Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > PHP/MySQL > BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8
This is the forum to discuss the Wrox book Professional CodeIgniter by Thomas Myer; ISBN: 9780470282458
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old July 16th, 2009, 06:59 PM
Registered User
 
Join Date: Jul 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Exclamation Admin Dashboard Login/Session Issues

I left this comment in this thread. But thought I'd start a new thread too...

I've run into a login session issue, really the only issue I've had with the code from the book. For example when I use the code from the book:
Code:
if ($_SESSION['userid'] < 1) {
    redirect('welcome/verify', 'refresh');
}
It spits out the same undefined index: userid error from the first post in this thread.

If I use the improved session checking code from above:

Code:
if (! isset($_SESSION['userid']) || ($_SESSION['userid'] < 1) ){
    	redirect('welcome/verify','refresh');
 }
I just get redirected back to my login page.

I also changed my verify() method in my Welcome Controller from the book which uses straight up PHP $_SESSION:
Code:
function verify(){
	if ($this->input->post('username')){
		$u = $this->input->post('username');
		$pw = $this->input->post('password');
		$this->MAdmins->verifyUser($u,$pw);
		if ($_SESSION['userid'] > 0){
			redirect('admin/dashboard','refresh');
		}
	}
	$data['main'] = 'login';
	$data['title'] = "Claudia's Kids | Admin Login";
	$data['navlist'] = $this->MCats->getCategoriesNav();
	$this->load->vars($data);
	$this->load->view('template');
To improved code I found while browsing this forum that uses CI Sessions:
Code:
function verify(){
    if ($this->input->post('username')){
        /** Request comes from users, we should xss filter this (more at http://codeigniter.com/user_guide/libraries/input.html **/
        $u  = $this->input->post('username', TRUE);
        $pw = $this->input->post('password', TRUE);
        
        /** Returning a result here would be faster than writing to session and reading the session since your function returns something anyway **/
        $this->MAdmins->verifyUser($u,$pw);

        /** Better yet use difference in both value and type than just is higher **/
        if ($this->session->userdata('userid') !== 0){
            redirect('admin/dashboard','refresh');
        }
    }
    $data['main'] = 'login';
    $data['title'] = "Claudia's Kids | Admin Login";
    $data['navlist'] = $this->MCats->getCategoriesNav();
    $this->load->vars($data);
    $this->load->view('template');  
  }
I have the session library loaded in autoload.php too. And
Code:
session_start();
initialized in my Welcome Controller.

Any ideas on how I can remedy this?

My verifyUser() method in my Admin Model also uses $_SESSION:
Code:
function verifyUser($u, $pw) {
		$this->db->select('id, username');
		$this->db->where('username', db_clean($u,16));
		//$this->db->where('username', $this->db->escape($u));
		$this->db->where('password', db_clean(dohash($pw),16));
		//$this->db->where('password', $this->db->escape($pw));
		$this->db->where('status', 'active');
		$this->db->limit(1);
		$Q = $this->db->get('admins');
		if ($Q->num_rows() > 0) {
			$row = $Q->row_array();
			$_SESSION['userid'] = $row['id'];
			$_SESSION['username'] = $row['username'];
		} else {
			$this->session->set_flashdata('error', 'Sorry, your username or password is incorrect!');
		}
	}
Any help or glaring inaccuracies in my code would be appreciated. I'm still getting my feet wet in CI. Thanks...
Reply With Quote
  #2 (permalink)  
Old July 17th, 2009, 04:16 PM
Registered User
 
Join Date: Jul 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I've solved this issue by using CI's built in session library. But now the problem is I can go to my admin pages by directly typing in the URL. Doh! Kinda defeats the purpose of logging in in the first place. Any advice?
Reply With Quote
  #3 (permalink)  
Old July 20th, 2009, 06:02 PM
Registered User
 
Join Date: Jul 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I figured out my problem. I forgot to convert my logout() method in my admin dahboard.php Contoller to use CI sessions.
Code:
function logout() {
		//unset($_SESSION['userid']);
		$this->session->unset_userdata('userid');
		//unset($_SESSION['username']);
		$this->session->unset_userdata('username');
		$this->session->set_flashdata('error', "you've been logged out!");
		redirect('welcome/verify', 'refresh');
	}
Basically my CI session was never getting terminated as the logout() method was attempting to terminate the native PHP session. Live and learn. Kind of a noob mistake but I'm not the most experienced PHP guy.

Also if I could get PHP $_SESSION to work with my code I would rather use it for the sake of better security. So if anybody has any ideas about why PHP sessions are not working for me, I'm all ears. Thanks...
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cant Login in Admin pollers BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8 9 September 5th, 2009 11:56 AM
Problem with admin login thoque BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8 2 August 13th, 2009 08:37 AM
Problems with login logic and Dashboard alanphil BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8 18 August 13th, 2009 05:04 AM
Admin login help banned Classic ASP Databases 2 May 8th, 2006 07:50 PM
admin login mujnu PHP How-To 0 February 5th, 2006 07:03 AM



All times are GMT -4. The time now is 10:44 PM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.