Welcome Guest, Not a member yet? Register   Sign In
Passing Global Data MY_Controller Safe?
#1

(This post was last modified: 11-09-2015, 10:55 PM by wolfgang1983.)

I am using codeigniter MY_Controller to pass some global data so do not have to load it in every page.

The question I have: Is it safe to do so because I have never really done it before through MY_Controller passing data.

I have all ways load data each time in to different controllers.


PHP Code:
<?php

class MY_Controller extends CI_Controller {

    public 
$data = array();

        public function 
__construct() {
          parent::__construct();
          $this->global_data();
          $this->session_check();
          $this->permission_check();
        }

    public function 
global_data() {
        if (
$this->session->userdata('user_id') == TRUE) {

            
$this->data['home'] = site_url('common/dashboard');

            
$this->data['is_logged'] = $this->session->userdata('is_logged');
            
$this->data['username'] = $this->user->get_username();
            
$this->data['user_profile'] = site_url('user/edit/' $this->user->get_user_id());

            
$this->load->library('profile');

            
$user_profile $this->profile->user_info();

            if (
$user_profile) {

                
$this->data['firstname'] = $user_profile['firstname'];
                
$this->data['lastname'] = $user_profile['lastname'];
                
$this->data['username'] = $user_profile['username'];
                
$this->data['user_permission'] = $user_profile['user_permission'];

                
$this->data['image'] = '';

            } else {
                
                
$this->data['username'] = '';
                
$this->data['image'] = '';
            }

        }
    }

There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!
Reply
#2

the problem with your approach is, what are you doing with your data if you need them in one of your models ?
do you pass them through one of your controllers ?
Reply
#3

The question of safety really depends on whether you have controllers which should not have access to the data but which extend this controller.

Additionally, you should make the method(s) protected instead of public, since CodeIgniter will make public methods routable if they don't start with an underscore. It may not matter in this particular instance, with the method simply setting a property in the controller, but if someone later changed it to return the data, it could potentially expose data to the outside world. A protected method will still be available to controllers which extend this controller, it just won't be available to other code (or via the URL).
Reply
#4

I have added protected now is this correct?

PHP Code:
<?php

class MY_Controller extends CI_Controller {

    protected 
$data = array();

    public function 
__construct() {
        
parent::__construct();
        
$this->_global_data();
        
$this->_session_check();
        
$this->_permission_check();
    }

    protected function 
_session_check() {
        if (
$this->uri->segment(1) == TRUE) {

            
$uri_string $this->uri->segment(1) . '/' $this->uri->segment(2);

            
$ignore = array(
                
'common/login',
                
'common/logout',
                
'common/forgotten',
                
'common/reset',
                
'error/not_found',
                
'error/permission'
            
);

            if (
in_array($uri_string$ignore)) {
            
                return 
TRUE;    
            
            } else {
                
                if (
$this->session->userdata('is_logged') == FALSE) {
                    
redirect('common/logout');
                }
            }
        }
    }    

    protected function 
_permission_check() {
        if (
$this->uri->segment(1)) {

            
$uri_string $this->uri->segment(1) . '/' $this->uri->segment(2);

            
$ignore = array(
                
'common/dashboard',
                
'common/login',
                
'common/logout',
                
'common/forgotten',
                
'common/reset',
                
'error/not_found',
                
'error/permission'
            
);

            if (
in_array($uri_string$ignore)) {
            
                return 
TRUE;
            
            } else {

                if (
$this->user->hasPermission('access'$uri_string) == FALSE) {
                    
redirect('error/permission');
                } else {
                    return 
TRUE;
                }
            }            
        }
    }

    protected function 
_global_data() {
        
        
// Common Data
        
        
$this->data['home'] = site_url('/');
        
        
$this->data['is_logged'] = '';

        
// Menu Data

        
if ($this->session->userdata('is_logged') == TRUE) {

            
$this->data['home'] = site_url('common/dashboard');

            
$this->data['is_logged'] = $this->session->userdata('is_logged');
            
$this->data['username'] = $this->user->get_username();
            
$this->data['user_profile'] = site_url('user/edit/' $this->user->get_user_id());

            
$this->load->library('profile');

            
$user_profile $this->profile->user_info();

            if (
$user_profile) {

                
$this->data['firstname'] = $user_profile['firstname'];
                
$this->data['lastname'] = $user_profile['lastname'];
                
$this->data['username'] = $user_profile['username'];
                
$this->data['user_permission'] = $user_profile['user_permission'];

                
$this->data['image'] = '';

            } else {
                
                
$this->data['username'] = '';
                
$this->data['image'] = '';
            }

        }

        
        
$this->data['text_dashboard'] = 'Dashboard';

        
$thid->data['dashboard'] = site_url('common/home');
    }

There's only one rule - please don't tell anyone to go and read the manual.  Sometimes the manual just SUCKS!
Reply
#5

You don't need the underscore at the beginning of the method name if it's protected, unless that's part of your project's coding style guidelines.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB