how do i protect mi page ????????????? :(

[eluser]Unknown[/eluser]
when a make the login i do like this first i go for the page login where i put the user-name and password then i call the function

Code:

<?




class Funcoes extends Controller{

function Funcoes()
{
parent::Controller();
$this->load->helper('url');
$this->load->helper('form');
$this->load->library('validation');
$this->load->library('session');



}

function index()
{
$data['title']="login";
$data['heading']="login";
$this->load->view('login', $data);

}

function utilizador()
{
if($_POST['user'] && $_POST['pass'])
{
$this->load->database();
$query = $this->db->query("SELECT * FROM `utilizador` WHERE `user`= '".$_POST['user']."' and pass = '".SHA1($_POST['pass'])."' and admin=1");

if($query->num_rows() > 0){


foreach ($query->result() as $row)
{
$username = $row->user;
$id = $row->id_utilizador ;

}

$sid = array('id' => $id);
$this->session->set_userdata($sid);
$data['title']="entrou";
$data['heading']="entrou";
$sql = "SELECT * FROM `utilizador` ORDER BY `utilizador`.`user` ASC ";
$data['query']=$this->db->query($sql);
$this->load->view('secao', $data);

}

else {

$data['title']="login";
$data['heading']="login";
$this->load->view('login', $data);
echo"pass e user errad";
}
}
else
{

$data['title']="login";
$data['heading']="login";
$this->load->view('login', $data);
echo"preencha tod os campos";
}

}
// and i enter into mi page
function fecha_sessao()
{
$this->aberto=false;
$id=0;
$sid = array('id' => $id);
$this->session->set_userdata($sid);
$data['title']="login";
$data['heading']="login";
$this->session->sess_destroy();
$this->load->view('login', $data);

}
//and i go to the page where i put mi user name and password
}
?>

but if i click in the button return i go back to mi page and i can work if i try to insert something int the database it will insert first and then goes back for the login page.
what can i do to stop this from happening?
thanks for hear mi and keep the good work bey for now

[eluser]Phil Sturgeon[/eluser]
Take a look at the hooks section of the user guide.

[eluser]imamiscool[/eluser]
[quote author="ribeiro" date="1183941665"]

$query = $this->db->query("SELECT * FROM `utilizador` WHERE `user`= '".$_POST['user']."' and pass = '".SHA1($_POST['pass'])."' and admin=1");

[/quote]

Did you mean:
$query = $this->db->query("SELECT * FROM `utilizador` WHERE `user`= '".$_POST['user']."' and pass = '".SHA1($_POST['pass'])."' WHERE admin=1");
?

USE: 'WHERE admin=1'
NOT: 'AND admin=1'

[eluser]Rick Jolly[/eluser]
[quote author="imamiscool" date="1183961112"]
Did you mean:
$query = $this->db->query("SELECT * FROM `utilizador` WHERE `user`= '".$_POST['user']."' and pass = '".SHA1($_POST['pass'])."' WHERE admin=1");
?

USE: 'WHERE admin=1'
NOT: 'AND admin=1'[/quote]

Nope, one "WHERE" is definitely enough imamiscool. However, Ribeiro should sql escape the posted data.

Ribeiro, I'm having trouble understanding your question. What does this mean:

if i click in the button return i go back to mi page

Do you mean the back button? Also, I don't see any code that inserts into your database:

if i try to insert something int the database it will insert first and then goes back for the login page.

[eluser]imamiscool[/eluser]
ups sorry forget about first 'WHERE' clause.

did you 'redirect' your page ?