Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help What's more secure than? when showing user id data
What's more secure than? when showing user id data
  • Offline kirasiris
    Junior Web Developer
  • ***
  • Posts: 62
    Threads: 26
    Joined: Dec 2016
    Reputation: 0
#1
06-22-2018, 07:10 AM

So here I am playing again with CodeIgniter and I tried modifying my User controller and some private pages and I just realized that when accessing to pages like "cart.php" I can do this in order to show their cart( of current the logged in user).

Controller
PHP Code:
public function cart($id)
    {
        
        // Check Login
        if($this->session->userdata('user_id') != $id) {
            // otherwise redirect to...
            redirect('store/index');
            
        }

        // Load Library
        $this->load->library('cart');
    
        $data['title'] = 'My Cart';
        
        $data['cart'] = $this->Store_model->get_cart($id);
                    
        
        // Load Template
        $this->template->load('public' 'default''store/cart'$data);
                
    } 

Model:
PHP Code:
    public function get_cart($id){
        
        $this->db->where('user_id'$id);
        
        $query $this->db->get('ci_cart');

        if($query->num_rows() > 0){
            return $query->result();
        } else {
            return false;
        }    
                
    

and the one I just realized which I think looks nicer to avoid having urls like(notice that I don't pass vars):
Code:
"example.com/cart/1/kirasiris"

new Controller function:
PHP Code:
public function cart()
    {
        
        // Check Login
        if($this->session->userdata('user_id') != $this->session->userdata('user_id')) {
            // otherwise redirect to...
            redirect('store/index');
            
        }

        // Load Library
        $this->load->library('cart');
    
        $data['title'] = 'My Cart';
        
        $data['cart'] = $this->Store_model->get_cart();
                    
        
        // Load Template
        $this->template->load('public' 'default''store/cart'$data);
                
    } 

new Model function:
PHP Code:
    public function get_cart(){
        
        $this->db->where('user_id'$this->session->userdata('user_id'));
        
        $query $this->db->get('ci_cart');

        if($query->num_rows() > 0){
            return $query->result();
        } else {
            return false;
        }    
                
    

which just create a simple url like:

Code:
"example.com/cart/1/kirasiris"

So yes, I'm just wondering what is the best approach. If somebody can tell me I will be very grateful
I do Front-End development most of the time 
Reply
  • Offline Pertti
    Senior Member
  • ****
  • Posts: 365
    Threads: 5
    Joined: May 2015
    Reputation: 32
#2
06-22-2018, 07:28 AM
(This post was last modified: 06-22-2018, 07:32 AM by Pertti.)

Is the Cart controller for open shopping basket?

Assuming one client will ever only have one basket open at any time, you could just use user_id from session, and fetch any (well, one) open carts where user_id = session user_id, and there's no need to send cart IDs back and forth via URL.

Alternatively, if carts do have IDs, you can also use session user_id with query without putting it on URL:
SELECT * FROM cart WHERE id = ID from URL AND user_id = user_id from session.

Having user_id on URL and then in session I don't think adds much to security, it's kind of checking one thing to itself?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB