i have developed a website with cakephp 1.2. but i did not use ACL.
what i did is this
app_controller.php
function beforeFilter()
{
// if its the administrator/manager - change the layout
$admin_chk = strpos($_SERVER['REQUEST_URI'],
Configure::read('Routing.admin'));
if($admin_chk == true and $submenu_chk ==false )
{
$this->layout='admin';
$this->checkAdminSession();
}
}
function checkAdminSession() {
// if the admin session hasn't been set
if (!$this->Session->check('User') or $this->Session-
>read('Usertype') != 'admin') {
$this->Session->delete('User');
$this->Session->delete('Usertype');
$this->redirect('/users/login');
exit();
}
}
now this works perfectly fine. what i want to know is there any
security risk using this code?
Regards,
Zakir
Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
No comments:
Post a Comment