Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Improving code
Improving code
  • El Forum
    Guest
  •  
#1
10-13-2012, 10:38 PM

[eluser]ninjayan[/eluser]
Hi everyone!
So it's me again. Today I want to make my code cleaner and less redundant. So this is my current code.

Controller
Code:
public function dashboard() {
  if ($this->session->userdata('is_logged_in')) {
   $this->load->view('dashboard');
  }else {
   redirect(base_url());
  }
}

public function account_settings() {
  if ($this->session->userdata('is_logged_in')) {
   $this->load->view('account_settings');
  }else {
   redirect(base_url());
  }
}
-----
So you notice that I do checking if the session 'is_logged_in' is set. I do this in almost all of my functions. Can you give me other ways to do it? I mean to stop using if statement and just call a function to check if it is set?
(I have trouble explaining -_- )
  • El Forum
    Guest
  •  
#2
10-13-2012, 11:08 PM

[eluser]Unknown[/eluser]
i would suggest that you put the authentication check in the __construct function (provided everything in the controller needs auth)
  • El Forum
    Guest
  •  
#3
10-13-2012, 11:22 PM

[eluser]ninjayan[/eluser]
I have this code as of this moment.

Code:
public function __construct() {
  parent:: __construct();
  $this->logged_in();
}

public function logged_in() {
  if ($this->session->userdata('is_logged_in' != 1)) {
   redirect(base_url());
  }
}

//THIS IS FOR LOGIN - START
public function index() {
  //if ($this->session->userdata('is_logged_in')) {
  // redirect('site/dashboard');
  //}else {
   $this->load->view('login');
  //}
}
What I want is when I'm at the dashboard page and go to login page, it should redirect me to dashboard and not show the login page since I'm already logged in.
  • El Forum
    Guest
  •  
#4
10-13-2012, 11:32 PM

[eluser]ninjayan[/eluser]
I think I have to improve it. Really wrong.
  • El Forum
    Guest
  •  
#5
10-13-2012, 11:44 PM

[eluser]ninjayan[/eluser]
Code:
Closed
  • El Forum
    Guest
  •  
#6
10-13-2012, 11:45 PM

[eluser]skunkbad[/eluser]
This is a recipe for disaster! Checking if the 'is_logged_in' exists in the session userdata is too limited of a check to be considered safe for any website except for the most basic of websites. Please do not use this code on a production website. Go to the CodeIgniter wiki and choose any authentication solution. If you are just trying to make an authentication solution for school or an experiment, consider reading about all of the different ways your website can be hacked, and try to consider those things when you check if the user is logged in.

Start here:
http://stackoverflow.com/questions/549/t...entication
  • El Forum
    Guest
  •  
#7
10-13-2012, 11:52 PM

[eluser]ninjayan[/eluser]
Thanks Smile
  • El Forum
    Guest
  •  
#8
10-14-2012, 12:15 AM

[eluser]ninjayan[/eluser]
I think this tutorial is okay. http://net.tutsplus.com/tutorials/php/ea...deigniter/

I am building an information system that will run on a local network.
  • El Forum
    Guest
  •  
#9
10-15-2012, 03:31 AM

[eluser]noslen1[/eluser]
skunkbad, what if you secure your config.php file with stuff like that ?
Code:
$config['encryption_key'] = 'KDh:tr$hkG,^G(Y<X:WMpRa3p#UyL6:|';
...
$config['sess_encrypt_cookie'] = TRUE;
...
$config['global_xss_filtering'] = TRUE;
  • El Forum
    Guest
  •  
#10
10-15-2012, 03:39 AM

[eluser]ninjayan[/eluser]
[quote author="noslen1" date="1350297088"]skunkbad, what if you secure your config.php file with stuff like that ?
Code:
$config['encryption_key'] = 'KDh:tr$hkG,^G(Y<X:WMpRa3p#UyL6:|';
...
$config['sess_encrypt_cookie'] = TRUE;
...
$config['global_xss_filtering'] = TRUE;
[/quote]

I also did that. Any other good authentication method? I only do checking if 'is_logged_in' session is set. Please share your ideas. Did means a lot. Thanks!




Theme © iAndrew 2016 - Forum software by © MyBB