[eluser]cdonate[/eluser]
Hi guys.
I am coding a web site for a personal project and I need a master user that can access one function/model/view in particular.
He will be the first row in my database with an ID = 1, ID as primary key and auto increment.
Is the code below a good practice? Should I do something more or something different?
Code:
<?php
class Login extends CI_Controller{
function __construct()
{
// Call the Model constructor
parent::__construct();
session_start();
}
function index(){
$this->load->view('login_view');
}
/**********************************************************************************************************************************************/
/*Função que valida as credenciais e checa se o mesmo é administrador*/
function validate_credentials(){
$this->load->library('form_validation');
$this->form_validation->set_rules('username','Login','required');
$this->form_validation->set_rules('password','Senha','required|min_length[4]');
if($this->form_validation->run() != FALSE){
$this->load->model('membership_model'); //Model que controla o acesso ao BD para validas as credenciais
$query = $this->membership_model->validate($this->input->post('username'),$this->input->post('password'));//Função de Validação
if($query){ //Se as credenciais forem validadas
/*Cria um array com o nome de usuario e que a seção foi iniciada*/
$data = array(
'username' => $this->input->post('username'),
'ID' => $query->id,
'is_logged_in' => true);
/*Inicia a seção com o nome de usuario*/
$this->session->set_userdata($data);
if($this->session->userdata('ID') == 1 ){
redirect('admin_view');
}
if($query->is_active == 0){
redirect('activationNeeded_view');
}
if($query->is_finished == 1){
redirect('cadastroFeito_view');
}
$this->load->view('escolha2');
}
}else{$this->load->view('login_view');}
}
I check if the data in the login form exist, if so, I put the ID in the session. I do one if statement to see if the ID is equal to "1", if that is the case, just redirect to the administrator function that loads the admin_model and admin_view.
Inside my administrator function I placed this:
Code:
if($this->session->userdata('ID') != 1 ){redirect('login');}
Is that enough? Can anyone change the ID field in the cookie? If so, how should I approach this problem?
My administrator function is set like this:
Code:
function _administrator($sort_by = 'id', $sort_order = 'asc', $offset = 0){
Thanks for any held!