EllisLab text mark
Advanced Search
     
Improving code
 
ninjayan
Posted: 14 October 2012 01:38 AM   [ Ignore ]
Avatar
Joined: 2012-10-02
71 posts

Hi everyone!
So it’s me again. Today I want to make my code cleaner and less redundant. So this is my current code.

Controller

public function dashboard() {
  if ($this->session->userdata('is_logged_in')) {
   $this->load->view('dashboard');
  }else {
   redirect(base_url());
  }
 }

 public function account_settings() {
  if ($this->session->userdata('is_logged_in')) {
   $this->load->view('account_settings');
  }else {
   redirect(base_url());
  }
 } 

——-
So you notice that I do checking if the session ‘is_logged_in’ is set. I do this in almost all of my functions. Can you give me other ways to do it? I mean to stop using if statement and just call a function to check if it is set?
(I have trouble explaining -_- )
 
speilberg0
Posted: 14 October 2012 02:08 AM   [ Ignore ]   [ # 1 ]   [ Rating: 0 ]
Joined: 2012-09-21
1 posts

i would suggest that you put the authentication check in the __construct function (provided everything in the controller needs auth)
 
ninjayan
Posted: 14 October 2012 02:22 AM   [ Ignore ]   [ # 2 ]   [ Rating: 0 ]
Avatar
Joined: 2012-10-02
71 posts

I have this code as of this moment.

public function __construct() {
  parent:: __construct();
  $this->logged_in();
 }

 public function logged_in() {
  if ($this->session->userdata('is_logged_in' != 1)) {
   redirect(base_url());
  }
 }

 //THIS IS FOR LOGIN - START
 public function index() {
  //if ($this->session->userdata('is_logged_in')) {
  // redirect('site/dashboard');
  //}else {
   $this->load->view('login');
  //}
 

What I want is when I’m at the dashboard page and go to login page, it should redirect me to dashboard and not show the login page since I’m already logged in.
 
ninjayan
Posted: 14 October 2012 02:32 AM   [ Ignore ]   [ # 3 ]   [ Rating: 0 ]
Avatar
Joined: 2012-10-02
71 posts

I think I have to improve it. Really wrong.
 
ninjayan
Posted: 14 October 2012 02:44 AM   [ Ignore ]   [ # 4 ]   [ Rating: 0 ]
Avatar
Joined: 2012-10-02
71 posts
Closed 
 
skunkbad
Posted: 14 October 2012 02:45 AM   [ Ignore ]   [ # 5 ]   [ Rating: 0 ]
Avatar
Joined: 2009-05-17
1415 posts

This is a recipe for disaster! Checking if the ‘is_logged_in’ exists in the session userdata is too limited of a check to be considered safe for any website except for the most basic of websites. Please do not use this code on a production website. Go to the CodeIgniter wiki and choose any authentication solution. If you are just trying to make an authentication solution for school or an experiment, consider reading about all of the different ways your website can be hacked, and try to consider those things when you check if the user is logged in.

Start here:
http://stackoverflow.com/questions/549/the-definitive-guide-to-forms-based-website-authentication

 Signature 

Brian
Brian’s Web Design - Temecula
Community Auth - CodeIgniter Authentication Application
 
ninjayan
Posted: 14 October 2012 02:52 AM   [ Ignore ]   [ # 6 ]   [ Rating: 0 ]
Avatar
Joined: 2012-10-02
71 posts

Thanks smile
 
ninjayan
Posted: 14 October 2012 03:15 AM   [ Ignore ]   [ # 7 ]   [ Rating: 0 ]
Avatar
Joined: 2012-10-02
71 posts

I think this tutorial is okay. http://net.tutsplus.com/tutorials/php/easy-authentication-with-codeigniter/

I am building an information system that will run on a local network.
 
noslen1
Posted: 15 October 2012 06:31 AM   [ Ignore ]   [ # 8 ]   [ Rating: 0 ]
Joined: 2010-07-20
74 posts

skunkbad, what if you secure your config.php file with stuff like that ?

$config['encryption_key''KDh:tr$hkG,^G(Y<X:WMpRa3p#UyL6:|';
...
$config['sess_encrypt_cookie'TRUE;
...
$config['global_xss_filtering'TRUE
 
ninjayan
Posted: 15 October 2012 06:39 AM   [ Ignore ]   [ # 9 ]   [ Rating: 0 ]
Avatar
Joined: 2012-10-02
71 posts
noslen1 - 15 October 2012 06:31 AM

skunkbad, what if you secure your config.php file with stuff like that ?

$config['encryption_key''KDh:tr$hkG,^G(Y<X:WMpRa3p#UyL6:|';
...
$config['sess_encrypt_cookie'TRUE;
...
$config['global_xss_filtering'TRUE

I also did that. Any other good authentication method? I only do checking if ‘is_logged_in’ session is set. Please share your ideas. Did means a lot. Thanks!
 
ThomasMosey
Posted: 16 October 2012 05:40 AM   [ Ignore ]   [ # 10 ]   [ Rating: 0 ]
Joined: 2012-10-16
1 posts
ninjayan - 15 October 2012 06:39 AM

I also did that. Any other good authentication method? I only do checking if ‘is_logged_in’ session is set. Please share your ideas. Did means a lot. Thanks!

When you say you only do checking if “is_logged_in” is set, is it done on another controller? As from the code you’ve given, you do no checking. Possibly store the users Email/Username and Password (Obviously, using the various encryption methods offered in CI) in the session and, if they’re set, make sure the combination exists with the User Database.

 Signature 

Warm Regards,
Thomas Mosey