Professional CodeIgniter, Thomas Myer
Chapter 9: Security and Performance
285
$data[`colors'] = $this-
>
MColors-
>
getActiveColors();
$data[`sizes'] = $this-
>
MSizes-
>
getActiveSizes();
if (!count($data[`product'])){
redirect(`admin/products/index','refresh');
}
$this-
>
load-
>
vars($data);
$this-
>
load-
>
view(`dashboard');
}
}
Here is the
edit()
function of the admin/sizes controller:
function edit($id=0){
if ($this-
>
input-
>
post(`name')){
$this-
>
MSizes-
>
updateSize();
$this-
>
session-
>
set_flashdata(`message','Size updated');
redirect(`admin/sizes/index','refresh');
}else{
$data[`title'] = "Edit Size";
$data[`main'] = `admin_sizes_edit';
$data[`size'] = $this-
>
MSizes-
>
getSize($id);
if (!count($data[`size'])){
redirect(`admin/sizes/index','refresh');
}
$this-
>
load-
>
vars($data);
$this-
>
load-
>
view(`dashboard');
}
}
Finally, there is no
edit()
function in the admin/subscribers controller, so you ' re done!
Encrypting Sessions
So far, you ' ve been using sessions without any encryption at all. This means that anyone who attempts
to intercept the CodeIgniter session cookie will be able to read whatever is in it. You can remedy this
situation easily enough by opening the config.php file (in the /system/application/config folder) and
changing two settings.
The first is to set
$config[`sess_encrypt_cookie']
to TRUE:
$config[`sess_encrypt_cookie'] = TRUE;
The second is to set a value for
$config[`encryption_key']
. Choose a random string of 32
characters, using numbers and upper - and lowercase letters. Don ' t just use a word from a dictionary, and
don ' t just type the same keys over and over again from your keyboard (i.e., asdfhughugasdf , etc.). Make
it as random as you possibly can -- one way to do that is to take a random bunch of letters and numbers
and run it through the PHP
don ' t just type the same keys over and over again from your keyboard (i.e., asdfhughugasdf , etc.). Make
it as random as you possibly can -- one way to do that is to take a random bunch of letters and numbers
and run it through the PHP
sha1()
function, which should return 32 characters.
Once you ' ve done both of these things, place your config.php file on the server and click around. Then
look inside your session cookie. Session data encrypted!
look inside your session cookie. Session data encrypted!
c09.indd 285
c09.indd 285
6/10/08 5:38:04 PM
6/10/08 5:38:04 PM