Are functions inside of models directly accessible by users?
Can a user pass arguments directly to a function in a model? Or, do arguments have to be passed through php?
In otherwords:
I have a model called notifications and in there a function called get_notifs($user)… I use the controller to call the function like the get_notifs($_SESSION['user_id']) (which is encrypted). I don’t want someone to be able to call get_notifs() with anything but their $_session as a argument. What is the best solution?
- Am I already okay?
- Should I rename
get_notifs()to
_get_notifs()? - Should I check the
$_SESSION['user_id']in the method
itself? - Or, is there another better solution
than any of these?
I have a controller: ajax.php which loads the model notification
function __construct()
{
parent::__construct();
$this->load->helper('url');
$this->load->library('tank_auth');
$this->load->model('notification');
$this->load->model('search');
}
function get_notifs()
{
$me = $this->session->userdata('user_id');
if ($e = $this->notification->get_notif($me))
{
...........
}
else{
echo "nothing was found wtf?";
}
…………………………………………………
model: notification.php
function get_notifs($user){
......
}
Your code is perfectly fine!
get_notifs()to_get_notifs()?$_SESSION['user_id']in the method itself?it sounds liek your application may be used by people other then yourself, i.e the public developers, why would you want enforce developers to code things your way, that’s going to make them upset at your application.
CI Only routes requests to a controller, the user cannot access a model or library or any other class, the route goes like so:
/controller/method/paramthe first segment will only ever load a controller file, the second will call the method in the param, passing any other variables such as param to that method.
Source: http://codeigniter.com/user_guide/overview/appflow.html
As you can see from the flow chart above, only the controller has access to the model’s