
        // after  - sessions Object ( [session_id:protected] => 123456 )
    }
    public function login()
    {
        if(isset($_POST['process']))
        {
            $this->sessions->set_session('123456');
        }
        echo <<&lt;HTML
        &lt;form method="post">
        &lt;input type="text" /&gt;
        &lt;input type="submit" name="process" /&gt;
        &lt;/form&gt;
HTML;
    }
}

$admin = new admin;
$admin->index();

So this follows the same logic I'm using in my CI script which works, while the code in CI doesn't.

Any reason why? Am I not understanding something somewhere?

Any help will be greatly appreciated, thanks.

#2
[eluser]Aken[/eluser]
It looks like you're trying to set the property of a class, and have that property still exist after a redirect. A class doesn't keep properties when they are instantiated. They must be defined, either through hardcoding or through a method such as the constructor.

Have you tried checking if the session ID has been set property BEFORE performing the redirect? Because I'm guessing it was.

Unless I'm missing some other point you're trying to make.

#3
[eluser]Yunohoo[/eluser]
Okay it does set prior to the disfunctional redirect. I had commented it out to see if that was the issue. The variable should pass over on a form submission, why isn't it?

#4
[eluser]skunkbad[/eluser]
I'm astonished that this code would work outside of CI. Perhaps your definition of "work" may be different than mine.

1) Why would you feel the need to create your own session class when CI has one? It is very flexible and can be used with cookies or a database table. Even using PHP's $_SESSION would be better than creating your own.

2) Why not use one of multiple authentication libraries that are available? Community Auth, Ion Auth, Freak Auth, DX Auth, AG Auth, etc, etc. If you intend to put your application on a production server and have real users that expect their data to be secure, you need to abandon your code. Any kindergarten hacker would hack your site in 2 seconds.

#5
[eluser]InsiteFX[/eluser]
Like skunkbad mentioned, but if you must use yours then the only way you will get persistent out of it is to save it to a cookie and then read it back in when needed.


#6
[eluser]Aken[/eluser]
I did notice that the redirect is commented out, but you also have comments describing the problem right above it, so I'm addressing that.

My guess is the set_session() method is working just fine. Try making the property public, and then var_dump it in your controller after setting it.

The problem is, all your set_session() method is doing is assigning a value to a property. Once you make another page request, via refresh or redirect, that property is gone, because your class has been newly instantiated. Upon that new instantiation, the __construct() function is then using the _session_id property, which is NULL, because nothing has changed it yet in that request.

#7
[eluser]CroNiX[/eluser]
Aken's correct. You have no storage mechanism for your sessions, which aren't really sessions at all - by definition. What you've created is a way more limited and mini version of CI's Config class, which also doesn't hold values between pages. Only for the current request and then it gets deleted from memory as all of the rest of the variables are destroyed.

I'm not sure why you would really want to use CI, if you're not really going to use CI. CI has sessions with multiple options for storage, and many other useful classes. That's the point of a framework. Most of the basics for what you need to create a website or application is already in the framework so you don't have to reinvent the wheel, and save a lot of time in the process.

#8
[eluser]Yunohoo[/eluser]
The code is nowhere near complete so please don't assume anything. I've encountered this error so why would I go ahead and build tons of extra code when I can't get past step one?

I'm simply needing a separate session library to handle "admin sessions" without any interference with regular user sessions handled by CI's session class. This is basically a small session registry for administrators logging into their private dashboard.

I just need help understanding why the session id is not passed onto the session class after the form submission which is clearly should be as shown in the non-CI code.

#9
[eluser]tpetrone[/eluser]
Would there be an argument for not extending CI_Session, modifying the config for an additional session_two array and point the $config['session_two'] at a "ci_session_admin" table?

Would that not be possible.?

I think there should be a "CI_ZEN" way of doing this without going crazy with custom classes..

Thoughts all?


#10
[eluser]Yunohoo[/eluser]
I really wanted to separate admin sessions from user sessions but I'll combine them for now.

I'm still including a login page that checks users credentials just in case a base session is hijacked. This will at least add a second tier of security.

Thanks to everybody who actually tried to help.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.