Codeigniter中的登录会话问题

时间:2020-04-04 08:21:18

标签: php html codeigniter web codeigniter-3

我创建了具有多级功能的登录表单,多级代码正在运行,但是在会话中出现问题,当我以管理员身份登录到我的帐户并直接转到管理控制台时,我仍然可以直接使用返回页面重新登录页面,所以我错过了什么?

我的登录控制器:

<?php
defined('BASEPATH') or exit('No direct script access allowed');

class Login extends CI_Controller
{
    function __construct()
    {
        parent::__construct();
        $this->load->model('login_model');
        $this->load->library('session');
        $this->load->helper('url');
        // $this->load->library('form_validation');
    }

    function index()
    {

            $datatitle['title'] = 'Login LPPM UTY';
            $this->load->view('auth/tamplate/auth_header', $datatitle);
            $this->load->view('auth/login_v');
            $this->load->view('auth/tamplate/auth_footer');

    }

    function auth()
    {
        $username = htmlspecialchars($this->input->post('username', TRUE), ENT_QUOTES);
        $password = htmlspecialchars($this->input->post('password', TRUE), ENT_QUOTES);
        $cek_admin = $this->login_model->auth_admin($username,$password);

        if ($cek_admin->num_rows() > 0) { //jika login sebagai admin
            $data = $cek_admin->row_array();
            $this->session->set_userdata('masuk', TRUE);
            if ($data['level'] == '1') 
            { //Akses admin

                $this->session->set_userdata('akses', '1');
                $this->session->set_userdata('user', $data['username']);
                $this->session->set_userdata('name', $data['name']);
                redirect('admin');
            } else { // jika username dan password tidak ditemukan atau salah
                $url = base_url();
                echo $this->session->set_flashdata('notif', '<div class="alert 
                    alert-danger" role="alert">Username Atau Password Salah
                    </div>');
                redirect($url);
            }
        } else { //jika login sebagai dosen
            $cek_dosen = $this->login_model->auth_dosen($username, $password);
            if ($cek_dosen->num_rows() > 0) {
                $data = $cek_dosen->row_array();
                $this->session->set_userdata('masuk', TRUE);
                ($data['level'] == '2');
                $this->session->set_userdata('akses', '2');
                $this->session->set_userdata('user', $data['username']);
                $this->session->set_userdata('name', $data['name']);
                redirect('dosen');
            } else {  // jika username dan password tidak ditemukan atau salah
                $url = base_url();
                echo $this->session->set_flashdata('notif', '<div class="alert 
                    alert-danger" role="alert">Username Atau Password Salah
                    </div>');
                redirect($url);
            }
        }
    }

      function logout(){
          $this->session->sess_destroy();
          redirect('login');
      }
}

模型login_model:

<?php
defined('BASEPATH') or exit('No direct script access allowed');

class Login_model extends CI_Model
{
    function auth_admin($username, $password)
    {
        $query = $this->db->query("SELECT * FROM admin_login WHERE username='$username' AND password=md5('$password') LIMIT 1");
        return $query;
    }

    //cek username dan password pengajar
    function auth_dosen($username, $password)
    {
        $query = $this->db->query("SELECT * FROM dosen_login WHERE username='$username' AND password=md5('$password') LIMIT 1");
        return $query;
    }

}

管理员控制器:

<?php

class Admin extends CI_Controller
{
    function __construct()
    {
        parent::__construct();
        $this->load->library('session');
        $this->load->model('m_admin');
        if ($this->session->userdata('masuk') != TRUE) {
            $this->load->helper('url');
            redirect('login');
        }
    }
    function index()
    {
        if($this->session->userdata('akses') =='1'){     

            $datatitle['title'] = 'Beranda Admin';
            $this->load->view("dashboard/admin/header_admin_v", $datatitle);        
            $this->load->view("dashboard/admin/home_admin_v");  
            $this->load->view("dashboard/admin/footer_admin_v");
        } else {
            echo "Access Denied";
        }
    }
    public function show_dosen($nidn){
        if($this->session->userdata('akses') == '1'){
            $nidn = array('nidn' => $nidn);
            $data['dosen'] = $this->m_admin->edit_tampil($nidn,'data_dosen')->result();
            $info = $this->m_admin->edit_tampil($nidn,'data_dosen')->result();
            $user = $this->m_admin->edit_tampil($nidn,'dosen_login')->result();
            $dataa = array(
                'info' => $info,
                'user' => $user
            );
            $this->load->view('dosen/dosen_data',$dataa);              
        }
        else{            
            echo '<script type="text/javascript">alert("Sesi habis! Login Lagi!")</script>'; 
            $this->load->view('login');
        }         
    }
}

2 个答案:

答案 0 :(得分:0)

生成会话以了解管理员是否已登录-

$this->session->set_userdata('is_admin_login', 1)

检查会话是否在您的登录网址(控制器)上生成-

function index(){
    if ($this->session->userdata('is_admin_login')) {
        redirect('admin/home');  // redirect to desired location
    }

    $datatitle['title'] = 'Login LPPM UTY';
    $this->load->view('auth/tamplate/auth_header', $datatitle);
    $this->load->view('auth/login_v');
    $this->load->view('auth/tamplate/auth_footer');
}

答案 1 :(得分:0)

检查构造中的会话

function __construct ()
    {
        parent ::__construct ();

        if ($this -> session -> userdata ( "akses" ) == 1) {
            redirect ( "admin/dashboard" , "refresh" );
        }
        if ($this -> session -> userdata ( "akses" ) == 2) {
            redirect ( "user/dashboard" , "refresh" );
        }
    }
相关问题
最新问题