how to handle different user roles |
[eluser]dilawaiz[/eluser]
hello everyone. i'm a beginner and facing problem while redirecting user to relevant page according to its role . how can i check user group at login step ? here is my code . Code: <?php Code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
[eluser]dilawaiz[/eluser]
right now im just redirecting any user to home page but now i need to create authorization. i have an account table and usergroup table in my db and foriegn key of usergroup lies in account table . if its value is one then user is admin and if 2 then its an ordinary user. how can i handle this check ?
[eluser]skunkbad[/eluser]
Use my Community Auth, Ion Auth, or one of the many pre-built authentication solutions that are in the wiki.
[eluser]alexwenzel[/eluser]
What you are doing here: Code: $this->db->where('username = ' . "'" . $username . "'"); Is a NO-GO. You totaly miss the whole codeigniter security concept. http://ellislab.com/codeigniter/user-gui...urity.html Escape all data before database insertion!! Never insert information into your database without escaping it. Please see the section that discusses queries for more information. http://ellislab.com/codeigniter/user-gui...eries.html Edit: Didn't see you are a beginner ^^ dont want to be rude.
[eluser]ladooboy[/eluser]
@alexwenzel Isn't everything automatically escaped when using active directory ? Took this part from the guide: "$this->db->where(); This function enables you to set WHERE clauses using one of four methods: Note: All values passed to this function are escaped automatically, producing safer queries."
[eluser]Rolly1971[/eluser]
your calls to $this->db->where should look more like this: Code: $this->db->where('username', $username); you can also pass an array to AR in the where call: Code: $this->db->where(array('username' => $username, 'password' => $password)); check out the user guide on active record. http://ellislab.com/codeigniter/user-gui...ecord.html |
Welcome Guest, Not a member yet? Register Sign In |