I am trying to make a login with CI which basically after the user is logged in, where he'll be redirected to either page admin/dashboard or superadmin/dashboard depending on their user type role. I've successfully loaded the views but there's something wrong with the url. After logging in, the website manages to load the right view depending on the user's type, but the url still says .../auth/login. How do I change this? I want the url to say .../admin/dashboard or .../superadmin/dashboard
This is what I've got in my controller Auth function login.
if($this->ion_auth->is_admin()){
$this->load->view('superadmin/dashboard_view');
}else if($this->ion_auth->in_group('members')){
$this->load->view('admin/dashboard_view');
}else{
redirect('/', 'refresh');
}
And here's my login form.
<?php echo form_open("auth/login");?>
<p>
<?php echo lang('login_identity_label', 'identity');?>
<?php echo form_input($identity);?>
</p>
<p>
<?php echo lang('login_password_label', 'password');?>
<?php echo form_input($password);?>
</p>
<p>
<?php echo lang('login_remember_label', 'remember');?>
<?php echo form_checkbox('remember', '1', FALSE, 'id="remember"');?>
</p>
<p><?php echo form_submit('submit', lang('login_submit_btn'));?></p>
<?php echo form_close();?>
Instead of loading views from the login you will need to redirect. This means two different controllers, one for admin
class Admin extends CI_Controller
{
public function dashboard()
{
$this->load->view('admin/dashboard_view');
}
}
And another for superadmin
class Superadmin extends CI_Controller
{
public function dashboard()
{
$this->load->view('superadmin/dashboard_view');
}
}
And controller Auth function login
if($this->ion_auth->is_admin()){
redirect('superadmin/dashboard');
}else if($this->ion_auth->in_group('members')){
redirect('admin/dashboard');
}else{
redirect('/', 'refresh');
}
Related
i have a login process where the user can view his dashboard after login.
The code in controller:
$adminid = $this->am->login_admin($email, $password);
if ($adminid) {
$admin_data = array(
'adminid' => $adminid,
'email' => $email,
'logged_in' => true,
'loggedin_time' => time()
);
$this->session->set_userdata($admin_data);
$this->session->set_flashdata('login_success', 'You are logged in');
redirect('Admin_dashboard/dashboard/' . $adminid);
} else {
$this->session->set_flashdata('login_failed', 'Invalid login!!');
redirect('admin/index');
}
After successful login the user is getting redirected to the following url
localhost/project/Admin_dashboard/dashboard/1
The issue is that if the user manually changes the url to something like this-
localhost/project/Admin_dashboard/dashboard/2
he is able to access the data of user whose id is 2 without login
To solve the issue i tried using the following codition in the view
<?php if($this->session->userdata('logged_in')): ?>
<? endif; ?>
However the 2nd url is still accessible
After login the user gets redirected to dashboard that also contains few other pages such as profile page, payment page etc which contains data that is only related to him.
I want that after login he should be able to see all his pages but not anyone else data by changing the url
Simply do one thing, instead of passing $adminid with the url, get the adminid with session, because you also storing values in session.
Instead of
redirect('Admin_dashboard/dashboard/' . $adminid);
Use this
redirect('Admin_dashboard/dashboard');
and inside the dashboard function in Controller use this
public function dashboard (){
$admin_data = $this->session->userdata('admin_data');
if(!isset($admin_data['adminid']) || empty($admin_data['adminid'])){
//Error message Login First
redirect('admin/index');
}
$adminid = $admin_data['adminid'];
//Proceed with this $adminid
}
Simply add this code to all controllers for maintaining user restrictions throughout all URLs.
Class Controller_name extends CI_Controller{
function __construct(){
parent::__construct();
if(!isset($this->session->userdata['logged_in'])){
//redirect login page
}
}
/**
Your Other Functions
**/
}
Let me know If you have anymore doubts..
set user session is valid or not in dashboard controller before load dashboard view and also check user session adminid value with uri segment value
<?php
if (!defined('BASEPATH'))
exit('No direct script access allowed');
class MY_Controller extends CI_Controller {
function __construct() {
parent::__construct();
if (!$this->session->userdata('logged_in')) {
redirect('Login', 'refresh');
}else{
$uri_admin_val=$this->uri->segment(2);
$adminid=$this->session->userdata('adminid')
if($adminid!=$uri_admin_val){
redirect('Admin_dashboard/dashboard/' . $adminid);
}
}
}
}
And extend this my controller on dashboard and other controller
<?php
if (!defined('BASEPATH'))
exit('No direct script access allowed');
class Dashboard extends MY_Controller {
public $data;
public function __construct() {
}
}
created a simple page of session, Even after logout from the page i'm still able to access the login page.
