trying to check if a user is administrator

[eluser]distortednet[/eluser]
Been using code igniter for about a week now and im stumped on somthing simple. without using extra plugins i want to check if a user is administrator through mysql.

each user has a is_admin field, like id, except 0 = not admin, 1 = admin.

i cant seem to figure out how to check if a user is admin or not. my goal is for codeigniter to go if the user is admin, then load admin view, if a user is a regular user, then load user view. my code for the main controller is blow.

Code:

<?php
class Main extends Controller {
    function main() {
        parent::Controller();
        $this->load->database();
        $this->load->helper('form');
        $this->load->helper('url');
        $this->load->library('form_validation');
        $this->load->view('header');
        //$this->load->scaffolding('users');
    }
    function index() {
        $this->db->order_by("id", "desc");
        $data['query'] = $this->db->get('blog');
        $this->load->view('home', $data);
        $this->load->view('footer');
    }
    function about() {
        $this->load->view('about');
        $this->load->view('footer');
    }
    function resume() {
        $this->load->view('resume');
        $this->load->view('footer');
    }
        function services() {
        $this->load->view('services');
        $this->load->view('footer');
    }
    function login() {
        $this->form_validation->set_rules('username', 'Username', 'required|xss_clean|callback__username_check');
        $this->form_validation->set_rules('password', 'Password', 'required|xss_clean|callback__password_check');
            if ($this->form_validation->run() == FALSE) {
                $this->load->view('logincenter');
            }
            else {
                $data['query'] = $this->db->get('users');
                $this->load->view('admin', $data);
            }
            $this->load->view('footer');
            
    }
    function _username_check($str) {
        $this->db->where('name', $str);
        $num = $this->db->count_all_results('users');
            if ($num > 0) { return TRUE; }
            else { return FALSE; }
    }
    function _password_check($str) {
        $this->db->where('password', $str);
        $num = $this->db->count_all_results('users');
            if ($num > 0) { return TRUE; }
            else { return FALSE; }
    }
}
?>

[eluser]Devon Lambert[/eluser]
I would make another method:

Code:

function _is_admin ($username) {
    $this->db->where('name', $username);
    $this->db->where('is_admin', 1);
    
    return TRUE;
}

Then in your login method:

Code:

function login() {
        $this->form_validation->set_rules('username', 'Username', 'required|xss_clean|callback__username_check');
        $this->form_validation->set_rules('password', 'Password', 'required|xss_clean|callback__password_check');
            if ($this->form_validation->run() == FALSE) {
                $this->load->view('logincenter');
            }
            else {
                $data['query'] = $this->db->get('users');

               // Add the if/else statement below using the new private is_admin method
        if $this->_is_admin($data['query']->name) {
            $this->load->view('admin', $data);
        } else {
            $this->load->view('user', $data);
        }
            }
            $this->load->view('footer');
            
    }

[eluser]WebsiteDuck[/eluser]
Note that your user validation is incorrect!!

You will check if the user exists, then you will check if any user has the password that was entered.

Also, look into using models.

[eluser]Devon Lambert[/eluser]
Agree with WebsiteDuck,

You should change your login method to check if a user exists that also has the password that was entered.

Ditto on the "make use of models" comment.

This is a very basic look into a login method.

[eluser]distortednet[/eluser]
the username/password system works fine, ive already checked that out. Grad, your example didn't work.
i have ended up with the following code

Code:

<?php
class Main extends Controller {
    function main() {
        parent::Controller();
        $this->load->database();
        $this->load->helper('form');
        $this->load->helper('url');
        $this->load->library('form_validation');
        $this->load->view('header');
        //$this->load->scaffolding('users');
    }
    function index() {
        $this->db->order_by("id", "desc");
        $data['query'] = $this->db->get('blog');
        $this->load->view('home', $data);
        $this->load->view('footer');
    }
    function about() {
        $this->load->view('about');
        $this->load->view('footer');
    }
    function resume() {
        $this->load->view('resume');
        $this->load->view('footer');
    }
        function services() {
        $this->load->view('services');
        $this->load->view('footer');
    }
    function login() {
        $this->form_validation->set_rules('username', 'Username', 'required|xss_clean|callback__username_check');
        $this->form_validation->set_rules('password', 'Password', 'required|xss_clean|callback__password_check');
            if ($this->form_validation->run() == FALSE) {
                $this->load->view('logincenter');
            }
            else {
                $data['query'] = $this->db->get('users');
                    if ($this->_is_admin($data['query']->name)) {
                        $this->load->view('admin', $data);
                    }
                    else {
                        echo "err";
                    }
            }
            $this->load->view('footer');
    }
    function _is_admin($adminstr) {
           $this->db->where('name', $adminstr);
           $this->db->where('is_admin', 1);
        $query = $this->db->get('users');
        if ($query->num_rows() > 0) return TRUE;
           return FALSE;
    }
    function _username_check($str) {
        $this->db->where('name', $str);
        $num = $this->db->count_all_results('users');
            if ($num > 0) { return TRUE; }
            else { return FALSE; }
    }
    function _password_check($str) {
        $this->db->where('password', $str);
        $num = $this->db->count_all_results('users');
            if ($num > 0) { return TRUE; }
            else { return FALSE; }
    }
}
?>

this fails with Parse error: syntax error, unexpected T_VARIABLE in C:\xampplite\htdocs\application\controllers\main.php on line 48

[eluser]Devon Lambert[/eluser]
Scratch that,

Try this for your is_admin method:

Code:

function _is_admin($adminstr = NULL) {
        if (isset($adminstr)) {
               $this->db->where('name', $adminstr);
               $this->db->where('is_admin', 1);
            $query = $this->db->get('users');
            if ($query->num_rows() > 0) return TRUE;
               return FALSE;
        }
    }

[eluser]distortednet[/eluser]
A PHP Error was encountered

Severity: Notice

Message: Undefined property: CI_DB_mysql_result::$name

Filename: controllers/main.php

Line Number: 38

-------

thats my if statement that has the line if ($this->_is_admin($data['query']->name)) {

[eluser]WebsiteDuck[/eluser]
This probably doesn't work:

Code:

$data['query'] = $this->db->get('users');
if ($this->_is_admin($data['query']->name)) {

Try:

Code:

if ( $this->_is_admin( $this->input->post('username') ) ) {

Your user check is still flawed though...
Lets say you have two users like this:
User1 Pass1
User2 Pass2

Someone could log in with User1 Pass2

[eluser]distortednet[/eluser]
ahh that works like a charm. Grad, i see what you mean with the password check thing. thats honestly a part i completely forgot about, i had left it out to debug some stuff and forgot to add it back in haha

[eluser]distortednet[/eluser]
hmm that was a differnt auth system i had the user/pass stuff added to that wasnt CI...how would i go about doing this in CI?