1
我有一个问题,我可以编辑所有用户配置文件。但我想,我只能编辑我的个人资料。也许你可以帮助我。该代码工作,如果我想修改自己的个人资料一样Codeigniter以用户编辑只有自己的配置文件
域/成员/用户/管理/ 1
但我可以编辑/成员/用户/管理/ 2也和多数民众的问题。
控制器Users.php
public function manage($id = NULL) {
if($this->session->userdata('type') == 'user') {
$data = array();
if ($id) {
$this->{$this->model}->{$this->_primary_key} = $id;
$data['item'] = $this->{$this->model}->get();
if (!$data['item'])
show_404();
} else {
$data['item'] = new Std();
}
$this->load->library("form_validation");
$this->form_validation->set_rules('username', 'Username', 'trim|required');
$this->{$this->model}->custom_select = 'users.*, teams.title as teams';
$this->{$this->model}->joins = array('teams' => array('teams.teams_id = users.teams_id', 'inner'));
$this->form_validation->set_rules('firstname', 'firstname', 'trim|required');
$this->form_validation->set_rules('lastname', 'lastname', 'trim');
$this->form_validation->set_rules('sex', 'sex', 'trim');
$this->form_validation->set_rules("image3", 'image3', "trim|callback_image3[$id]");
$this->form_validation->set_rules("email", 'Email', "trim|required|valid_email");
if ($id)
$this->form_validation->set_rules('password', 'Password', 'trim');
else
$this->form_validation->set_rules('password', 'Password', 'trim');
if ($this->form_validation->run() == FALSE)
$this->load->view($this->module . '/manage', $data);
else {
$this->users_model->username = $this->input->post('username');
$this->users_model->email = $this->input->post('email');
$this->users_model->firstname = $this->input->post('firstname');
$this->users_model->lastname = $this->input->post('lastname');
$this->users_model->sex = $this->input->post('sex');
if (strlen($this->input->post('password')) > 0)
$this->{$this->model}->password = md5($this->input->post('password'));
$this->{$this->model}->save();
redirect('member/' . $this->module);
}
}else{
exit('Hacking Attempt: Get out of the system ..!');
}
}
Users_model.php
<?php
class Users_model extends CI_model
{
public $_table = 'users';
public $_primary_keys = array('user_id');
}
制作角色为会话和检查,如果(角色==用户)不是重定向到其它页面或给消息,你不能修改这个细节。 –
为安全起见,MD5被认为是破坏的,并且不足以进行密码散列。使用['password_hash()'](http://us3.php.net/manual/en/function.password-hash.php)和['password_verify()'](http://us3.php.net/ manual/en/function.password-verify.php)。如果您使用的是5.5之前的PHP版本,则可以使用[此兼容包](https://github.com/ircmaxell/password_compat)。 –