Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion url encode
url encode
  • El Forum
    Guest
  •  
#1
03-07-2011, 09:14 AM

[eluser]Leonel Folmer[/eluser]
Hi all, I need a help to encode a url, how can I do this with CI? I'm trying to prevent a user from changing the profile of another, currently the url shows the user id at the end of a url like this: http://www.mydomain.com/area/change/1

Code:
<?php echo anchor("area/change/".$user_id, 'Edit profile'); ?>

Any help is welcome, thanks!
  • El Forum
    Guest
  •  
#2
03-08-2011, 12:41 AM

[eluser]vikascoollives[/eluser]
There is no need to encode the url , what you are supposed to do is :

Check the session id or session username (or any unique parameter) you have insert in the session in every function in controller.

So that one user can not access the other account anyhow .
  • El Forum
    Guest
  •  
#3
03-08-2011, 05:13 AM

[eluser]InsiteFX[/eluser]
PHP.net urlencode urlrawencode.

InsiteFX
  • El Forum
    Guest
  •  
#4
03-08-2011, 10:37 AM

[eluser]Leonel Folmer[/eluser]
[quote author="vikascoollives" date="1299588106"]There is no need to encode the url , what you are supposed to do is :

Check the session id or session username (or any unique parameter) you have insert in the session in every function in controller.

So that one user can not access the other account anyhow .[/quote]


Thanks for your time, here is my controller:

Code:
function index()
    {
        if (!$this->authentication->is_logged_in()) {
            redirect('/authenticate/login/');
        } else {
            $data['user_id']     = $this->authentication->get_user_id();
            $data['user_name']   = $this->authentication->get_username();
            
            $this->load->model('area_model');
            $data['users'] = $this->area_model->view();        
            
            $dados['title'] = 'Login area';
            
            $this->db->where('status', 'Active');
            $query = $this->db->get('categories');
            $dados['categories'] = $query->result();
        
            $this->db->where('status', 'Active');
            $query = $this->db->get('users');
            $dados['users'] = $query->result();
        
            $this->load->view('elements/html_header',$dados);
            $this->load->view('area', $data);
            $this->load->view('elements/html_footer');            
        }
    }
    
        // here is the function to change/edit the user profile
    function change($id){
        $data['title'] = "Edit profile";
        $this->load->model('area_model');
        $data['dados_area'] = $this->area_model->change($id);        
        
        $this->db->where('status', 'Active');
        $query = $this->db->get('categories');
        $dados['categories'] = $query->result();
        
        $this->load->view('elements/html_header',$dados);
        $this->load->view('edit_profile',$data);
        $this->load->view('elements/html_footer');                
    }
  • El Forum
    Guest
  •  
#5
03-08-2011, 12:14 PM

[eluser]danmontgomery[/eluser]
You can check the ID they are trying to change against the ID of the user:

Code:
function change($id) {
    if($id != $this->authentication->get_user_id()) {
        // Show some error
    }
}
  • El Forum
    Guest
  •  
#6
03-08-2011, 05:14 PM

[eluser]Leonel Folmer[/eluser]
[quote author="noctrum" date="1299629649"]You can check the ID they are trying to change against the ID of the user:

Code:
function change($id) {
    if($id != $this->authentication->get_user_id()) {
        // Show some error
    }
}
[/quote]
Exactly, simple and easy solution. thank you!




Theme © iAndrew 2016 - Forum software by © MyBB