Access controls
In this section, let us begin by locking down the access for a user logged-in as a student. We will be making a few changes to facilitate this change. The first change will be adding new session variables to carry more information about the user. We will make this change to the login method in the Login_Model class. In the following snippet, we have modified the SQL to fetch the username and student ID. We are then adding the student ID to the session variables in the models/login_model.php file, as shown in the following code:
public function login($username, $password){
$st = $this->db->prepare("SELECT student_id, username FROM students WHERE username = :username AND password = :password");
$st->execute(array(':username' => $username,':password' => SHA1($password)));
$data = $st->fetch(PDO::FETCH_ASSOC);
$hasData = $st->rowCount();
if($hasData >0){
Session::set('loggedin',true);
Session::set('username',$data['username']);
Session...
