Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Session / Login help
Session / Login help
  • El Forum
    Guest
  •  
#1
04-30-2012, 03:13 PM

[eluser]gbd_dee[/eluser]
Im new to CI. I want to restrict views to logged in members of my site. Im currently using session class but not sure if its working correctly. When I destroy the session I still have access to restricted content. Can someone go into detail on how I would code this correctly.
Every user has a profile page (only the logged in user can access its own person profile information/page)
Profile controller

Basically I want to only allow a session to be active for 30 minutes without activity, if a window or tab is closed I want the user to have to login again.

I need a code snippet that I add to every view that I want protect from non logged in members. Thanks in advance
  • El Forum
    Guest
  •  
#2
04-30-2012, 03:14 PM

[eluser]Aken[/eluser]
You're probably checking if a session_id exists on your protected pages. A session_id will ALWAYS exist - it's what assigns a session to a user. You need to add your own userdata that says whether they're logged in or not, and check that.
  • El Forum
    Guest
  •  
#3
04-30-2012, 03:18 PM

[eluser]gbd_dee[/eluser]
This is the code snippet that I have at the top of my restricted views

Code:
if(!$this->session->userdata('user_email')==$email)
redirect(base_url(). 'User/login');
else
    echo 'Logged in';

if I destroy the session is will still let me access restricted content
  • El Forum
    Guest
  •  
#4
04-30-2012, 03:23 PM

[eluser]InsiteFX[/eluser]
Because you need also to unset the session userdata!
Code:
$this->session->unset_userdata('some_name');
  • El Forum
    Guest
  •  
#5
04-30-2012, 03:30 PM

[eluser]Stefan Hueg[/eluser]
This won't work because you can not set a redirect in your view.
This has to be done in your controller in any restricted function OR if your whole controller should be protected, in your controller's __construct(){...}
  • El Forum
    Guest
  •  
#6
04-30-2012, 06:18 PM

[eluser]gbd_dee[/eluser]
This still isnt working

Code:
class Profile extends CI_Controller {

    
    
    function Profile()
    {
        parent::__construct();
    }
  
    
    public function index()
    {
        $this->login();
    }
        
    public function login()
     {
        $email = $this->Login_Model->getEmail();
        if(strcmp($this->session->unset_userdata('user_email'),$email)!=0)
            redirect(base_url(). 'User/login');
        else
           echo 'Logged in';
        
      
                    
        }//login
  • El Forum
    Guest
  •  
#7
04-30-2012, 06:19 PM

[eluser]gbd_dee[/eluser]
I added the strcmp out of desperation... lol
  • El Forum
    Guest
  •  
#8
04-30-2012, 06:27 PM

[eluser]Stefan Hueg[/eluser]
I believe InsiteFX's post has misdirected you, here is the solution:

Code:
public function login()
{
  $email = $this->Login_Model->getEmail();
  if($this->session->userdata('user_email') != $email)
   redirect(base_url(). 'User/login');
  else
   echo 'Logged in';
}//login

Your function name is misleading, it should be something like is_logged_in() to make things clear.
  • El Forum
    Guest
  •  
#9
04-30-2012, 07:38 PM

[eluser]InsiteFX[/eluser]
Code:
class Profile extends CI_Controller {

    
    // this is wrong and your big ERROR! Should not be Profile()
    // Should be function __construct()
    // And since you are not setting anything you do not even need this method!
    function __construct()
    {
        parent::__construct();
    }
  
    
    public function index()
    {
        $this->login();
    }
        
    public function login()
     {
        // how does this know which email address to retrive?
        $email = $this->Login_Model->getEmail();
        if(strcmp($this->session->unset_userdata('user_email'),$email)!=0)
            redirect(base_url(). 'User/login');
        else
           echo 'Logged in';
        
      
                    
        }//login

Your code that you are showing doe's not really make any since!

@stefan Hueg,
And how do you figure I have missed directed him?

If you do not unset the session userdata it will still exist, because there is no telling when the garbage collector will clear out the session!

Look at your session table and tell me how many sessions you have left in it...

  • El Forum
    Guest
  •  
#10
04-30-2012, 10:18 PM

[eluser]gbd_dee[/eluser]
So I did some restructuring I have a login and logout controller (2 separate controllers)
here is my login controller

Code:
<?php

class Login extends CI_Controller {

    
    
    function Login()
    {
        parent::__construct();
    }
  
    
    public function index()
    {
        $this->is_logged_in();
        
    }//index
        
    public function is_logged_in()
    {
        
        $email = $this->Login_Model->getEmail();
        if($this->session->userdata('user_email') != $email)
        redirect(base_url(). 'User/login');
        else
           echo 'Logged in';
    }//is_logged_in
        
}




Theme © iAndrew 2016 - Forum software by © MyBB