dtdt0454
dtdt0454
2017-08-14 09:41
浏览 57
已采纳

在codeigniter中授权

I'm working with codeigniter, I'm doing an auth system - user can log in, he can see all pages, after he can log out. The problem is next: why logged out user can see all pages without to be logged in. how can I correct it? This is my controller:

 <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class User extends CI_Controller {

public function __construct() {
    parent::__construct();
    $this->load->helper(array('url', 'form'));
    $this->load->model("usermodel");
    $this->load->library('session');
}

private function view($page, $data=false) {
  if($page == "auth/login" ){
        $this->load->view("auth/header_auth.php");
    }else{
        $this->load->view("header.php");
  }

  $this->load->view($page, $data);
  $this->load->view("footer.php");
}

public function index() {
  if ($this->session->userdata("user")) {
      redirect("dashboard", "refresh");
      return;
  }
  $this->view("auth/login");
}

public function fail() {
  $this->view("auth/login");

}

public function dashboard() {
  $this->view("auth/dashboard");
}

public function login() {
  $login = $this->input->post("login");
  $password = $this->input->post("password");
  if ($this->usermodel->login($login, $password)) {
      $this->session->set_userdata("user", $login);
      redirect("dashboard", "refresh");
  } else {
      redirect("fail", "refresh");
  }
}

public function logout() {
  $this->session->unset_userdata('user');
  session_destroy();
  redirect('index', 'refresh');
}

}

图片转代码服务由CSDN问答提供 功能建议

我正在使用codeigniter,我正在做一个auth系统 - 用户可以登录,他可以看到所有 页面,他可以退出后。 接下来的问题是:为什么注销用户可以看到所有页面而无需登录。如何更正? 这是我的控制器:

 &lt;?php if(!defined('BASEPATH'))exit('不允许直接访问脚本'); 
 
class用户扩展 CI_Controller {
 
公共函数__construct(){
 parent :: __ construct(); 
 $ this-&gt; load-&gt; helper(array('url','form')); 
 $ this-  &gt; load-&gt; model(“usermodel”); 
 $ this-&gt; load-&gt; library('session'); 
} 
 
private函数视图($ page,$ data = false){  
 if($ page ==“auth / login”){
 $ this-&gt; load-&gt; view(“auth / header_auth.php”); 
} else {
 $ this-&gt; load  - &gt; view(“header.php”); 
} 
 
 $ this-&gt; load-&gt; view($ page,$ data); 
 $ this-&gt; load-&gt; view(  “footer.php”); 
} 
 
公共函数索引(){
 if($ this-&gt; session-&gt; userdata(“user”)){
 redirect(“dashboard”,“refresh”  “); 
返回; 
} 
 $ this-&gt; view(”auth / login“); 
} 
 
公共函数失败(){
 $ this-&gt; view(”auth / 登录“); 
 
} 
 
公共功能仪表板(){
 $ this-&gt; view(”auth / dashboard“); 
} 
 
公共功能登录(){
  $ login = $ this-&gt; input-&gt; post(“login”); 
 $ password = $ this-&gt; input-&gt; post(“password”); 
 if($ this-&gt; usermodel  - &gt;登录($ login,$ password)){
 $ this-&gt; session-&gt; set_userdata(“user”,$ login); 
 redirect(“dashboard”,“refresh”); 
}  else {
 redirect(“fail”,“refresh”); 
} 
} 
 
公共函数logout(){
 $ this-&gt; session-&gt; unset_userdata('user'); 
  session_destroy(); 
 redirect('index','refresh'); 
} 
 
} 
   
 
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • duancan9815
    duancan9815 2017-08-14 09:46
    已采纳

    you must check if user is logged in at beginning of each function which must have user privileges to view

    if (!$this->session->userdata("user")) {
      redirect("auth/login", "refresh");
    }
    

    I am assuming that your view function can only be viewed if a user is logged in, change

    private function view($page, $data=false) {
        if($page == "auth/login" ){
            $this->load->view("auth/header_auth.php");
        }else{
          $this->load->view("header.php");
      }
    
       $this->load->view($page, $data);
       $this->load->view("footer.php");
     }
    

    to this

    private function view($page, $data=false) {
    if (!$this->session->userdata("user")) {
        redirect("auth/login", "refresh");
    }
        if($page == "auth/login" ){
            $this->load->view("auth/header_auth.php");
        }else{
          $this->load->view("header.php");
      }
    
       $this->load->view($page, $data);
       $this->load->view("footer.php");
     }
    

    Update

    also your dashboard can be viewed by everyone, to make it viewable only by logged in user do this:

    public function dashboard() {
      if (!$this->session->userdata("user")) {
        redirect("auth/login", "refresh");
      }
      $this->view("auth/dashboard");
    }
    
    点赞 评论

相关推荐