Jump to content


Security Problem

security problem

  • Please log in to reply
2 replies to this topic

#1 dontako

dontako

    Advanced Member

  • Members
  • PipPipPip
  • 30 posts
  • LocationSantiago

Posted 14 November 2012 - 06:48 PM

Hello, I have a little problem with the sessions.
I am using codeigniter session library, and that's how it works:


function _example_output($output = null)
	{
		if($this->session->userdata('logged_in'))
		{
			$session_data = $this->session->userdata('logged_in');			
			$output->ses_data = array('username' => $session_data['username'],
										'id' => $session_data['userid'],
										'permisos' => $session_data['userperms']);
			$this->load->view('home_view.php',$output);
		}
		else
		{
			//If no session, redirect to login page
			redirect('login/index/', 'refresh');
		}
	}



It works fine, when I try to access from another browser without being logged in, the problem is when I refer to Ajax_list, for example if I write

mysite.com/panel/users/

Not allow me access because it is a private area, so far so good.

but ....

mysite.com/panel/users/ajax_list

This shows the list! and I'm not logged in, any suggestions for handling sessions in this case?

Greetings!
Posted Image

#2 victor

victor

    grocery CRUD Hero

  • Advanced Member
  • PipPipPip
  • 967 posts
  • LocationMinsk

Posted 14 November 2012 - 07:15 PM

HI! Don't use the security code in that function!
You should to use it before _example_output, for example in the __construct();



class test extends CI_Controller
{
var $ses_data;
function __construct()
{
parent::__construct();

if ($this->session->userdata('logged_in'))
{
$session_data = $this->session->userdata('logged_in');
$this->user_data = array('username' => $session_data['username'],
'id' => $session_data['userid'],
'permisos' => $session_data['userperms']);
}
else
{
redirect('login/index/', 'refresh');
}
}

function manager()
{

//other code
$output = $crud->render();
$output->ses_data = $this->ses_data;
$this->load->view('home_view.php',$output);
}

}


#3 dontako

dontako

    Advanced Member

  • Members
  • PipPipPip
  • 30 posts
  • LocationSantiago

Posted 14 November 2012 - 07:30 PM

Thank you! <3
Posted Image





Also tagged with one or more of these keywords: security, problem

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users