HiveBrain v1.2.0
Get Started
← Back to all entries
patternphpMinor

Is this good login process in CodeIgniter?

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
thisprocesslogingoodcodeigniter

Problem

I'm creating my first login process in CodeIgniter. I'm using the simpleloginsecure library for actual session management but I wrote the controller and model myself and I was hoping if you could see any flaws in it.

My User_model Class

simpleloginsecure->login($email, $password)) {
            return true;
        }
        return false;
    }
} 

?>


My User Controller class

load->model('user_model');
    }

    public function index() {
        if($this->session->userdata('logged_in')) {
            redirect('/user/dashboard/', 'location');
        } else {
            $data['message'] = 'You need to be logged in to view the administration area';
            $this->load->view('user/login', $data);
        }
    }

    public function dashboard() {
        if($this->session->userdata('logged_in')) {
            $data['title'] = 'Welcome';
            $this->load->view('user/dashboard', $data);
        } else {
            $data['message'] = 'You need to be logged in to view the administration area';
            redirect('/user/login/', 'location');
        }

    }

    public function login() {

        if($this->session->userdata('logged_in')) {
            redirect('/user/dashboard/', 'location');
        }

        $this->form_validation->set_rules('email', 'E-mail', 'trim|required|valid_email');
        $this->form_validation->set_rules('password', 'Wachtwoord', 'trim|required|min_length[4]|max_length[32]');

        if($this->form_validation->run() == FALSE) {
            $this->index();
        } else {
            if($this->user_model->login($this->input->post('email'), $this->input->post('password'))) {
                redirect('/user/dashboard/', 'location');
            } else {
                $this->index();
            }
        }
    }

    public function logout() {
        $this->simpleloginsecure->logout();
        redirect('/user/login/', 'location');
    }

}

Solution


  • Simply use return $this->simpleloginsecure->login($email, $password) in the login method.



  • redirect('/user/xxx') is enough, since location is the default redirect type.



  • Since you're doing a redirect(), $data['message']is probably "dead code" here. Use CodeIgniter's Flashdata instead.



  • ` should be handled in the view, the controller only needs to say there's an error. For example: $data['message'] = array('error' => 'This is my error text');`



  • Trimming passwords is dangerous: what if my password starts with a space? Also, a space will look like a real character in an HTML password form, it makes no sense to trim it.



  • When the validation fails, redirect to the login form and use flashdata to explain what got wrong.

Context

StackExchange Code Review Q#9966, answer score: 3

Revisions (0)

No revisions yet.