dtdt0454 2017-08-14 09:41
浏览 62
已采纳

在codeigniter中授权

I'm working with codeigniter, I'm doing an auth system - user can log in, he can see all pages, after he can log out. The problem is next: why logged out user can see all pages without to be logged in. how can I correct it? This is my controller:

 <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class User extends CI_Controller {

public function __construct() {
    parent::__construct();
    $this->load->helper(array('url', 'form'));
    $this->load->model("usermodel");
    $this->load->library('session');
}

private function view($page, $data=false) {
  if($page == "auth/login" ){
        $this->load->view("auth/header_auth.php");
    }else{
        $this->load->view("header.php");
  }

  $this->load->view($page, $data);
  $this->load->view("footer.php");
}

public function index() {
  if ($this->session->userdata("user")) {
      redirect("dashboard", "refresh");
      return;
  }
  $this->view("auth/login");
}

public function fail() {
  $this->view("auth/login");

}

public function dashboard() {
  $this->view("auth/dashboard");
}

public function login() {
  $login = $this->input->post("login");
  $password = $this->input->post("password");
  if ($this->usermodel->login($login, $password)) {
      $this->session->set_userdata("user", $login);
      redirect("dashboard", "refresh");
  } else {
      redirect("fail", "refresh");
  }
}

public function logout() {
  $this->session->unset_userdata('user');
  session_destroy();
  redirect('index', 'refresh');
}

}
  • 写回答

1条回答 默认 最新

  • duancan9815 2017-08-14 09:46
    关注

    you must check if user is logged in at beginning of each function which must have user privileges to view

    if (!$this->session->userdata("user")) {
  redirect("auth/login", "refresh");
}

    I am assuming that your view function can only be viewed if a user is logged in, change 

    private function view($page, $data=false) {
    if($page == "auth/login" ){
        $this->load->view("auth/header_auth.php");
    }else{
      $this->load->view("header.php");
  }

   $this->load->view($page, $data);
   $this->load->view("footer.php");
 }

    to this

    private function view($page, $data=false) {
if (!$this->session->userdata("user")) {
    redirect("auth/login", "refresh");
}
    if($page == "auth/login" ){
        $this->load->view("auth/header_auth.php");
    }else{
      $this->load->view("header.php");
  }

   $this->load->view($page, $data);
   $this->load->view("footer.php");
 }

    Update

    also your dashboard can be viewed by everyone, to make it viewable only by logged in user do this:

    public function dashboard() {
  if (!$this->session->userdata("user")) {
    redirect("auth/login", "refresh");
  }
  $this->view("auth/dashboard");
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 做个有关计算的小程序
  • ¥15 MPI读取tif文件无法正常给各进程分配路径
  • ¥15 如何用MATLAB实现以下三个公式(有相互嵌套)
  • ¥30 关于#算法#的问题:运用EViews第九版本进行一系列计量经济学的时间数列数据回归分析预测问题 求各位帮我解答一下
  • ¥15 setInterval 页面闪烁,怎么解决
  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化