I have a question regarding my codeigniter login script. It's not very complex but it works great. My question is, when a user is logged they get redirected to another part of my website, which is what I want but if that user loggs out, they or (anyone for that matter) still has access to the logged in URL. How do I make it so the URL is private?
For example, anyone has access to the below URL. How do I make sure the URL is private? mywebsite.com/_states/site/members_area
Thanks Everyone
Site Controller
function validate_credentials()
{
$this->load->model('model_data');
$query = $this->model_data->validate_users();
if($query){
$data = array(
'username' => $this->input->post('username'),
'email' => 'johndoe@some-site.com',
'is_logged_in' => TRUE
);
$this->session->set_userdata($data);
redirect('site/members_area',$data);
} else {
$this->login();
}
}
Model_data extends CI_Model
function validate_users()
{
$this->db->where('username', $this->input->post('username'));
$this->db->where('password', md5($this->input->post('password')));
$query = $this->db->get('members');
if ($query->num_rows == 0){
}
if ($query->num_rows == 1){
return true;
}
}
members_area URL
<?php
echo 'Welcome!'.'<br>';
$session_id = $this->session->userdata('session_id').'<br>';
$whatever = $this->session->userdata('is_logged_in').'<br>';
$email = $this->session->userdata('email').'<br>';
$username = $this->session->userdata('username').'<br>';
echo 'This is the session ID = '."$session_id".'<br>';
echo 'This is the boolean, 1 means true = User Logged In = '."$whatever".'<br>';
echo 'This is the user "foo" email = '."$email".'<br>';
echo 'This is the user username = '."$username".'<br>';
echo anchor('site/logout', 'Logout!');
?>
You need to check if the session variable is set:
if($this->session->userdata('is_logged_in')) {
// The user has logged in
}