Welcome Guest, Not a member yet? Register   Sign In
How do I 'properly' protect a controller?
#2

(This post was last modified: 09-24-2020, 08:28 AM by captain-sensible.)

A controller is called by a route; so really its about (in my thinking protecting your route) lets say i have a url segment after domain /removeBlog which is defined in a route :

Code:
$routes->get('removeBlog','Blog::delBlogForm');


Using a filter and code i can first before going using Class and method (Blog::delBlogForm)
do some checking via a filter.

I have a class called " MyFilter3.php" (located in apache at /var/www/htdocs/CI4.0.4/app/Filters/) which has :

Code:
public function before(RequestInterface $request, $arguments = null)
        {
            session_start();
    
           $logic=isset($_SESSION['role']) ;
           if($logic==false)
           {
            return redirect('spam');
  
           }

how this works is that if admin is not logged in and therefore a SESSION variable is not set/null etc
then what happens is that for the url : http://mydomain.com/removeBlog they will (if not logged in) simply be brushed off to a custom page "does not exist "

Note you have to declare your filters in app/Config/Filters.php as example :

Code:
public $filters = [
    
    
    
    'myfilter3' => ['before' => ['removeBlog']],


if admin "IS Loggedin " and goes to url /removeBlog then they will see loaded a "view" which has a form where arguments such as blogId can be entered. The form gets submitted via "POST" to another Blog Class method to process. I have similar filter protection on that as well !
Reply


Messages In This Thread
RE: How do I 'properly' protect a controller? - by captain-sensible - 09-24-2020, 08:13 AM



Theme © iAndrew 2016 - Forum software by © MyBB