patternphpMinor
Is this good login process in CodeIgniter?
Viewed 0 times
thisprocesslogingoodcodeigniter
Problem
I'm creating my first login process in CodeIgniter. I'm using the simpleloginsecure library for actual session management but I wrote the controller and model myself and I was hoping if you could see any flaws in it.
My User_model Class
My User Controller class
My User_model Class
simpleloginsecure->login($email, $password)) {
return true;
}
return false;
}
}
?>My User Controller class
load->model('user_model');
}
public function index() {
if($this->session->userdata('logged_in')) {
redirect('/user/dashboard/', 'location');
} else {
$data['message'] = 'You need to be logged in to view the administration area';
$this->load->view('user/login', $data);
}
}
public function dashboard() {
if($this->session->userdata('logged_in')) {
$data['title'] = 'Welcome';
$this->load->view('user/dashboard', $data);
} else {
$data['message'] = 'You need to be logged in to view the administration area';
redirect('/user/login/', 'location');
}
}
public function login() {
if($this->session->userdata('logged_in')) {
redirect('/user/dashboard/', 'location');
}
$this->form_validation->set_rules('email', 'E-mail', 'trim|required|valid_email');
$this->form_validation->set_rules('password', 'Wachtwoord', 'trim|required|min_length[4]|max_length[32]');
if($this->form_validation->run() == FALSE) {
$this->index();
} else {
if($this->user_model->login($this->input->post('email'), $this->input->post('password'))) {
redirect('/user/dashboard/', 'location');
} else {
$this->index();
}
}
}
public function logout() {
$this->simpleloginsecure->logout();
redirect('/user/login/', 'location');
}
}Solution
- Simply use
return $this->simpleloginsecure->login($email, $password)in the login method.
redirect('/user/xxx')is enough, sincelocationis the default redirect type.
- Since you're doing a
redirect(),$data['message']is probably "dead code" here. Use CodeIgniter's Flashdata instead.
- `
should be handled in the view, the controller only needs to say there's an error. For example:$data['message'] = array('error' => 'This is my error text');`
- Trimming passwords is dangerous: what if my password starts with a space? Also, a space will look like a real character in an HTML password form, it makes no sense to trim it.
- When the validation fails, redirect to the login form and use flashdata to explain what got wrong.
Context
StackExchange Code Review Q#9966, answer score: 3
Revisions (0)
No revisions yet.