I have also destroyed all the session but still can't find any solution.
view - flashdata_home.php
<form action='add' method='post'>
<input type ='text' name='value'/>
<input type='submit' value='Enter ' />
</form>
Controller - FlashData_Controller.php
<?php
class FlashData_Controller Extends CI_Controller {
function __construct() {
parent::__construct();
$this->load->library('session');
$this->load->helper('url');
}
public function index(){
$this->load->view('flashdata_home');
}
public function add(){
// adding flash data
//$this->session->set_flashdata('item','This is me');
$this->session->set_userdata('Name',$this->input->post('value'));
//redirect to home page
// redirect('flashdata');
if($this->session->has_userdata('Name')){
$data = array('value' => $this->session->Name);
$this->load->view('adminflashdata_home',$data);
}
else
{
$this->load->view('flashdata_home');
}
}
public function logout(){
$this->session->unset_userdata('Name');
$this->session->sess_destroy('Name');
$this->load->view('flashdata_home');
}
}
view - adminflashdata_home.php
<?php
echo $value;
<li>Logout</li>
?>
Unsettling the session in CI is very simple and it looks like this.
In your Code you have unset the data but you have to unset the variable as i did.
For Single Data:
$this->session->unset_userdata('some_name');
For Array of Datas:
$array_items = array('username' => '', 'email' => '');
$this->session->unset_userdata($array_items);
For destroy the session:
$this->session->sess_destroy();
I think your problem is, though we destroy session we can still access the page that should be loaded only if the user in logged in.
For example, when user log in with correct credentials the url should look like this: localhost/app/controller/function (just for instance). And later when the user log out you will redirect back to login page. But if we type localhost/app/controller/function in url or if we click back button in browser, the browser will load the page !!! I consider your stated problem is same like this.
For this problem I always use a solution in every function of controller. Like;
class MainController extends CI_Controller {
function test {
$user_name = $this->session->userdata('user_name');
if(isset($user_name)) {
//the actual function code goes here
}
else {
//redirect to the login function
}
}
}
I hope this helped some one.. cheers..
I have an home controller who control the homepage (that is a simple landing page with no user interaction or dynamic data):
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Home extends CI_Controller {
private $data;
protected $pagedata;
function __construct()
{
parent::__construct();
if ($this->session->userdata('is_logged_in') == true) {
$this->data['nav'] = 'auth/template/homelogin_nav';
}
$this->pagedata['title'] = 'La Giumenta Bardata Cosplay & Props';
}
/**
* Index Page.
*
**/
public function index()
{
$this->load->view('template/header', $this->pagedata);
$this->load->view("template/nav", $this->data);
$this->load->view('section_header');
$this->load->view('section_about');
$this->load->view('section_services');
$this->load->view('section_portfolio');
$this->load->view('section_social');
$this->load->view('template/footer');
}
}
So basicly, if user is log in I load a certain view that correspond to a nav, if not it's loaded the normal menu.
Now, the two navs are different just for one link (one nav's view has a link to the login page and the other one has a link to the user dashboard).
I also try this:
$this->load->view($this->data);
but of course is illegal and it doesn't work.
The problem starts because I have to check for the session in the costruct and not inside the function index() or I can't check it.
Why don't you check for session inside of view?
Make one navigation and if user is logged in show dashboard, if not show login button in navigation.
Navigation view:
<ul>
<li> <?php echo anchor('home','Home'); ?> <li>
<?php if($this->session->userdata('is_logged_in')== true){
echo "<li>".anchor('dashboard','dashboard')."</li>";
echo "<li>".anchor('logout','logout')."</li>";
}else
echo "<li>".anchor('login','login')."</li>"; ?>
</ul>
Got this question here (sorry for being stupid), Just started with Codeigniter recently.
