CodeIgniter Forums

Full Version: login prompt bypassed
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
i have an admin account setup in the database which allows login from login form but if someone knows the url of pages protected by login they can bypass the login

how do i protect the pages from not being viewed without login?
In your index method do a check to see if the admin is logged in,
You can do that by saving the value to the session ( logged_in = TRUE ).
1. Create a Base controller, MY_Controller, that extends CI_Controller;
2. Create Admin_controller that extends MY_Controller;
3. Create the method Admin_controller::isLoggedIn() and add appropriate logic;
4. Create Admin_base controller that extends Admin_controller;
5. Create Admin_base::login() that displays the login view and handles the form response;
6. Have every OTHER (not login()) method within Admin_base check for: if(FALSE === $this->isLoggedIn()) { // redirect to login }
7. Create many admin controllers that extend Admin_controller and handle your functionality - "class Admin_customer extends Admin_controller {}"
8. Have the constructor of all of the non Admin_base controllers that extend Admin_Controller check for if(FALSE === $this->isLoggedIn() { // redirect to login }}
9. Profit.

PHP Code:
<?php defined('BASEPATH') OR exit('No direct script access allowed');

/*
 * Put each class in it's own file and write the appropriate autoloader.
 */

class MY_Controller extends CI_Controller 
    public function 
__construct() {
        
$this->load->database();
        
$this->db->query('SET time_zone="+0:00"');
    }

    public function 
ci() {
        return 
$this->get_instance();
    }
}

class 
Admin_controller extends MY_Controller {
    public function 
isLoggedIn() {
        
// Return (bool) TRUE/FALSE based on some condition you set upon login
    
}
}

class 
Admin_base extends Admin_controller {
    public function 
index() {
        if(
TRUE !== $this->isLoggedIn()) {
            
// Redirect to login
        
}

        
// Build and output the view
    
}

    public function 
login() {
        if(
TRUE === $this->isLoggedIn()) {
            
// Redirect to index()
        
}

        if(
$this->ci()->input->post()) {
            
// Handle form
        
}

        
// Build and output the view
    
}

    public function 
logout() {
        if(
TRUE !== $this->isLoggedIn()) {
            
// Log the user out
        
}

        
// Redirect somewhere
    
}

    public function 
profile() {
        if(
TRUE !== $this->isLoggedIn()) {
            
// Redirect to login
        
}

        if(
$this->ci()->input->post()) {
            
// Handle form
        
}

        
// Build and output the view
    
}
}

class 
Admin_product extends Admin_base {
    public function 
__construct() {
        
parent::__construct();

        if(
TRUE !== $this->isLoggedIn()) {
            
// Redirect to login
        
}
    }

    public function 
browse() {
        
// Build and output the view
    
}

    public function 
create() {
        
// Build and output the view
    
}

    public function 
delete() {
        
// Build and output the view
    
}

    public function 
edit() {
        
// Build and output the view
    
}

    public function 
restore() {
        
// Build and output the view
    
}