[eluser]wiredesignz[/eluser]
Session library must be autoloaded.
Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class Login extends Controller {
function Login()
{
parent::Controller();
$this->load->model('security');
}
function index()
{
if ($_POST)
{
$attempt->username = $this->input->post('username', TRUE); //use XSS filter
$attempt->password = md5($this->input->post('password', TRUE)); //hash the password
if ($this->security->try_login($attempt))
{
redirect('home');
}
}
$data = array(
'username' => '',
'password' => '',
'message' => 'Enter your Username & Password to continue'
);
$this->load->view('login', $data);
}
}
?>
Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class Security extends Model {
function Security()
{
parent::Model();
}
function current_user()
{
$user = $this->session->userdata('user');
//check if current user detail is not changed/deleted
if ($this->try_login($user))
{
return $this->session->userdata('user');
}
}
function try_login($attempt)
{
if ($attempt->password)
{
//prevent SQL injection in username
$attempt->username = $this->db->escape($attempt->username);
//find username
$query = $this->db->query("SELECT * FROM `users` WHERE `username` = {$attempt->username}");
$user = $query->row();
//check password & create user object in session if ok
if ($user->password == $attempt->password)
{
$user->category = strToLower($user->category); //user role
$this->session->set_userdata('user', $user);
return TRUE;
}
}
//otherwise bail
$this->session->sess_destroy();
redirect('login');
}
}
?>
Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class Home extends Controller {
function Home()
{
parent::Controller();
$this->load->model('security');
}
function index()
{
$user = $this->security->current_user();
Any thoughts?
