I create login form with multi level function, those code for multi level are work but i got problem on session, when i've login to my account as an admin and direct to admin dashboard but i still can use back page which directly to login page again, so what i've missed?
my login controller:
<?php
defined('BASEPATH') or exit('No direct script access allowed');
class Login extends CI_Controller
{
function __construct()
{
parent::__construct();
$this->load->model('login_model');
$this->load->library('session');
$this->load->helper('url');
// $this->load->library('form_validation');
}
function index()
{
$datatitle['title'] = 'Login LPPM UTY';
$this->load->view('auth/tamplate/auth_header', $datatitle);
$this->load->view('auth/login_v');
$this->load->view('auth/tamplate/auth_footer');
}
function auth()
{
$username = htmlspecialchars($this->input->post('username', TRUE), ENT_QUOTES);
$password = htmlspecialchars($this->input->post('password', TRUE), ENT_QUOTES);
$cek_admin = $this->login_model->auth_admin($username,$password);
if ($cek_admin->num_rows() > 0) { //jika login sebagai admin
$data = $cek_admin->row_array();
$this->session->set_userdata('masuk', TRUE);
if ($data['level'] == '1')
{ //Akses admin
$this->session->set_userdata('akses', '1');
$this->session->set_userdata('user', $data['username']);
$this->session->set_userdata('name', $data['name']);
redirect('admin');
} else { // jika username dan password tidak ditemukan atau salah
$url = base_url();
echo $this->session->set_flashdata('notif', '<div class="alert
alert-danger" role="alert">Username Atau Password Salah
</div>');
redirect($url);
}
} else { //jika login sebagai dosen
$cek_dosen = $this->login_model->auth_dosen($username, $password);
if ($cek_dosen->num_rows() > 0) {
$data = $cek_dosen->row_array();
$this->session->set_userdata('masuk', TRUE);
($data['level'] == '2');
$this->session->set_userdata('akses', '2');
$this->session->set_userdata('user', $data['username']);
$this->session->set_userdata('name', $data['name']);
redirect('dosen');
} else { // jika username dan password tidak ditemukan atau salah
$url = base_url();
echo $this->session->set_flashdata('notif', '<div class="alert
alert-danger" role="alert">Username Atau Password Salah
</div>');
redirect($url);
}
}
}
function logout(){
$this->session->sess_destroy();
redirect('login');
}
}
Model login_model:
<?php
defined('BASEPATH') or exit('No direct script access allowed');
class Login_model extends CI_Model
{
function auth_admin($username, $password)
{
$query = $this->db->query("SELECT * FROM admin_login WHERE username='$username' AND password=md5('$password') LIMIT 1");
return $query;
}
//cek username dan password pengajar
function auth_dosen($username, $password)
{
$query = $this->db->query("SELECT * FROM dosen_login WHERE username='$username' AND password=md5('$password') LIMIT 1");
return $query;
}
}
Admin Controller:
<?php
defined('BASEPATH') or exit('No direct script access allowed');
class Login_model extends CI_Model
{
function auth_admin($username, $password)
{
$query = $this->db->query("SELECT * FROM admin_login WHERE username='$username' AND password=md5('$password') LIMIT 1");
return $query;
}
//cek username dan password pengajar
function auth_dosen($username, $password)
{
$query = $this->db->query("SELECT * FROM dosen_login WHERE username='$username' AND password=md5('$password') LIMIT 1");
return $query;
}
}
Aucun commentaire:
Enregistrer un commentaire