• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Needed: Summary of Security and Sessions versus standard PHP

#5
[eluser]Rick Jolly[/eluser]
Php native sessions based on Lick's example.

LoginPage:
Code:
class MyLoginPage extends Controller
{
   function MyLoginPage()
   {
      parent::Controller();
      session_start();
   }

   function index()
   {
      if ( /* login form submitted */ )
      {
          if ( /* valid user login */ )
          {
              $_SESSION['logged_in'] = true;

              // redirect to secure page..
          }
          else
          {
             // set login error message
          }
       }
      
       // load the login view
   }
}

SecretPages:
Code:
class MySecretPage extends Controller
{
   function MySecretPage()
   {
      parent::Controller();
      session_start();

      if (empty($_SESSION['logged_in']))
      {
          // redirect to login page
      }
   }
  
   ...
}

You could make "MySecretPage" a parent to all secure controllers. That way for every secure controller, you'd just extend "MySecretPage" and no additional authentication checks would be necessary:
Code:
include(APPPATH . '/controllers/my_secret_page.php');

/* This controller is secure because the authentication
   check is done in MySecretPage's constructor */
class ChildSecretPage extends MySecretPage
{
   function ChildSecretPage ()
   {
      parent::MySecretPage();
   }
  
   ...
}


Messages In This Thread
Needed: Summary of Security and Sessions versus standard PHP - by El Forum - 07-05-2007, 11:06 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.