Working with sessions

[Xtremer360]

The purpose of this code is to check the set value of the user?s status id to verify if they are even activated, banned, suspended, or deleted. I just happen to take checks to the extreme. I know if they are viewing the page they are on in my control panel they shouldn?t have been able to get to this point but they are just extra checks but that?s how I prefer to do things. My question is that am I performing these tasks correctly with in reference to the session flashdata and the redirect. What I?m wanting to do is say they have the proper credentials to view the page content but I go in and say delete their account. If they go to a different page with the same sort of if statements that it goes to the logout page and logs their session out and then also after it visits the logout page it redirects to the login page which I have already on that logout page but that on the login page if the flash data is set then it views it.

 

roster.php [controller] aids in the listing of my roster members

//permissions based code for that controller/view
//user is registered but not activated
if ($user_data->user_status_id == 1)
{
    $this->session->flashdata('message',    $this->config->item('user_account_deleted_message'));
    redirect('logout', 'refresh');
    $x++;
}
//user is suspended
if ($user_data->user_status_id == 3)
{
    $this->session->flashdata('message', $this->config->item('user_account_suspended_message'));
    redirect('logout', 'refresh');
    $x++;                
} 
//user is banned
if ($user_data->user_status_id == 4)
{ 
    $this->session->flashdata('message', $this->config->item('user_account_banned_message'));
    redirect('logout', 'refresh');
    $x++;
}
//user is deleted
if ($user_data->user_status_id == 5)
{ 
    $this->session->flashdata('message', $this->config->item('user_account_deleted_message'));
    redirect('logout', 'refresh');
    $x++;                
} 

 

logout.php

public function index()
{ 
    $this->session->keep_flashdata('message');
    $this->session->sess_destroy();
    $this->session->set_userdata(array('user_id' => '', 'username' => '', 'xtr' => '', 'role' => '', 'default_roster_id' => ''));
    redirect('login', 'refresh');
} 

 

login_form_view.php

<?php if ($this->session->flashdata('message') && (!empty($this->session->flashdata('message'))))
{
    echo '<div class="alert">'.$this->session->flashdata('message').'</div>';    
}  

[Xtremer360]

The flashdata code that is in the roster controller should actually be $this->session->set_flashdata(...

 

But somewhere in my code after it leaves the logout page and goes to login it doesn't display the flashdata message. And doesn't even create the div for it.

[Christian F.]

OK.. I think you just answered your own question there. Which would be: No, obviously not if you get an error.

 

Speaking of said question, you really shouldn't hide it in a middle of a block of text like that, and use proper punctuation to signal that it is indeed a question and not just a statement. I missed it on my first two reads, even though I notice that you said you had a question I couldn't figure out what it was at first.

 

Now, if you actually want someone to help you figure out the problem (which I suspect, and not just a confirmation on that you're doing something wrong), then you need to post the relevant code. The above is a nice preamble, but it does not show the really important part.

[Xtremer360]

There is no more relevant code. It is all shown.

[lemmin]

It is hard to give you any feedback without more info about this third-party library. Is this CodeIgniter? Have you tried posting on the CodeIgniter forums?

[Xtremer360]

I have posted on the CodeIgniter forums and have not received any help which is odd because normally I get great help on there. What more info is needed?

[Jessica]

In the future, you should tell people what framework you're using, so that you can get help faster. We aren't psychics.

 

Moved to Third party.

[Mahngiel]

The purpose of this code is to check the set value of the user?s status id to verify if they are even activated, banned, suspended, or deleted. I just happen to take checks to the extreme. I know if they are viewing the page they are on in my control panel they shouldn?t have been able to get to this point but they are just extra checks but that?s how I prefer to do things. My question is that am I performing these tasks correctly with in reference to the session flashdata and the redirect. What I?m wanting to do is say they have the proper credentials to view the page content but I go in and say delete their account. If they go to a different page with the same sort of if statements that it goes to the logout page and logs their session out and then also after it visits the logout page it redirects to the login page which I have already on that logout page but that on the login page if the flash data is set then it views it.

 

Punctuation, please use it.  I have no patience to try to read this six times just to get the idea of what you want to do.  Please separate important pieces of info onto new lines, nobody will get mad.

 

In your roster controller, why are you incrementing $x ??

 

Your error, however, is that you're destroying the session for no reason.  This means you've lost track of the current user, which means CI will generate a new one, with a new ID.  Guess what's in that? Plus, guests get sessions, too, ya know?!  Instead of killing the session (with your all-so-important message in it), just blank the details that keep your user logged in and kill the cookie.

 

Tips:

[*] User a master model to manipulate and validate the session

[*] Don't use arrays to set_userdata, it's already an array that accepts $key, $value pairs:

$this->session->set_userdata('name', 'Mahngiel');

echo $this->session->userdata('name');