I have a login-system working fine. I tried to go to homepage while logged in with code on index-header.php:
<?php
if( !isset($_SESSION) ){
echo 'Login';
} else {
echo 'Log Out';
}
?>
And on main_view.php (homepage controller)
public function __construct() {
parent::__construct();
$this->load->library('session');
}
public function index() {
if($this->session->userdata('is_logged_in')){
$data['title'] = "Home";
$this->load->view('headfoot/header-main',$data);
$this->load->view('main_view');
$this->load->view('headfoot/footer-main');
} else {
$data['title'] = "Home";
$this->load->view('headfoot/header-main',$data);
$this->load->view('main_view');
$this->load->view('headfoot/footer-main');
}
}
}
Now, if I click logout from homepage while still logged in, it disconnects the session fine but doesn't change text back to "Login" in homepage after refresh.
In other words, it always shows text as "Logout" whether or not user is logged in.
dashboard.php (controller)
public function logout() {
$this->session->sess_destroy();
$data['title'] = "Logged out";
$data['logout_msg'] = "You have successfully logged out.";
$this->load->view('headfoot/header-login',$data);
$this->load->view('admin/login', $data);
$this->load->view('headfoot/footer-login');
}
Is it a good practice to create is_logged_in.php a separate file? If yes then how to link sessions to it?
change this:
<?php
if( !isset($_SESSION) ){
to:
<?php if($this->session->userdata('username') == null ){
i'm using 'username' here by assuming you have set username as session data when you allow user to log in.
Use $this->session->sess_destroy(); to kill session. Check this URL. Kill session by controller then use redirect.
By the way, create a file under application/core folder called MY_Controller.php and make your session things on it. If you want to learn more just google it.
I am trying to make a log in work. I am all good with the verification but is stuck when it redirects to an another controller to show the view of the logged in page. I am still new to codeigniter and is still not sure about how controllers work.
This is my controller for verifying logged in users:
function index() {
$this->form_validation->set_rules('studentid', 'studentid', 'trim|required|xss_clean');
$this->form_validation->set_rules('password', 'password', 'trim|required|xss_clean|callback_check_database');
if($this->form_validation->run() == FALSE) {
$this->load->view('v_login');
} else {
//Go to private area
redirect(base_url('c_home'), 'refresh');
}
}
Its function is to validates the user if its in the database, however when the user is successfully logged in, it won't redirect to this redirect(base_url('c_home'), 'refresh'); It tells me that
Object not found!
The requested URL was not found on this server. The link on the referring page seems to be wrong or outdated. Please inform the author of that page about the error.
If you think this is a server error, please contact the webmaster.
This is the c_home.php where it is supposed to be redirected:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class C_home extends CI_Controller {
function __construct() {
parent::__construct();
$this->load->model('m_login','',TRUE);
$this->load->helper('url');
$this->load->library(array('form_validation','session'));
}
function index() {
if($this->session->userdata('logged_in'))
{
$session_data = $this->session->userdata('logged_in');
$data['studentid'] = $session_data['studentid'];
$this->load->view('v_home', $data);
} else {
//If no session, redirect to login page
redirect('c_login', 'refresh');
}
}
function logout() {
//remove all session data
$this->session->unset_userdata('logged_in');
$this->session->sess_destroy();
redirect(base_url('c_login'), 'refresh');
}
}
is it okay to redirect a controller from another controller?
after it redicts to c_home.php
it will show the v_home.php
<!DOCTYPE html>
<head>
<title>Simple Login with CodeIgniter - Private Area</title>
</head>
<body>
<h1>Home</h1>
<h2>Welcome <?php echo $studentid; ?>!</h2>
Logout
</body>
</html>
You don't need the base_url() in the redirect. just use
redirect('c_home',refresh);
Although there are 2 things i should make you aware of, you need ('controller/function') not just ('controller'). And also make sure you're loading $this->load->helper('url') in your __construct function on both controllers.
Although just for future reference, i think this is what you meant.
redirect(base_url().'c_home',refresh)
Codeigniter's redirect function already has the site_url() embedded.
So, instead of this;
redirect(base_url('c_login'), 'refresh');
Use this, as you have earlier in your code
redirect('c_login', 'refresh');
Hope this helps