Reputation: 2425
Does Setting Session in Model is bad practice?
I do some database transaction and the set $new_user = TRUE like this
Model Code:
$data_insert = array
(
'username' => $username_post,
'password'=>$username_post,
);
$this->db->insert('Tenant', $data_insert);
$new_tenant_id = $this->db->insert_id();
//CREATE TABLE FOR THAT DISTRIBUTOR
$this->dbforge->add_field(
array(
'id' => array(
'type' => 'INT',
'constraint' => 10,
'unsigned' => TRUE,
'auto_increment' => TRUE
),
'site_key' => array(
'type' => 'VARCHAR',
'constraint' => '100',
),
'display_name' => array(
'type' => 'VARCHAR',
'constraint' => '100',
'null' => TRUE
),
'ext' => array(
'type' => 'VARCHAR',
'constraint' => '50',
'null' => TRUE
),
'auth_user' => array(
'type' => 'VARCHAR',
'constraint' => '100',
'null' => TRUE
),
'password' => array(
'type' => 'VARCHAR',
'constraint' => '128',
'null' => TRUE,
),
'base_ini_id' => array(
'type' => 'VARCHAR',
'constraint' => '50',
'null' => TRUE
),
'md_user' => array(
'type' => 'VARCHAR',
'constraint' => '128',
'null' => TRUE
),
'uc_user' => array(
'type' => 'VARCHAR',
'constraint' => '50',
'null' => TRUE
),
'uc_password' => array(
'type' => 'VARCHAR',
'constraint' => '100',
'null' => TRUE
),
'comments' => array(
'type' => 'VARCHAR',
'constraint' => '200',
'null' => TRUE
),
'custom_ini_filename' => array(
'type' => 'VARCHAR',
'constraint' => '100',
'null' => TRUE
),
'email' => array(
'type' => 'VARCHAR',
'constraint' => '100',
'null' => TRUE
),
));
$this->dbforge->add_key('id', TRUE);
if (!$this->db->table_exists('table_name'))
{
$this->dbforge->create_table($usertable);
}
//TABLE CREATED NOW ADD SOME DATA
$insert_data = array
(
'site_key' =>$site_post,
'tenant_id'=>$new_tenant_id
);
//TENANT CREATED AND THE SITE BY HIM IS ADDED TO DATABASE
$query = $this->db->insert('MLCSites',$insert_data);
$new_user = TRUE;
Now if i have the user in database then $validate is set to TRUE if not i check if $new_user == TRUE then I set loggedin = TRUE in my session like this:
if(!empty($validate))
{
if ($validate == TRUE)
{
// Log in user
$data = array(
'site' => $site->site_post,
'id' =>$tenant_id,
'username'=>$username_post,
'user_table'=>$usertable,
'nec_distributor'=>TRUE,
'loggedin' => TRUE,
);
$this->session->set_userdata($data);
return TRUE;
}
elseif ($new_user == TRUE)
{
// Log in user
$data = array(
'site' => $site->site_post,
'id' =>$new_tenant_id,
'username'=>$username_post,
'user_table'=>$usertable,
'nec_distributor'=>TRUE,
'loggedin' => TRUE,
);
$this->session->set_userdata($data);
return TRUE;
}
return FALSE;
}
Now in my controller i Check like this:
$dashboard ='customer/dashboard';
$rules = $this->distributor_m->rules;
$this->form_validation->set_rules($rules);
if ($this->distributor_m->login() == TRUE)
{
var_dump($this->session->all_userdata());
$this->distributor_m->loggedin() == FALSE || redirect($dashboard);
redirect($dashboard);
}
else
{
$this->session->set_flashdata('error', 'That email/password combination does not exist');
//redirect('secure/login', 'refresh');
}
But when i submit username and key, all the database transaction are done as per the code successfully. But there is nothing in my session, if I resend the form information then i see the SESSION data. So where I am going wrong?
Upvotes: 0
Views: 81
Answers (3)
Reputation: 3148
1) Do not store all that information in the session. Make a long randomized string to use as a token. Store that token in the sesssion. Use that token to retrieve the user details from a database. Note that I'm not talking about saving the codeigniter session itself to a database. Use session files. Make your own user table to hold the user name, site, etc etc. Of course put in some other details like sign up date, last activity date, etc.
2) Set the session first. Before everything else you are doing. Especially before doing something as major as creating a new database table :-)
3) The session is set. Next page or whatever the user clicks on something that starts the table creation. Before you create the table, validate that the session is valid.
4) Models can be for many things not just interacting with a database. There are two schools of design in terms of controllers - wise people who advocate "thin controllers" that are clean, easy to maintain, and much less prone to errors. And those other people who stuff their controllers full of code and thus have "fat controllers". Not going to say which is better - so I will just imply it :-)
Upvotes: 1
Reputation: 38584
There is no good and bad you can do anything you want. But Model we used to only interact with Database. So Controller is the one handle all the sites.
So its better if you add the session in controller. Its helpful in some ways too.
Ex: if you set flashdata you have to redirect the page. So in model you can't archive it. But if you do same on controller you are able to redirect where ever you want.
$this->session->set_flashdata('item', 'value');
redirect('controller/name');
Upvotes: 1
Reputation: 844
This code works fine .Have a glimpse. In this case I have two kind of user: admin and customer
public function index()
{
if(($this->session->userdata('logged_in'))){
redirect('/customer/dashboard/', 'refresh');
}
if(isset($_POST['username']) && isset($_POST['password'])){
$this->form_validation->set_rules('username', 'Username', 'required');
$this->form_validation->set_rules('password', 'Password', 'required');
$username = $_POST['username'] ;
$password = md5($_POST['password']);
if ($this->form_validation->run() == FALSE)
{
echo "not success";
}
else
{
$this->load->model('Book_upload');
$user_details = $this->Book_upload->validate_user_login($username,$password);
if(count($user_details)==0){
echo "Invalid Login";
} else {
$newdata = array(
'userid' => $user_details[0]['AdminId'],
'username' => $user_details[0]['UserName'],
'role' => $user_details[0]['Role'],
'fullname' => $user_details[0]['FullName'],
'logged_in' => TRUE
);
$this->session->set_userdata($newdata);
$session_flag = $this->session->all_userdata();
if($session_flag['role'] == 'customer')
redirect('/customer/home/', 'refresh');
if($session_flag['role'] == 'admin')
redirect('/admin/dashboard/', 'refresh');
}
}
}
$this->load->view('customer/login');
}
Upvotes: 0
Related Questions
- Check if PHP session has already started
- Reference Guide: What does this symbol mean in PHP? (PHP Syntax)
- How do I expire a PHP session after 30 minutes?
- Reference - What does this error mean in PHP?
- How does PHP 'foreach' actually work?
- Using email field instead of username field for authentiaction CakePHP 3
- Setting Session Variables and Calling them on Another Page
- CodeIgniter SessionProblem
- Is it common to store a users password in a PHP Session?