Welcome Guest, Not a member yet? Register   Sign In
User Authentication Concepts
#1

[eluser]underskor[/eluser]
Hey lads,

Struggling to find a decent article on this. Wondering what you guys think.

Say you have a parent controller's constructor, which is where the authentication for the child controllers is done. Is the following (very general) process the best, most secure way? Note: I haven't delved very far into sessions so I apologize if anything is incorrect.

Code:
/*Login Page****************************************/
//Start session
session_start();

//Form is submitted, cred's matched to cred's in DB - login successful

//Regenerate session id to help protect against fixation
session_regenerate_id();

//Set auth level from DB
$_SESSION['auth_level'] = 'ADMIN';

/*Parent Controller****************************************/
//Start session
session_start();

//Check if session is set and auth level sufficient
if(isset($_SESSION['auth_level']) && $_SESSION['auth_level'] === 'ADMIN') {

  //Show secure content

} else {

  //Redirect to login page

}

Apologies if any of this fails to make sense. Had this New Thread page open for about 2 hours now, doing reading, trying to figure out the best way to ask what I want.

Thanks
#2

[eluser]Fr3aked0ut[/eluser]
I think you should work with cookies too, SESSIONS isn't the best way to do it.
#3

[eluser]underskor[/eluser]
Can you please elaborate? I'm not going to base my auth system around personal opinion. Smile

Thanks!
#4

[eluser]pistolPete[/eluser]
Use the sessions library provided by CI and have a look at the numerous auth libraries (e.g. at the wiki or in "ignited code").
#5

[eluser]Fr3aked0ut[/eluser]
[quote author="underskor" date="1235487552"]Can you please elaborate? I'm not going to base my auth system around personal opinion. Smile

Thanks![/quote]
I didnt really understand your issue.
Can you re-explain? thanks.




Theme © iAndrew 2016 - Forum software by © MyBB