p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8 (http://p2p.wrox.com/forumdisplay.php?f=414)
-   -   Problems with login logic and Dashboard (http://p2p.wrox.com/showthread.php?t=71316)

alanphil November 4th, 2008 05:10 PM

Problems with login logic and Dashboard
 
I'm having problems with the login logic that starts on page 150 in the book. The verifyUser function on this page includes the following:

if (Q->num_rows() > 0) {
   $row = $Q->row_array();
   $_SESSION['userid'] = $row['id'];
   $_SESSION['username'] = $row['username'];

etc.

On page 153, in the function Dashboard, the author adds the following statement:

  if ($_SESSION['userid'] < 1) {
    redirect('welcome/verify','refresh');
  }

After I add the code above and attempt to log into the Dashboard, I get the following PHP Error in the browser:

Message: undefined index: userid
Filename: admin/dashboard.php

I've tried everything I can think of to fix this, but still stuck. Any insight into this problem would be greatly appreciated.

Thanks!
Alan






alanphil November 5th, 2008 11:45 AM

Found the problem -- in the Welcome controller you need to make sure that you have "session_start();". I think this is an oversight in the book. When the author has the reader originally create the Welcome controller there is no need at that point to discuss sessions. Later, in chapter 6 (page 149) when he creates stubs for the admin controllers there really should be a note to add the "session_start();" line to the Welcome controller.

Maybe this is one of the "learning lessons" you get from working through all of the code in the book! :D

Alan


krifur November 17th, 2008 08:09 PM

Actually it s wrote in the book p 109, maybe u do not need the cart functionnality on your site but it s there ;)


myerman March 16th, 2009 10:27 AM

This is a good point, and points to a very interesting bit of back story. At some point, the Ellis Lab folks were talking about making the CI sessions to be more like PHP sessions (ie., not like a cookie) but it never panned out in time for the book. That's when I decided to add PHP sessions to the discussion, and trying to differentiate between CI and PHP sessions caused kind of a protracted discussoin among the editorial and review folks.....and in all that, somebody should have said, "hey dummy, put session_start() at the first mention, then say you'll explain it later."

myerman March 16th, 2009 10:28 AM

geez, can I say the word "point" a few more times????

blackhorse66 June 15th, 2009 07:32 PM

error_reporting E_ALL
 
Quote:

Originally Posted by alanphil (Post 230289)
Found the problem -- in the Welcome controller you need to make sure that you have "session_start();". I think this is an oversight in the book.
Alan

But the
Code:

function Welcome(){
    parent::Controller();
    session_start();
    $this->output->enable_profiler(FALSE);
  }

already make sure that you have "session_start();". So that shouldn't be the problem, should it be?

I think it is due to the index.php set up the error report as E_NOTICE.

The codes should be working fine if Error reporting is "E_ALL & ~E_NOTICE".

To make the codes working for "E_NOTICE"

We need to make the codes like

Code:

  if (! isset($_SESSION['userid']) || ($_SESSION['userid'] < 1)) {
    redirect('welcome/verify','refresh');
  }

But it is kind redundancy to always check isset for $_SESSION['userid']?

What is really the problem?

What should we do, change the error reporting in index.php to "E_ALL & ~E_NOTICE" or modify the codes such as from

Code:

  if ($_SESSION['userid'] < 1) {
    redirect('welcome/verify','refresh');
  }

to

Code:

  if (! isset($_SESSION['userid']) || ($_SESSION['userid'] < 1) ){
    redirect('welcome/verify','refresh');
  }

?

If for error reporting E_NOTICE, there are too many codes requiring modification.

superfancy July 16th, 2009 06:53 PM

I've run into a login session issue, really the only issue I've had with the code from the book. For example when I use the code from the book:
Code:

if ($_SESSION['userid'] < 1) {
    redirect('welcome/verify', 'refresh');
}

It spits out the same undefined index: userid error from the first post in this thread.

If I use the improved session checking code from above:

Code:

if (! isset($_SESSION['userid']) || ($_SESSION['userid'] < 1) ){
            redirect('welcome/verify','refresh');
 }

I just get redirected back to my login page.

I also changed my verify() method in my Welcome Controller from the book which uses straight up PHP $_SESSION:
Code:

function verify(){
        if ($this->input->post('username')){
                $u = $this->input->post('username');
                $pw = $this->input->post('password');
                $this->MAdmins->verifyUser($u,$pw);
                if ($_SESSION['userid'] > 0){
                        redirect('admin/dashboard','refresh');
                }
        }
        $data['main'] = 'login';
        $data['title'] = "Claudia's Kids | Admin Login";
        $data['navlist'] = $this->MCats->getCategoriesNav();
        $this->load->vars($data);
        $this->load->view('template');

To improved code I found while browsing this forum that uses CI Sessions:
Code:

function verify(){
    if ($this->input->post('username')){
        /** Request comes from users, we should xss filter this (more at http://codeigniter.com/user_guide/libraries/input.html **/
        $u  = $this->input->post('username', TRUE);
        $pw = $this->input->post('password', TRUE);
       
        /** Returning a result here would be faster than writing to session and reading the session since your function returns something anyway **/
        $this->MAdmins->verifyUser($u,$pw);

        /** Better yet use difference in both value and type than just is higher **/
        if ($this->session->userdata('userid') !== 0){
            redirect('admin/dashboard','refresh');
        }
    }
    $data['main'] = 'login';
    $data['title'] = "Claudia's Kids | Admin Login";
    $data['navlist'] = $this->MCats->getCategoriesNav();
    $this->load->vars($data);
    $this->load->view('template'); 
  }

I have the session library loaded in autoload.php too. And
Code:

session_start();
initialized in my Welcome Controller.

Any ideas on how I can remedy this?

My verifyUser() method in my Admin Model also uses $_SESSION:
Code:

function verifyUser($u, $pw) {
                $this->db->select('id, username');
                $this->db->where('username', db_clean($u,16));
                //$this->db->where('username', $this->db->escape($u));
                $this->db->where('password', db_clean(dohash($pw),16));
                //$this->db->where('password', $this->db->escape($pw));
                $this->db->where('status', 'active');
                $this->db->limit(1);
                $Q = $this->db->get('admins');
                if ($Q->num_rows() > 0) {
                        $row = $Q->row_array();
                        $_SESSION['userid'] = $row['id'];
                        $_SESSION['username'] = $row['username'];
                } else {
                        $this->session->set_flashdata('error', 'Sorry, your username or password is incorrect!');
                }
        }

Any help or glaring inaccuracies in my code would be appreciated. I'm still getting my feet wet in CI. Thanks...

blackhorse66 July 16th, 2009 07:41 PM

Change the index.php error report to E_ALL & ~E_NOTICE will do.

If you want program for E_ALL, then there will be a lot of codes you would need to change.

I think.

superfancy July 16th, 2009 08:06 PM

Quote:

Originally Posted by blackhorse66 (Post 244041)
Change the index.php error report to E_ALL & ~E_NOTICE will do.

If you want program for E_ALL, then there will be a lot of codes you would need to change.

I think.

Would I make this change within CI or in my php.ini file?

blackhorse66 July 16th, 2009 10:47 PM

in the sample codes claudias, in the root, index.php.

Find error_reporting, change it to

error_reporting(E_ALL & ~E_NOTICE)

I think that will make the Notice message disappeared from the Claudias sample codes.

But for your own real life programming, programming for error_reporting(E_ALL) will be better practice.


All times are GMT -4. The time now is 07:56 PM.

Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.