Controlling PHP sessions with Codeigniter

1

Good morning, I'm new to programming with PHP and I have a question: I've already developed the login system and it's working properly, now I'd like to control access to the other pages of the application, access internal pages if you are logged in.

I also know that for this I need to use if (isset(....)) but my question is: where do I put this if (isset(....)) ?

How do I use the Framework CodeIgniter , or should I put this clause in the Controller , Model or View ?

In addition, this is my structure after logging in:

So, my isset would look like this:

if(isset(usuario_logado[username]))
{
//usuário não logado direciona para a pagina de login
}

$usuario_logado is the array that receives the user data after authentication with the database.

    
asked by anonymous 26.01.2017 / 14:50

2 answers

1

Enable the HOOKS in your application. This mechanism will automatically check and validate the login without marking or doing includes .

Use SESSIONS . I know the CodeIgniter native session library is not a marvel, but it will help you in a few moments, so it's best to leave it turned on (I like autoload ). And even if you do not want to use the native library, use $ _SESSION to store the logon credentials.

  

Never, under any circumstances, you should save the user's password in session or in cookies or elsewhere in memory. Not even the HASH of the password.

After enabling HOOKS and SESSION , go to application / config / hooks.php and insert it here:

$hook['post_controller_constructor'][] = [
    'function' => 'logged',
    'filename' => 'logged.php',
    'filepath' => 'hooks'
];

It's simple: to validate the login, HOOK needs to know which driver and method is called, ie CodeIgniter has to pass this information on to him , and this is only possible after the drivers are already loaded, so post_controller_constructor :

  

post_controller_constructor Called immediately after your controller is instantiated, but prior to any method calls happening.

Create application / hooks / logged.php and put it here:

function logged() {
    $ci = & get_instance();//Instância do CodeIgniter
    $method = $ci->router->fetch_class().'/'.$ci->router->fetch_method();//Método atual
    $protegidos = ['sistema/clientes'];//Métodos protegidos
    $usuario_logado = $ci->session->userdata('usuario_logado');//Array gerado pelo seu algotitmo de "login" e gravado na SESSION
    if (in_array($method, $protegidos)) {//Verificando se o método é protegido
        if (!$usuario_logado[username]) {//Verificando se o usuário está logado
            $ci->session->set_flashdata('alert', 'Autentique-se, por favor!');//Aqui vc tb pode criar um aviso pro usuário saber o motivo do comportamento da aplicação
            $url = base_url('controller/metodo_de_logon');
            redirect($url);//usuário não logado direciona para a pagina de login
        }
    }
}

There is a lot more that can be done to make this HOOK more secure (confirm a hash in the database, confirm session lifetime, etc.) , but the basics of your doubt are that.

    
26.01.2017 / 17:36
0

You can do:

if(isset($this->session->userdata('usuario_logado'))){
     echo "Logado.";
}
    
26.01.2017 / 14:57