my auth is secure? |
i need a simple user login system for my first ci app. i have created some models and ... to login user, in login controller , i save username and user id is session :
Code: $CI->session->set_userdata('username' , $user->get_username()); Code: function user_logout($redirect_uri = NULL){ and when i need to know user is loged in, i check session for username and id, and when i need user's info like email , roles ,... i create new object of user_model and load from database using userid (in session) i set session encrypt and set crypt key in config and saving md5(password) in DB, can you tell me this is right way for simple (but secure) login system?
Hello,
Your way is quiet good ![]() Try to prefer, $this->session->userdata(..) instead of $ci->session->userdata(..). That avoid you to create again an instance of $CI. You can put in your session a data like 'logged' ($this->session->set_userdata('logged') = TRUE for example when is connected and put this at FALSE if is logout). Put the time of end session in the config.php as you like for your application (10, 20 , 60 minutes and convert it in seconds). Use session table in dataabse or files to store session. You can try to document you about cache file or token. Have a good day. (04-07-2015, 12:35 AM)nasser.man Wrote: i need a simple user login system for my first ci app. i have created some models and ... to login user, in login controller , i save username and user id is session : Don't use MD5, use bcrypt via http://php.net/password
(04-07-2015, 03:02 AM)casa Wrote: Try to prefer, $this->session->userdata(..) instead of $ci->session->userdata(..). That avoid you to create again an instance of $CI. thanks casa fo your reply, about this or CI, i put login and logout methods in user_helper so cant use $this, Code: Don't use MD5, use bcrypt via http://php.net/password how i can use encrypt ket (in config file) as salt for this function? ![]()
|
Welcome Guest, Not a member yet? Register Sign In |