dtdt0454 2017-08-14 09:41
浏览 62
已采纳

在codeigniter中授权

I'm working with codeigniter, I'm doing an auth system - user can log in, he can see all pages, after he can log out. The problem is next: why logged out user can see all pages without to be logged in. how can I correct it? This is my controller:

 <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class User extends CI_Controller {

public function __construct() {
    parent::__construct();
    $this->load->helper(array('url', 'form'));
    $this->load->model("usermodel");
    $this->load->library('session');
}

private function view($page, $data=false) {
  if($page == "auth/login" ){
        $this->load->view("auth/header_auth.php");
    }else{
        $this->load->view("header.php");
  }

  $this->load->view($page, $data);
  $this->load->view("footer.php");
}

public function index() {
  if ($this->session->userdata("user")) {
      redirect("dashboard", "refresh");
      return;
  }
  $this->view("auth/login");
}

public function fail() {
  $this->view("auth/login");

}

public function dashboard() {
  $this->view("auth/dashboard");
}

public function login() {
  $login = $this->input->post("login");
  $password = $this->input->post("password");
  if ($this->usermodel->login($login, $password)) {
      $this->session->set_userdata("user", $login);
      redirect("dashboard", "refresh");
  } else {
      redirect("fail", "refresh");
  }
}

public function logout() {
  $this->session->unset_userdata('user');
  session_destroy();
  redirect('index', 'refresh');
}

}
  • 写回答

1条回答 默认 最新

  • duancan9815 2017-08-14 09:46
    关注

    you must check if user is logged in at beginning of each function which must have user privileges to view

    if (!$this->session->userdata("user")) {
      redirect("auth/login", "refresh");
    }
    

    I am assuming that your view function can only be viewed if a user is logged in, change

    private function view($page, $data=false) {
        if($page == "auth/login" ){
            $this->load->view("auth/header_auth.php");
        }else{
          $this->load->view("header.php");
      }
    
       $this->load->view($page, $data);
       $this->load->view("footer.php");
     }
    

    to this

    private function view($page, $data=false) {
    if (!$this->session->userdata("user")) {
        redirect("auth/login", "refresh");
    }
        if($page == "auth/login" ){
            $this->load->view("auth/header_auth.php");
        }else{
          $this->load->view("header.php");
      }
    
       $this->load->view($page, $data);
       $this->load->view("footer.php");
     }
    

    Update

    also your dashboard can be viewed by everyone, to make it viewable only by logged in user do this:

    public function dashboard() {
      if (!$this->session->userdata("user")) {
        redirect("auth/login", "refresh");
      }
      $this->view("auth/dashboard");
    }
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 jupyterthemes 设置完毕后没有效果
  • ¥15 matlab图像高斯低通滤波
  • ¥15 针对曲面部件的制孔路径规划,大家有什么思路吗
  • ¥15 钢筋实图交点识别,机器视觉代码
  • ¥15 如何在Linux系统中,但是在window系统上idea里面可以正常运行?(相关搜索:jar包)
  • ¥50 400g qsfp 光模块iphy方案
  • ¥15 两块ADC0804用proteus仿真时,出现异常
  • ¥15 关于风控系统,如何去选择
  • ¥15 这款软件是什么?需要能满足我的需求
  • ¥15 SpringSecurityOauth2登陆前后request不一致