我正在开发一个系统,用户是客户帐户的成员。 有5或6个客户端,每个客户端都有许多用户。 当用户登录时,该站点将被设置为他们所属的客户端。
我有一个函数“view_campaign”:
function view_campaign($campaignID = FALSE){ $this->load->model('client_model'); $this->load->model('campaign_model'); $data['main_content'] = 'campaign_overview'; $this->load->view('includes/template', $data); }所以在URL中例如我们有... / campaign / view_campaign / 21(例如)。 这将意味着用户访问其ID为21的广告系列。
但是我怎样才能使它安全,即作为另一个客户的成员的用户无法查看该活动? 他们只需更改网址并查看与其他客户相关的广告系列......
谢谢
I am developing a system whereby a user is a member of a Client account. There are 5 or 6 clients, and each client has a number of users. When a user logs in, the site is styled to the client they are a member of.
I have a function "view_campaign":
function view_campaign($campaignID = FALSE){ $this->load->model('client_model'); $this->load->model('campaign_model'); $data['main_content'] = 'campaign_overview'; $this->load->view('includes/template', $data); }So in the URL for example we have .../campaign/view_campaign/21 (for example). This will mean that the user gets to their campaign which has an ID of 21.
But how can I make it so it's secure i.e. users that are members of another client cant view the campaign? They could just change the URL and view campaigns related to other clients...
Thanks
最满意答案
相当广泛的问题,我不确定你的数据库结构是什么,但你想做的事情......
当用户首次登录时,您希望在会话中保存其用户ID和客户端ID。 然后,您希望在广告系列模型中拥有一个功能,该功能可获取广告系列所属的客户ID。
你的view_campaign函数看起来像
function view_campaign($campaignID = FALSE) { $this->load->model('client_model'); $this->load->model('campaign_model'); //Get the user ID and client ID from a session or something $userId = $this->session->userdata('userId'); $clientId = $this->session->userdata('clientId'); //Call a function in your model to see if the user belongs to the client $campaignClientId = $this->campaign_model->getClient($campaignID ) //If the client ID the campaign belongs to matches the client ID the user //belongs to then they can view it if($campaignClientId === $clientId ) { $data['main_content'] = 'campaign_overview'; $this->load->view('includes/template', $data); } else { //Redirect to another page } }Quite a broad question, I'm not sure what your database structure is but you want to do something like...
When the user first logs in you want to save their user ID and their client ID in a session. Then you want to have a function in your campaign model that gets the client ID a campaign belongs to.
Your view_campaign function would look something like
function view_campaign($campaignID = FALSE) { $this->load->model('client_model'); $this->load->model('campaign_model'); //Get the user ID and client ID from a session or something $userId = $this->session->userdata('userId'); $clientId = $this->session->userdata('clientId'); //Call a function in your model to see if the user belongs to the client $campaignClientId = $this->campaign_model->getClient($campaignID ) //If the client ID the campaign belongs to matches the client ID the user //belongs to then they can view it if($campaignClientId === $clientId ) { $data['main_content'] = 'campaign_overview'; $this->load->view('includes/template', $data); } else { //Redirect to another page } }更多推荐
发布评论