• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How do I 'properly' protect a controller?

#2
A controller is called by a route; so really its about (in my thinking protecting your route) lets say i have a url segment after domain /removeBlog which is defined in a route :

Code:
$routes->get('removeBlog','Blog::delBlogForm');


Using a filter and code i can first before going using Class and method (Blog::delBlogForm)
do some checking via a filter.

I have a class called " MyFilter3.php" (located in apache at /var/www/htdocs/CI4.0.4/app/Filters/) which has :

Code:
public function before(RequestInterface $request, $arguments = null)
        {
            session_start();
    
           $logic=isset($_SESSION['role']) ;
           if($logic==false)
           {
            return redirect('spam');
  
           }

how this works is that if admin is not logged in and therefore a SESSION variable is not set/null etc
then what happens is that for the url : http://mydomain.com/removeBlog they will (if not logged in) simply be brushed off to a custom page "does not exist "

Note you have to declare your filters in app/Config/Filters.php as example :

Code:
public $filters = [
    
    
    
    'myfilter3' => ['before' => ['removeBlog']],


if admin "IS Loggedin " and goes to url /removeBlog then they will see loaded a "view" which has a form where arguments such as blogId can be entered. The form gets submitted via "POST" to another Blog Class method to process. I have similar filter protection on that as well !
Reply


Messages In This Thread
RE: How do I 'properly' protect a controller? - by captain-sensible - 09-24-2020, 08:13 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.