成功登录Codeigniter后无法限制用户活动 [英] Not able to restrict user activities after successful login in codeigniter

问题描述

我有一个登录过程，用户可以在登录后查看其仪表板。

i have a login process where the user can view his dashboard after login.

控制器中的代码：

$adminid = $this->am->login_admin($email, $password); 
if ($adminid) {
    $admin_data = array(
        'adminid' => $adminid,
        'email' => $email,
        'logged_in' => true,
        'loggedin_time' => time()
    );
    $this->session->set_userdata($admin_data);
    $this->session->set_flashdata('login_success', 'You are logged in');

    redirect('Admin_dashboard/dashboard/' . $adminid);
} else {
    $this->session->set_flashdata('login_failed', 'Invalid login!!');
    redirect('admin/index');
}

成功登录后，用户将重定向到以下URL

After successful login the user is getting redirected to the following url

localhost/project/Admin_dashboard/dashboard/1

问题是，如果用户手动将URL更改为类似这样的内容-

The issue is that if the user manually changes the url to something like this-

localhost/project/Admin_dashboard/dashboard/2

他能够访问ID为2的用户的数据，而无需登录

he is able to access the data of user whose id is 2 without login

要解决该问题，我尝试在视图中使用以下条件

To solve the issue i tried using the following codition in the view

<?php if($this->session->userdata('logged_in')): ?>
<? endif; ?>

但是第二个URL仍然可以访问

However the 2nd url is still accessible

登录后，用户将被重定向到仪表板，该仪表板还包含其他几页，例如个人资料页，付款页等，其中仅包含与他有关的数据。

After login the user gets redirected to dashboard that also contains few other pages such as profile page, payment page etc which contains data that is only related to him.

我希望登录后他应该能够通过更改url来查看他的所有页面，但不能查看其他任何人的数据

I want that after login he should be able to see all his pages but not anyone else data by changing the url

推荐答案

只需做一件事，而不是将$ adminid与url一起传递，而是将session与adminid一起使用，因为您还将值存储在session中。

Simply do one thing, instead of passing $adminid with the url, get the adminid with session, because you also storing values in session.

代替

redirect('Admin_dashboard/dashboard/' . $adminid);

使用此

redirect('Admin_dashboard/dashboard');

并在Controller的仪表板功能内使用此

and inside the dashboard function in Controller use this

public function dashboard (){
$admin_data = $this->session->userdata('admin_data');
if(!isset($admin_data['adminid']) || empty($admin_data['adminid'])){
    //Error message Login First
    redirect('admin/index');
}

$adminid = $admin_data['adminid'];
//Proceed with this $adminid
}

这篇关于成功登录Codeigniter后无法限制用户活动的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！