Security in CodeIgniter Framework


In CodeIgniter Project, Open autoload.php file in config folder. Add form and url helper to helper config as below:

$autoload['helper'] = array('form', 'url');

In CodeIgniter Project, Open autoload.php file in config folder. Add session library to libraries config as below:

$autoload['libraries'] = array('session');

In CodeIgniter Project, Open config.php file in config folder. Set value for base_url config as below:

$config['base_url'] = 'http://localhost:9092/LearnCodeIgniterWithRealApps/';




In CodeIgniter Project, Open config.php file in config folder. Add new autoload method at the end of the file as below:

function __autoload($class)
{
    if (substr($class,0,3) !== 'CI_')
    {
        if (file_exists($file = APPPATH . 'core/' . $class . '.php'))
        {
            include $file;
        }
    }
}

Create new PHP file named My_Admin_Controller.php in application/core folder as below:

<?php defined('BASEPATH') OR exit('No direct script access allowed');

class My_Admin_Controller extends CI_Controller
{
	function __construct()
	{
		parent::__construct();
        if ($this->session->userdata('username_admin')==null) {
			redirect('admin/account/index');
		}
	}
}

?>

Create new PHP file named home.php in controllers folder as below:

<?php
defined('BASEPATH') or exit('No direct script access allowed');

class Home extends CI_Controller
{

    function index()
    {
        $this->load->view('home/index');
    }
}

In CodeIgniter Project, Open routes.php file in config folder. Set value for default_controller as below:

$route['default_controller'] = 'home';

Create new folder named home in views folder. In this folder, create new views as below:

Create new PHP file named index.php as below:

<?php defined('BASEPATH') or exit('No direct script access allowed'); ?>
<html>
	<head>
		<title>Home</title>
	</head>
	<body>

		<h3>Home Page</h3>

	</body>
</html>




Create new folder named admin in controllers folder. In this folder, create new controllers as below:

Create new PHP file named account.php as below:

<?php
defined('BASEPATH') or exit('No direct script access allowed');

class Account extends CI_Controller
{

    public function index()
    {
        $this->load->view('admin/account/index');
    }

    public function login()
    {
        $username = $this->input->post('username');
        $password = $this->input->post('password');
        if ($username == 'pmk' && $password == 'lab') {
            $this->session->set_userdata(array(
                'username_admin' => $username
            ));
            $this->load->view('admin/account/welcome');
        } else {
            $data['error'] = "Invalid Account";
            $this->load->view('admin/account/index', $data);
        }
    }

    public function logout()
    {
        $this->session->unset_userdata('username_admin');
        return redirect('admin/account');
    }
}

Create new PHP file named product.php as below:

<?php
defined('BASEPATH') or exit('No direct script access allowed');

class Product extends My_Admin_Controller
{

    public function index()
    {
        $this->load->view('admin/product/index');
    }
}

Create new folder named admin in views folder. In this folder, create new views as below:

Create new folder named account. In this folder, create new views as below:

Create new php file named index.php as below:

<?php defined('BASEPATH') or exit('No direct script access allowed'); ?>
<html>
	<head>
		<title>Login</title>
	</head>
	<body>

		<?php echo isset($error) ? $error : ''; ?>
        <?php echo form_open('admin/account/login'); ?>
        <table cellpadding="2" cellspacing="2">
        	<tr>
        		<td>Username</td>
        		<td><input type="text" name="username"></td>
        	</tr>
        	<tr>
        		<td>Password</td>
        		<td><input type="password" " name="password"></td>
        	</tr>
        	<tr>
        		<td>&nbsp;</td>
        		<td><input type="submit" value="Login"></td>
        	</tr>
        </table>
        <?php echo form_close(); ?>

	</body>
</html>

Create new php file named welcome.php as below:

<?php defined('BASEPATH') or exit('No direct script access allowed'); ?>

<html>
	<head>
		<title>Welcome</title>
	</head>
	<body>

        Welcome <?php echo $this->session->userdata('username_admin'); ?>
        <br>
        <a href="<?php echo site_url('admin/account/logout'); ?>">Logout</a>

	</body>
</html>

Create new folder named product. In this folder, create new views as below:

Create new php file named index.php as below:

<?php defined('BASEPATH') or exit('No direct script access allowed'); ?>
<html>
	<head>
		<title>Product List - Admin Panel</title>
	</head>
	<body>

		<h3>Product List - Admin Panel</h3>

	</body>
</html>




Access index action in Demo controller with following url: http://localhost:9092/LearnCodeIgniterWithRealApps/home/index

Output

Access index action in product controller with following url: http://localhost:9092/LearnCodeIgniterWithRealApps/admin/product/index site will redirect to url http://localhost:9092/LearnCodeIgniterWithRealApps/admin/account/index

Test with invalid account is username: abc and password: 123

Output

Test with valid account is username: pmk and password: lab

Output

Access index action in product controller with following url: http://localhost:9092/LearnCodeIgniterWithRealApps/admin/product/index

I recommend you refer to the books below to learn more about the knowledge in this article: