Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Best way to build a wizard with CodeIgniter?
Best way to build a wizard with CodeIgniter?
  • El Forum
    Guest
  •  
#1
07-24-2010, 06:25 AM

[eluser]parham90[/eluser]
Hi there,

My client requires a sign-up wizard. I originally began implementing it with URI's like:

http://example.com/users/signup/1
and
http://example.com/users/signup/2

It occurs to me that this method is very insecure (E.G. the steps could be modified, tampered with, etc), and I wouldn't have sufficient data to add to the database in the end. So, should I just say that the data is not complete, or make it based on session data (I.E. store the current step in the session)? I have heard that session data also can be modified, so that's why I am not sure whether or not I should trust that one.

Thanks!
  • El Forum
    Guest
  •  
#2
07-24-2010, 07:01 AM

[eluser]WanWizard[/eluser]
Keep track of the current step in the session.
Let's session says 2, and someone requests 4, just redirect back to 2. If nothing present in the session, redirect to 1.

Session data is very difficult to tamper with, especially if you encrypt it (which you should). If you already have a database active at this point, go for database sessions instead of cookie sessions. That way no user data will be send to the client, just a cookie with the encrypted session_id. The session library also takes care of session_id rotation (default every 300 seconds), so even if someone steals the cookie, they have to use it to hack in within 300 seconds, after which the stolen cookie is invalid.
  • El Forum
    Guest
  •  
#3
07-24-2010, 07:47 AM

[eluser]Higher Ground Studio[/eluser]
The way I would go to implement it easily would be to use the jquery plugin, Smart Wizard (http://plugins.jquery.com/project/SmartWizard). I would use database sessions like wanwizard suggested.
  • El Forum
    Guest
  •  
#4
07-24-2010, 10:11 AM

[eluser]Jelmer[/eluser]
Take a look at my implementation at Bitbucket (als forum topic).
  • El Forum
    Guest
  •  
#5
07-25-2010, 11:44 PM

[eluser]parham90[/eluser]
Hi,

Thanks. I looked at that one, but didn't actually understand how it works (it is something on my side, not your fault). I just can't wrap my head around the concept, so I think I'd better just go with the session library and store sessions in a table in the database.

Thanks!

[quote author="Jelmer" date="1280005876"]Take a look at my implementation at Bitbucket (als forum topic).[/quote]




Theme © iAndrew 2016 - Forum software by © MyBB