CI nob - session login system

[eluser]Mr. Gibon[/eluser]
Hi!
I'm trying to reach the application with login system witch has few login levels (like user, moderator, admin)

This my app:

Code:

<?php

class Login extends Controller {
    
    function index()
    {
        $data['main_content'] = 'login_form';
        $this->load->view('includes/template', $data);        
    }
    
    function validate_credentials()
    {        
        $this->load->model('membership_model');
        $query = $this->membership_model->validate();
        
        if($query) // if the user's credentials validated...
        {
            $data = array(
                'username' => $this->input->post('username'),
                'is_logged_in' => true
            );
            $this->session->set_userdata($data);
            
                redirect('site/members_area');
        }
        else // incorrect username or password
        {
            $this->index();
        }
    }    
    
    function signup()
    {
        $data['main_content'] = 'signup_form';
        $this->load->view('includes/template', $data);
    }
    
    function create_member()
    {
        $this->load->library('form_validation');
        
        // field name, error message, validation rules
        $this->form_validation->set_rules('first_name', 'Name', 'trim|required');
        $this->form_validation->set_rules('last_name', 'Last Name', 'trim|required');
        $this->form_validation->set_rules('email_address', 'Email Address', 'trim|required|valid_email');
        $this->form_validation->set_rules('username', 'Username', 'trim|required|min_length[4]');
        $this->form_validation->set_rules('password', 'Password', 'trim|required|min_length[4]|max_length[32]');
        $this->form_validation->set_rules('password2', 'Password Confirmation', 'trim|required|matches[password]');
        
        
        if($this->form_validation->run() == FALSE)
        {
            $this->load->view('signup_form');
        }
        
        else
        {            
            $this->load->model('membership_model');
            
            if($query = $this->membership_model->create_member())
            {
                $data['main_content'] = 'signup_successful';
                $this->load->view('includes/template', $data);
            }
            else
            {
                $this->load->view('signup_form');            
            }
        }    
    }
    function logout()
    {
        $this->session->sess_destroy();
        redirect('welcome');
    }

}

Login form:

Code:

<?php
    echo form_open('login/validate_credentials');
    echo form_input('username', 'Username');
    echo form_password('password', 'Password');
    echo form_submit('submit', 'Login');
    echo anchor('login/signup', 'Create Account');
    echo form_close();
    ?>

model:

Code:

<?php

class Membership_model extends Model {

    function validate()
    {
        $this->db->where('username', $this->input->post('username'));
        $this->db->where('password', md5($this->input->post('password')));
        $query = $this->db->get('membership');
        
        if($query->num_rows == 1)
        {
            return true;
        }
        
    }
    
    function create_member()
    {
        
        $new_member_insert_data = array(
            'first_name' => $this->input->post('first_name'),
            'last_name' => $this->input->post('last_name'),
            'email_address' => $this->input->post('email_address'),            
            'username' => $this->input->post('username'),
            'password' => md5($this->input->post('password'))                        
        );
        
        $insert = $this->db->insert('membership', $new_member_insert_data);
        return $insert;
    }
}

What i want is to :
add column status in database (0 - user, 1 - mod, 2 - admin)

How to make it works?

Code:

$this->db->where('username', $this->input->post('username'));
        $this->db->where('password', md5($this->input->post('password')));
        $query = $this->db->get('membership');
        
        if($query->num_rows == 1)
        {
            return true;
        }

I think it should return not only the 'true' value, but also status value.

Please help me

[eluser]n0xie[/eluser]

Code:

$this->db->where('username', $this->input->post('username'));
        $this->db->where('password', md5($this->input->post('password')));
        $query = $this->db->get('membership');
        
        if ($query->num_rows() > 0)
        {
            return $query->result();
        }
        else
        {
            return FALSE;
        }

[eluser]Mr. Gibon[/eluser]
hm...

and how to select different pages for diferent status value?

[eluser]Mr. Gibon[/eluser]
anybody ?

[eluser]WanWizard[/eluser]
If you have different access levels, only tracking 'is_logged_in' is clearly not enough.
Either store your status in the session as well, or fetch it from the database once you have determined the logged in user.

[eluser]Mr. Gibon[/eluser]

Code:

function validate_credentials()
    {        
        $this->load->model('membership_model');
        $query = $this->membership_model->validate();

        if($query) // if the user's credentials validated...
        {
            $data = array(
                'username' => $this->input->post('username'),
                'is_logged_in' => true
            );
            $this->session->set_userdata($data);
            redirect('site/members_area');

This is storing username form login_form. How to store other data form database in this session ?

[eluser]WanWizard[/eluser]
Don't store information from the form, store data from the user record. So have your model return a user record when the validation was a success.

[eluser]Mr. Gibon[/eluser]
hm.. i'm nob, can you post the code?

[eluser]WanWizard[/eluser]
I can't, it's your code.

All I'm saying is that your membership_model->validate() routine should return an array or object with the validated user record, instead of just TRUE. If the validation failed, return FALSE instead of the user record.
You can then do (assuming an object is returned):

Code:

function validate_credentials()
    {        
        $this->load->model('membership_model');
        $result = $this->membership_model->validate();

        if($result) // if validation returned an object
        {
            $data = array(
                'username' => $result->username,
                'level' => $result->userlevel,  // or whatever the fieldname is
                'is_logged_in' => true
            );
            $this->session->set_userdata($data);
            redirect('site/members_area');

[eluser]nuwanda[/eluser]
I have a helper for this sort of thing.

For instance, I have this:

Code:

function is_admin()
{
  $CI =& get_instance();

  if(isset($_SESSION['user_role']) AND $_SESSION['user_role']=='admin')
    {
      return TRUE;
    }
  else
  {
  return FALSE;
  }
}

Which checks to see if a session variable called user_role is set to admin. If so, I allow access.

This requires that you set session variables correctly during user login.

I autoload the helper so it's always handy.

I use it like:

Code:

if(is_admin())
{
  //show some admin-only stuff here
}