Professional CodeIgniter, Thomas Myer

Chapter 6: Creating a Dashboard
184
Figure 6-14


Creating the Admin Delete Function
Finally, here ' s the
delete()

function in the admin/admins controller. Just as with products and
categories, you ' ve decided to set an admin user ' s status to inactive instead of deleting him.
function delete($id){
$this-
>
MAdmins-
>
deleteUser($id);
$this-
>
session-
>
set_flashdata(`message','User deleted');
redirect(`admin/admins/index','refresh');
}


Securing Passwords

Security is one of those things that shouldn ' t wait for a refactoring iteration somewhere down the line.
Why not? Because the call may come tomorrow to ship your code " stat, " and if the application is
working, it will likely ship with whatever gaping security holes you ' ve left in it.

At this point, one of the biggest gaping security holes is the fact that the application deals with plaintext
passwords. It stores plaintext passwords in the database, and it compares plaintext passwords provided
by the user to whatever is stored in the database. Anyone who is able to break into the database will
have a list of available user passwords that he can fool around with to his heart ' s content.
c06.indd 184
c06.indd 184
6/10/08 5:36:10 PM
6/10/08 5:36:10 PM


Другие страницы

 
Cкачать книги бесплатно без регистрации в электронном виде (pdf, chm, txt).Вы можете читать книги онлайн на нашем сайте литературного портала книг.Большая подборка учебников, пособий, интересных книг.Электронные книги на английском языке скачать бесплатно без смс.