I have following measures to secure admin part:
is_logged_in -> This can be 0 or 1
admin -> checks if the user is admin or not (values are 0 or 1)
And before any function inside admin controller or controller that have something to do with administration of the web site I call function to check if the user is logged in and is he an administrator? Is this enough? If it is not, what can I do to make admin part more secure?
分享 One simple form of session is
$data = array(
"admin" => $username,
"is_logged_in" => true
);
$this->session->set_userdata($data);
But you can store in session also the id (if you need it) or something else.
And if you want to check it, you can do it like this
if (!isset($this->session->userdata['admin'])) {
redirect('admin/login'); // for example
}
I prefer to store in DB the Session.
For more, read http://ellislab.com/codeigniter/user-guide/libraries/sessions.html
分享
