• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How do I 'properly' protect a controller?

A controller is called by a route; so really its about (in my thinking protecting your route) lets say i have a url segment after domain /removeBlog which is defined in a route :


Using a filter and code i can first before going using Class and method (Blog::delBlogForm)
do some checking via a filter.

I have a class called " MyFilter3.php" (located in apache at /var/www/htdocs/CI4.0.4/app/Filters/) which has :

public function before(RequestInterface $request, $arguments = null)
           $logic=isset($_SESSION['role']) ;
            return redirect('spam');

how this works is that if admin is not logged in and therefore a SESSION variable is not set/null etc
then what happens is that for the url : http://mydomain.com/removeBlog they will (if not logged in) simply be brushed off to a custom page "does not exist "

Note you have to declare your filters in app/Config/Filters.php as example :

public $filters = [
    'myfilter3' => ['before' => ['removeBlog']],

if admin "IS Loggedin " and goes to url /removeBlog then they will see loaded a "view" which has a form where arguments such as blogId can be entered. The form gets submitted via "POST" to another Blog Class method to process. I have similar filter protection on that as well !

Messages In This Thread
RE: How do I 'properly' protect a controller? - by captain-sensible - 09-24-2020, 08:13 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.