E-Book: Creating a Blogging Tool with CI and best practice

[eluser]Fierymind[/eluser]
Hi,

I just read this book:
http://www.wrox.com/WileyCDA/WroxTitle/C...13387.html

Book explains in brief how to make a basic blog script with admin area, nice small pdf.

I noticed 2 things and I need your comments:

1. Author used the native PHP sessions, not CI session class because (in author words):
"you’re initializing PHP Sessions with session_start(). You’ll see why you’re using PHP Sessions as you continue working with the application. CodeIgniter comes with its own Sessions, but those are cookie-based and therefore accessible to the client. They can be encrypted, of course, but this fact doesn’t mean that you should completely trust them"

Is that true?

2. the Author used a lot of programming on Views, check this code in a view file:

Code:

<?php
if (count($cats)){
foreach ($cats as $id => $name){
echo anchor(“blog/category/$id”,$name).”<br/>”;
}
} ?&gt;

Is that OK with MVC pattern?


3. To verify login status of admin, the Author used this simple method:
a - after verification

Code:

$_SESSION[‘userid’] = $row[‘id’];

b - in every controller of admin area, he used this code to verify the login status:

Code:

session_start();
if ($_SESSION[‘userid’] < 1){
redirect(‘blog/login’,’refresh’);
}

Is that all? is that secure enough to verify user login status?

[eluser]Developer13[/eluser]
1 - You can opt to store the session data in a database if you prefer.

2 - I'm not a hardcore follower of strict MVC, but my personal belief is that you can't avoid having simple loops and *possibly* some conditionals and whatnot in your views.

3 - Yes, that logic works.