CodeIgniter Forums

Full Version: [SOLVED] Log in access restriction problem
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]Xarren[/eluser]
Hi, im attempting to use my controller constructor to limit access to any of the controller functions unless the user is logged in (session). Im trying to get the following to work:

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            $this->load->view('admin/header');
            $this->load->view('admin/log_in_view');
        }
    }

Now that works fine if someone goes to http://www.mysite.com/admin - however if someone goes to http://www.mysite.com/admin/function then the login form will display, but so will the output of the function, right below it. This means that someone can still view the pages without logging in if he knows the direct link.

How do I correct that problem?

El Forum

[eluser]intractve[/eluser]
This is a problem with using 0 for checking the value of logged_in because comparing strings can result in a zero thus making your if clause pass.

I personally use TRUE/FALSE (as boolean and not strings) as the session value for logged_in
and check it with
Code:
parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in===FALSE) { redirect('/user/login'); }

To my knowledge you shouldn't call the load view in the constructor.

El Forum

[eluser]Xarren[/eluser]
I've tried redirection before, but whenever I try it in the constructor i get the "This page is redirecting in a way that will never complete" browser error. Any clues why that might be?

El Forum

[eluser]evstevemd[/eluser]
[quote author="Xarren" date="1281583100"]Hi, im attempting to use my controller constructor to limit access to any of the controller functions unless the user is logged in (session). Im trying to get the following to work:

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            $this->load->view('admin/header');
            $this->load->view('admin/log_in_view');
        }
    }

Now that works fine if someone goes to http://www.mysite.com/admin - however if someone goes to http://www.mysite.com/admin/function then the login form will display, but so will the output of the function, right below it. This means that someone can still view the pages without logging in if he knows the direct link.

How do I correct that problem?[/quote]

I think that other thing should go in else clause

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            $this->load->view('admin/header');
            $this->load->view('admin/log_in_view');
        }
        
         else{
            $this->load->view('admin/header');
            $this->load->view('admin/iam_logged_in');
        }
    }

El Forum

[eluser]Xarren[/eluser]
The problem is that else is whatever function the person has called. So for example if someone goes to http://www.mysite.com/admin/view_members i want it to display view members if he is logged in, not the standard controller view. The redirect thing is really what Im after, however redirects in the header do not seem to work well..

Could someone who has done this before post their code for me please?

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            redirect('admin/log_in_form');
        }
    }
    function index()
    {    
            $this->load->view('admin/header');
            $this->load->view('admin/welcome_view');
    }

    function log_in_form()
    {
        $this->load->view('admin/header');
        $this->load->view('admin/log_in_view');
    }

This returns a "Firefox has detected that the server is redirecting the request for this address in a way that will never complete." error.

El Forum

[eluser]pickupman[/eluser]
Hey got your email. Try this
Code:
function Admin()
    {
        parent::Controller();

        $logged_in = $this->session->userdata('logged_in');
        $segment = $this->uri->segment(2);

        if ($logged_in == 0 && $segment != 'log_in_form')
        {
            redirect('admin/log_in_form');
        }
        
    }
    function index()
    {    
            $this->load->view('admin/header');
            $this->load->view('admin/welcome_view');
    }

    function log_in_form()
    {
        $this->load->view('admin/header');
        $this->load->view('admin/log_in_view');
    }