[eluser]stef25[/eluser]
Login check in a controller
I have a controller Login() that has a function update_password. In the contractor of this Class I have
Code:
function Client()
{
parent::Controller();
$user_array = $this->session->userdata('user');
if( !$user_array['logged_in'] ) redirect(base_url());
elseif( is_int($this->uri->segment(2)) && $user_array['client_id'] !== $this->uri->segment(2) ) die('You are not logged in to that user account');
}
This is to make sure that no methods in this class can be accessed without the user being logged in.
Because of this bug I'm wondering if it's possible that a user accessed his change password page, waited till the session logged him out after X minutes and then submitted the form. Would this allow a method in this class to run nonetheless?
When I try this out myself I get redirected to the base_url (login page) as it should, but I'm not sure if the code in the method ran first. If so, I guess I need to put this check in every method and not just the constructor?