Professional CodeIgniter

(singke) #1

Chapter 6: Creating a Dashboard


184


Figure 6-14

Creating the Admin Delete Function


Finally, here ’ s the delete() function in the admin/admins controller. Just as with products and
categories, you ’ ve decided to set an admin user ’ s status to inactive instead of deleting him.

function delete($id){

$this- > MAdmins- > deleteUser($id);
$this- > session- > set_flashdata(‘message’,’User deleted’);
redirect(‘admin/admins/index’,’refresh’);
}

Securing Passwords


Security is one of those things that shouldn ’ t wait for a refactoring iteration somewhere down the line.
Why not? Because the call may come tomorrow to ship your code “ stat, ” and if the application is
working, it will likely ship with whatever gaping security holes you ’ ve left in it.

At this point, one of the biggest gaping security holes is the fact that the application deals with plaintext
passwords. It stores plaintext passwords in the database, and it compares plaintext passwords provided
by the user to whatever is stored in the database. Anyone who is able to break into the database will
have a list of available user passwords that he can fool around with to his heart ’ s content.
Free download pdf