hairynuggets
Reputation: 3311
Page secure script with Codeigniter. Am I along the right track?
I am creating a function to protect my admin pages if a user is not logged in. Am I doing it in a correct way. The following function is included on all my admin pages.
What else should I check for before give acccess to my admin pages for a secure page??
function is_logged_in_admin()
{
$CI =& get_instance();
$is_logged_in = $CI->session->userdata('is_logged_in');
$username = $CI->session->userdata('username');
$status = $CI->session->userdata('status');
if(!isset($is_logged_in) || $is_logged_in != true)
{
redirect('auth/login',location);
}
if(!$username == 'myeswr')
{
redirect('auth/login',location);
}
if(!$status == '1')
{
redirect('auth/resend_activation',location);
}
}
Upvotes: 0
Views: 193
Answers (1)
Mike
Reputation: 783
With the code you have here, there is a possibility for granting permission w/o intent. Its not likely, but if for some reason there is a logic error (not syntax error) somewhere in your code for if #1, you are not redirected, and the other 2 fail.
I suggest using if.. elseif.. elseif.. else. Final else being a redirect to login, as a failsafe.
You may also want to check length of login (or just use CI's built in session length).
Upvotes: 1
Related Questions
- Codeigniter 2.1 - Security for the admin part of the web site
- Codeigniter secure login systems
- Codeigniter security
- Password protect a view
- How to secure codeigniter functions in the controller?
- How to make more secure login system with codeigniter?
- securing codeigniter view
- Code igniter authentication code in controller security question
- Safe authentication in codeigniter
- Securing app using CodeIngiter with AJAX requests