p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   BOOK: Professional CodeIgniter ISBN: 978-0-470-28245-8 (http://p2p.wrox.com/forumdisplay.php?f=414)
-   -   Admin Dashboard Login/Session Issues (http://p2p.wrox.com/showthread.php?t=75295)

superfancy July 16th, 2009 06:59 PM

Admin Dashboard Login/Session Issues
 
I left this comment in this thread. But thought I'd start a new thread too...

I've run into a login session issue, really the only issue I've had with the code from the book. For example when I use the code from the book:
Code:

if ($_SESSION['userid'] < 1) {
    redirect('welcome/verify', 'refresh');
}

It spits out the same undefined index: userid error from the first post in this thread.

If I use the improved session checking code from above:

Code:

if (! isset($_SESSION['userid']) || ($_SESSION['userid'] < 1) ){
            redirect('welcome/verify','refresh');
 }

I just get redirected back to my login page.

I also changed my verify() method in my Welcome Controller from the book which uses straight up PHP $_SESSION:
Code:

function verify(){
        if ($this->input->post('username')){
                $u = $this->input->post('username');
                $pw = $this->input->post('password');
                $this->MAdmins->verifyUser($u,$pw);
                if ($_SESSION['userid'] > 0){
                        redirect('admin/dashboard','refresh');
                }
        }
        $data['main'] = 'login';
        $data['title'] = "Claudia's Kids | Admin Login";
        $data['navlist'] = $this->MCats->getCategoriesNav();
        $this->load->vars($data);
        $this->load->view('template');

To improved code I found while browsing this forum that uses CI Sessions:
Code:

function verify(){
    if ($this->input->post('username')){
        /** Request comes from users, we should xss filter this (more at http://codeigniter.com/user_guide/libraries/input.html **/
        $u  = $this->input->post('username', TRUE);
        $pw = $this->input->post('password', TRUE);
       
        /** Returning a result here would be faster than writing to session and reading the session since your function returns something anyway **/
        $this->MAdmins->verifyUser($u,$pw);

        /** Better yet use difference in both value and type than just is higher **/
        if ($this->session->userdata('userid') !== 0){
            redirect('admin/dashboard','refresh');
        }
    }
    $data['main'] = 'login';
    $data['title'] = "Claudia's Kids | Admin Login";
    $data['navlist'] = $this->MCats->getCategoriesNav();
    $this->load->vars($data);
    $this->load->view('template'); 
  }

I have the session library loaded in autoload.php too. And
Code:

session_start();
initialized in my Welcome Controller.

Any ideas on how I can remedy this?

My verifyUser() method in my Admin Model also uses $_SESSION:
Code:

function verifyUser($u, $pw) {
                $this->db->select('id, username');
                $this->db->where('username', db_clean($u,16));
                //$this->db->where('username', $this->db->escape($u));
                $this->db->where('password', db_clean(dohash($pw),16));
                //$this->db->where('password', $this->db->escape($pw));
                $this->db->where('status', 'active');
                $this->db->limit(1);
                $Q = $this->db->get('admins');
                if ($Q->num_rows() > 0) {
                        $row = $Q->row_array();
                        $_SESSION['userid'] = $row['id'];
                        $_SESSION['username'] = $row['username'];
                } else {
                        $this->session->set_flashdata('error', 'Sorry, your username or password is incorrect!');
                }
        }

Any help or glaring inaccuracies in my code would be appreciated. I'm still getting my feet wet in CI. Thanks...

superfancy July 17th, 2009 04:16 PM

I've solved this issue by using CI's built in session library. But now the problem is I can go to my admin pages by directly typing in the URL. Doh! Kinda defeats the purpose of logging in in the first place. Any advice?

superfancy July 20th, 2009 06:02 PM

I figured out my problem. I forgot to convert my logout() method in my admin dahboard.php Contoller to use CI sessions.
Code:

function logout() {
                //unset($_SESSION['userid']);
                $this->session->unset_userdata('userid');
                //unset($_SESSION['username']);
                $this->session->unset_userdata('username');
                $this->session->set_flashdata('error', "you've been logged out!");
                redirect('welcome/verify', 'refresh');
        }

Basically my CI session was never getting terminated as the logout() method was attempting to terminate the native PHP session. Live and learn. Kind of a noob mistake but I'm not the most experienced PHP guy.

Also if I could get PHP $_SESSION to work with my code I would rather use it for the sake of better security. So if anybody has any ideas about why PHP sessions are not working for me, I'm all ears. Thanks...


All times are GMT -4. The time now is 08:09 AM.

Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.