Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming passing data secure
passing data secure
  • El Forum
    Guest
  •  
#1
06-05-2011, 04:30 PM

[eluser]mvn1990[/eluser]
hi, i've got a problem and i think it is not that difficult, in my view i have a table like this where i show all the projects...

Code:
<table class="940">
        <tr>
            <td class="titelbalk" width="500px;">Name</td>
            <td class="titelbalk" width="180px;" id="td_center">Holder</td>
            <td class="titelbalk" width="200px;" id="td_center">Ends</td>
            <td class="titelbalk" id="td_right">Entries</td>
        </tr>
        <tbody>
        &lt;?php foreach($projects as $project): ?&gt;
        <tr class="tr_res">
            <td class="td_res"><a >id_project .'') ?&gt;" rel="">&lt;?php echo $project->name; ?&gt;</a></td>
            <td class="td_res" id="td_center">&lt;?php echo $project->holder; ?&gt;</td>
            <td class="td_res" id="td_center">&lt;?php echo $project->end; ?&gt;</td>
            <td class="td_res" id="td_right">&lt;?php echo $project->entries; ?&gt;</td>
            
        </tr>
        &lt;?php endforeach; ?&gt;
        </tbody>
        </table>

but now i pass the project id to my controller in the url, of course this isn't safe so what is the best way to call the function in the controller and pass the data?

thanks in advance
  • El Forum
    Guest
  •  
#2
06-05-2011, 07:21 PM

[eluser]cideveloper[/eluser]
Why do you think this is not safe? You are just passing a number in the url. Its up the controller/method to make sure only an authorized user is viewing the specific project.
  • El Forum
    Guest
  •  
#3
06-07-2011, 03:13 AM

[eluser]mvn1990[/eluser]
ah okay, but how do i secure the controller/method because now when you type a differt id in the url you can see the project of other people...
  • El Forum
    Guest
  •  
#4
06-07-2011, 06:52 AM

[eluser]cideveloper[/eluser]
I assume $projects is being pulled from the database. You need to set a where clause that says where user = logged_in_user. the model can be something like this

Code:
function get_projects($user_id = $this->session->userdata('user_id')){
    $this->db->where('user_id', $user_id);
    $this->db->where('id', $this->uri->segment(3));
    $query = $this->db->get('projects');
    if ($query->num_rows() > 0){
        return $query->result();
    }
    return false;
}
  • El Forum
    Guest
  •  
#5
06-09-2011, 09:45 AM

[eluser]dj_voc[/eluser]
ya i think it will be safe if u build some login form and session, so user will just view their projects only Smile
  • El Forum
    Guest
  •  
#6
06-09-2011, 01:51 PM

[eluser]cideveloper[/eluser]
Ion Auth is a very good auth library for things like this.




Theme © iAndrew 2016 - Forum software by © MyBB