Professional CodeIgniter

(singke) #1

Chapter 6: Creating a Dashboard


150


CREATE TABLE ‘admins’ (
‘id’ INT NOT NULL AUTO_INCREMENT ,
‘username’ VARCHAR( 16 ) NOT NULL ,
‘email’ VARCHAR( 255 ) NOT NULL ,
‘status’ ENUM( ‘active’, ‘inactive’ ) NOT NULL ,
‘password’ VARCHAR( 16 ) NOT NULL ,
PRIMARY KEY ( ‘id’ ) ,
UNIQUE (
‘username’ ,
‘email’
)
);

At this point, you ’ re noticing that the password field in the admins table is storing plaintext passwords.
You also notice that the login feature in this chapter is created without a bit of encryption or other
protections.

Although you are introduced to a lot of this in Chapter 9 , in this chapter, you build out the user admin
area of the dashboard and incorporate some security measures there to keep passwords secure.

Once you have the database table built, use phpMyAdmin or another tool to create an administrative
account for Claudia. You ’ ll be using the account credentials to gain access, so keep it simple for now.
A good suggestion would be to use a username of admin with a password of kids.

Now that the table is built, create a model for admins called MAdmins in the /system/application/
models/ folder. At this moment, all you need is a single function in that model — one that verifies the
existence of an active admin with a certain username and password.

If a user successfully logs in, you want to set some PHP session data (like the user ’ s ID and username)
for use at a later time — for example, to display on the admin dashboard or for checking to make sure
she has the right to be in the admin dashboard without having to requery the database.

class MAdmins extends Model{

function MAdmins(){
parent::Model();
}

function verifyUser($u,$pw){
$this- > db- > select(‘id,username’);
$this- > db- > where(‘username’,$u);
$this- > db- > where(‘password’, $pw);
$this- > db- > where(‘status’, ‘active’);
$this- > db- > limit(1);
$Q = $this- > db- > get(‘admins’);
if ($Q- > num_rows() > 0){
$row = $Q- > row_array();
$_SESSION[‘userid’] = $row[‘id’];
$_SESSION[‘username’] = $row[‘username’];
}else{
Free download pdf