Wrox Programmer Forums
| Search | Today's Posts | Mark Forums Read
BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8
This is the forum to discuss the Wrox book Professional CodeIgniter by Thomas Myer; ISBN: 9780470282458
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old July 16th, 2009, 06:59 PM
Registered User
 
Join Date: Jul 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Exclamation Admin Dashboard Login/Session Issues

I left this comment in this thread. But thought I'd start a new thread too...

I've run into a login session issue, really the only issue I've had with the code from the book. For example when I use the code from the book:
Code:
if ($_SESSION['userid'] < 1) {
    redirect('welcome/verify', 'refresh');
}
It spits out the same undefined index: userid error from the first post in this thread.

If I use the improved session checking code from above:

Code:
if (! isset($_SESSION['userid']) || ($_SESSION['userid'] < 1) ){
    	redirect('welcome/verify','refresh');
 }
I just get redirected back to my login page.

I also changed my verify() method in my Welcome Controller from the book which uses straight up PHP $_SESSION:
Code:
function verify(){
	if ($this->input->post('username')){
		$u = $this->input->post('username');
		$pw = $this->input->post('password');
		$this->MAdmins->verifyUser($u,$pw);
		if ($_SESSION['userid'] > 0){
			redirect('admin/dashboard','refresh');
		}
	}
	$data['main'] = 'login';
	$data['title'] = "Claudia's Kids | Admin Login";
	$data['navlist'] = $this->MCats->getCategoriesNav();
	$this->load->vars($data);
	$this->load->view('template');
To improved code I found while browsing this forum that uses CI Sessions:
Code:
function verify(){
    if ($this->input->post('username')){
        /** Request comes from users, we should xss filter this (more at http://codeigniter.com/user_guide/libraries/input.html **/
        $u  = $this->input->post('username', TRUE);
        $pw = $this->input->post('password', TRUE);
        
        /** Returning a result here would be faster than writing to session and reading the session since your function returns something anyway **/
        $this->MAdmins->verifyUser($u,$pw);

        /** Better yet use difference in both value and type than just is higher **/
        if ($this->session->userdata('userid') !== 0){
            redirect('admin/dashboard','refresh');
        }
    }
    $data['main'] = 'login';
    $data['title'] = "Claudia's Kids | Admin Login";
    $data['navlist'] = $this->MCats->getCategoriesNav();
    $this->load->vars($data);
    $this->load->view('template');  
  }
I have the session library loaded in autoload.php too. And
Code:
session_start();
initialized in my Welcome Controller.

Any ideas on how I can remedy this?

My verifyUser() method in my Admin Model also uses $_SESSION:
Code:
function verifyUser($u, $pw) {
		$this->db->select('id, username');
		$this->db->where('username', db_clean($u,16));
		//$this->db->where('username', $this->db->escape($u));
		$this->db->where('password', db_clean(dohash($pw),16));
		//$this->db->where('password', $this->db->escape($pw));
		$this->db->where('status', 'active');
		$this->db->limit(1);
		$Q = $this->db->get('admins');
		if ($Q->num_rows() > 0) {
			$row = $Q->row_array();
			$_SESSION['userid'] = $row['id'];
			$_SESSION['username'] = $row['username'];
		} else {
			$this->session->set_flashdata('error', 'Sorry, your username or password is incorrect!');
		}
	}
Any help or glaring inaccuracies in my code would be appreciated. I'm still getting my feet wet in CI. Thanks...
 
Old July 17th, 2009, 04:16 PM
Registered User
 
Join Date: Jul 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I've solved this issue by using CI's built in session library. But now the problem is I can go to my admin pages by directly typing in the URL. Doh! Kinda defeats the purpose of logging in in the first place. Any advice?
 
Old July 20th, 2009, 06:02 PM
Registered User
 
Join Date: Jul 2009
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I figured out my problem. I forgot to convert my logout() method in my admin dahboard.php Contoller to use CI sessions.
Code:
function logout() {
		//unset($_SESSION['userid']);
		$this->session->unset_userdata('userid');
		//unset($_SESSION['username']);
		$this->session->unset_userdata('username');
		$this->session->set_flashdata('error', "you've been logged out!");
		redirect('welcome/verify', 'refresh');
	}
Basically my CI session was never getting terminated as the logout() method was attempting to terminate the native PHP session. Live and learn. Kind of a noob mistake but I'm not the most experienced PHP guy.

Also if I could get PHP $_SESSION to work with my code I would rather use it for the sake of better security. So if anybody has any ideas about why PHP sessions are not working for me, I'm all ears. Thanks...




Similar Threads
Thread Thread Starter Forum Replies Last Post
Cant Login in Admin pollers BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8 9 September 5th, 2009 11:56 AM
Problem with admin login thoque BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8 2 August 13th, 2009 08:37 AM
Problems with login logic and Dashboard alanphil BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8 18 August 13th, 2009 05:04 AM
Admin login help banned Classic ASP Databases 2 May 8th, 2006 07:50 PM
admin login mujnu PHP How-To 0 February 5th, 2006 08:03 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.