• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Improving code

#1
[eluser]ninjayan[/eluser]
Hi everyone!
So it's me again. Today I want to make my code cleaner and less redundant. So this is my current code.

Controller
Code:
public function dashboard() {
  if ($this->session->userdata('is_logged_in')) {
   $this->load->view('dashboard');
  }else {
   redirect(base_url());
  }
}

public function account_settings() {
  if ($this->session->userdata('is_logged_in')) {
   $this->load->view('account_settings');
  }else {
   redirect(base_url());
  }
}
-----
So you notice that I do checking if the session 'is_logged_in' is set. I do this in almost all of my functions. Can you give me other ways to do it? I mean to stop using if statement and just call a function to check if it is set?
(I have trouble explaining -_- )

#2
[eluser]Unknown[/eluser]
i would suggest that you put the authentication check in the __construct function (provided everything in the controller needs auth)

#3
[eluser]ninjayan[/eluser]
I have this code as of this moment.

Code:
public function __construct() {
  parent:: __construct();
  $this->logged_in();
}

public function logged_in() {
  if ($this->session->userdata('is_logged_in' != 1)) {
   redirect(base_url());
  }
}

//THIS IS FOR LOGIN - START
public function index() {
  //if ($this->session->userdata('is_logged_in')) {
  // redirect('site/dashboard');
  //}else {
   $this->load->view('login');
  //}
}
What I want is when I'm at the dashboard page and go to login page, it should redirect me to dashboard and not show the login page since I'm already logged in.

#4
[eluser]ninjayan[/eluser]
I think I have to improve it. Really wrong.

#5
[eluser]ninjayan[/eluser]
Code:
Closed

#6
[eluser]skunkbad[/eluser]
This is a recipe for disaster! Checking if the 'is_logged_in' exists in the session userdata is too limited of a check to be considered safe for any website except for the most basic of websites. Please do not use this code on a production website. Go to the CodeIgniter wiki and choose any authentication solution. If you are just trying to make an authentication solution for school or an experiment, consider reading about all of the different ways your website can be hacked, and try to consider those things when you check if the user is logged in.

Start here:
http://stackoverflow.com/questions/549/t...entication

#7
[eluser]ninjayan[/eluser]
Thanks Smile

#8
[eluser]ninjayan[/eluser]
I think this tutorial is okay. http://net.tutsplus.com/tutorials/php/ea...deigniter/

I am building an information system that will run on a local network.

#9
[eluser]noslen1[/eluser]
skunkbad, what if you secure your config.php file with stuff like that ?
Code:
$config['encryption_key'] = 'KDh:tr$hkG,^G(Y<X:WMpRa3p#UyL6:|';
...
$config['sess_encrypt_cookie'] = TRUE;
...
$config['global_xss_filtering'] = TRUE;

#10
[eluser]ninjayan[/eluser]
[quote author="noslen1" date="1350297088"]skunkbad, what if you secure your config.php file with stuff like that ?
Code:
$config['encryption_key'] = 'KDh:tr$hkG,^G(Y<X:WMpRa3p#UyL6:|';
...
$config['sess_encrypt_cookie'] = TRUE;
...
$config['global_xss_filtering'] = TRUE;
[/quote]

I also did that. Any other good authentication method? I only do checking if 'is_logged_in' session is set. Please share your ideas. Did means a lot. Thanks!


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.