Is this safe?

[eluser]Wondering Coder[/eluser]
I have a code which will be repeatedly call in every controller so I had to put it in MY_Controller.

MY_Controller

Code:

public function load_module()
    {
        
        $role = $this->session->userdata('data_id');
        if($role == 1){ $cond = array('company'=>1);}
        if($role == 2){ $cond = array('student'=>1);}
        if($role == 3){ $cond = array('admin'=>1);}
        if($role == 4){ $cond = array('coordinator'=>1);}
        
        return $cond;
        
        
    }

In my home controller

Code:

function index()
{
.....
$data['modules'] = $this->dataset_db->getModules($this->load_module());
...
}

In my other controller and so on...

Code:

function index()
{
.....
$data['modules'] = $this->dataset_db->getModules($this->load_module());
...
}

Just want to ask if my coding structure is safe or maybe some may have a better solution than I have.

[eluser]cideveloper[/eluser]
Personally I wouldnt put the load_module() in the MY_Controller. I would create a library and autoload that library. Make it an application specific library that you put code that you use frequently. The My_Controller is usually used for things you want to do or things you want to check all the time, not functions that you want to call.

[eluser]Wondering Coder[/eluser]
haven't tried to create my own library though but if I create my own library is this the proper way in calling my function in the library?

Code:

$this->load->library('modules');
function index()
{
.....
$data['modules'] = $this->dataset_db->getModules($this->modules->load_module());
...
}

[eluser]theprodigy[/eluser]
Personally, I agree with both the MY_Controller and library ways of thinking, but I would probably end up putting it in MY_Controller myself.

I tend to use $this->data rather than just $data, and I would have the function set $this->data, rather than return a value.

I would also be more inclined to using a switch case, rather than a series of if statements. Right now, your function is checking each and every if statement, even if the first one catches. There's no need for that since all the if's are checking for ==. It will only ever catch on one of them at most (but it is still checking all of them). Either use a switch case or convert some of your if's to elseif's.

[eluser]Wondering Coder[/eluser]
hehe, thanks for the pointers theprodigy^_^.I'll modify my code later. Actually I also used $data set in every controller function and thinking of putting it in my MY_Controller.

[eluser]toopay[/eluser]
@theprodigy & cideveloper : what you talked is not related with his main concern in his question : security. Look at his load_module(). This is not a "HMVC" question, but "Application Security" issue.

@Wondering coder, for the best result, seems you should build some ACL (Access Control List) modules to handle Authentification, and more important, Authorization proccess in your apps. Theres alot resource out there, if you're looking on CI example, i will recomend you to learn how Ion Auth works(not only in "functional" scope, but in "its internal design/flow" scope). Once you used to it, you can extends that simple library into very powerful (and secure) Auth Modules.

[eluser]Wondering Coder[/eluser]
actually toopay I already worked it out using my own code. I'm not saying I don't like your idea but its just that I don't have enough time to start from step 1 again. I'm working on my senior project for my school and I have a very tight deadline to follow.

Also before when I'm just starting to use codeigniter I already came across Ion Auth but didn't quite get a grasp on it. I had read the thread on Ion Auth and ask some question but sad to say no one replied to my question so I had to apply my own convention. But I'm sure I will look at Ion Auth again...