Welcome Guest, Not a member yet? Register   Sign In
Site built now session problem
#21

[eluser]CroNiX[/eluser]
Actually, I think you code IS working, just not the way you are wanting it to.

You must realize that if a session variable is not set, the session will return boolean false when checking for it, like $this->session->userdata('is_admin').
Quote:Note: The function returns FALSE (boolean) if the item you are trying to access does not exist.

so if "is_admin" is not present in the session array, which it won't be for a regular user, it will return boolean false, which is why your non-admin user can log in. It's your logic that is wrong.

Also, you should be using tripple === when checking for a boolean, so that "0" doesn't count as false. You need to explicitly check for the type.

Try:
Code:
if ($this->session->userdata('is_admin') !== TRUE)
which should only work if they are logged in and is_admin is set to boolean TRUE

If they aren't logged in, it will return FALSE (is_admin won't be set)
If they are logged in and is_admin is NOT set (regular user), it will return FALSE
If they are logged in and is_admin is set to FALSE, it will return FALSE (they are logged in but not admin)
if they are logged in and is_admin is set to TRUE, it will return TRUE. (they are logged in and are admin)

So, only allow if is_admin === TRUE, reject if is_admin === FALSE.
#22

[eluser]the_unforgiven[/eluser]
I have had to do it the way i didn't want to put works i want it to:

Code:
function customers()
{
  if($this->session->userdata('is_admin') == true) { // This is obviously set when logged in as admin so if
//then i log out of being an admin and login has a user then nav to admin/customers it doesn't allow this which is what i want.
  $data['title'] = 'Customers';
  $data['main_content'] = 'admin/customers';

  $data['id'] = $this->uri->segment(3);
  $data['base'] = $this->config->item('base_url');

  $total = $this->admin_model->customer_count();
  $per_pg = 5;
  $offset = $this->uri->segment(3);

  $config['base_url'] = $data['base'].'/admin/customers/';
  $config['total_rows'] = $total;
  $config['per_page'] = $per_pg;
  $config['full_tag_open'] = '<ul class="pagination pagination-small">';
  $config['full_tag_close'] = '</ul>';
  $this->pagination->initialize($config);
  $data['pagination'] = $this->pagination->create_links();
  $data['total_rows'] = $config['total_rows'];
  $data['show_from'] = $offset + 1;
  $data['show_to'] = $offset + $per_pg;
  if($data['show_to'] > $total) {
  $data['show_to'] = $total;
  }
  $data['customers'] = $this->admin_model->getCustomer($per_pg,$offset);
   $this->load->view('admin/template', $data);
  }
  else {
   redirect('access/denied','refresh');
  }
}

Not the way I wanted to do it but works as I want.... I did try what you said but still no joy becuase no session is set until someone logs in.
#23

[eluser]CroNiX[/eluser]
Where are you loading the session class? Sessions should be autoloaded, and then they are always available. You just add custom userdata, like is_admin, once they actually log into their account, and remove all custom userdata when they log out, but the basic session data should always exist (session_id, last_activity, etc).
#24

[eluser]the_unforgiven[/eluser]
Yes auto loaded in Autoload.php

And yes I've got a session data array with is_admin set to true upon loggin in!
#25

[eluser]CroNiX[/eluser]
And you tried this in your MY_Controller?
Code:
if ($this->session->userdata('is_admin') !== TRUE)
{
   redirect('access/denied', 'refresh'); // Redirects to restricted page
}
#26

[eluser]the_unforgiven[/eluser]
No that doesn't work either, tried that, but if im logged in as a user then nav to admin to login has an admin in a different browser or tab if just redirects to restricted page. Sad
#27

[eluser]CroNiX[/eluser]
What authentication system are you using? I've never had these problems with any of them.
#28

[eluser]the_unforgiven[/eluser]
my own, just using sessions and database checking!




Theme © iAndrew 2016 - Forum software by © MyBB