+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Checking a session in a hook (/showthread.php?tid=18403)
Pages:
1
2
Checking a session in a hook - El Forum - 05-05-2009
[eluser]devvee[/eluser]
Hello everyone,
I'm fairly new with Code Igniter and right now I'm trying out a few things. I downloaded the simplelogin library which lets me log in and creates a session. This, of course, works without any issues.
I figured I'd build a session check to prevent unauthorized people from accessing the website. Since every single bit of the website with the exception of the login area is closed off, I created a hook to perform this session check.
At first I enabled hooks and defined the hook in config/hooks.php. I called it "auth_hook" because it checks for authorization.
Code:
$hook['post_controller_constructor'] = array(
'class' => 'Auth_hook',
'function' => 'check',
'filename' => 'auth_hook.php',
'filepath' => 'hooks'
);Code:
class Auth_hook extends Controller {
function Auth_hook()
{
parent::Controller();
}
function check()
{
echo $this->session->userdata('username');
}
}When I access a page, the hook gets initiated properly but it throws an error:
Fatal error: Call to a member function userdata() on a non-object in C:\xampp\htdocs\codeigniter\system\application\hooks\auth_hook.php on line 10
At first I tried using "pre_controller" in hooks.php, but that just moved the error away from hooks.php into the controller I was calling, if that controller also tried to get the session userdata.
I've looked around a bit but I can't seem to figure out how to fix it.
Is it even good practice to do it the way I'm trying? I figured that putting a check whether the user is logged in or not in every single controller wouldn't be very good..
Thanks in advance
Checking a session in a hook - El Forum - 05-05-2009
[eluser]TheFuzzy0ne[/eluser]
I'd suggest checking that the user is authorized at the controller level (either in the constructor, or at the beginning of the method). Then everything should be loaded as expected, and you can redirect or whatever it is you want to do.
Checking a session in a hook - El Forum - 05-05-2009
[eluser]ggoforth[/eluser]
[quote author="TheFuzzy0ne" date="1241553577"]I'd suggest checking that the user is authorized at the controller level (either in the constructor, or at the beginning of the method). Then everything should be loaded as expected, and you can redirect or whatever it is you want to do.[/quote]
If you run your hook at the "post_controller_constructor" you should be able to run your check then. I think the reason your experienceing the error is due to the fact that you haven't created the CI object yet (before constructor). If you run it after the constructor you should be able to access your session vars.
I think doing it in a hook is better than controller level as it's much more manageable as you add lots of pages and functions. Keep your code in one place seems to be more manageable than doing it on every single page, IMHO.
Greg
Checking a session in a hook - El Forum - 05-05-2009
[eluser]Dam1an[/eluser]
@ggfoth: But if you have it in a custom controller, which all your other controllers extend, then its also in one place, and for me personally, it seams more logical that way (although that might just be me)
Checking a session in a hook - El Forum - 05-05-2009
[eluser]ggoforth[/eluser]
[quote author="Dam1an" date="1241575569"]@ggfoth: But if you have it in a custom controller, which all your other controllers extend, then its also in one place, and for me personally, it seams more logical that way (although that might just be me)[/quote]
That essentially works the same way as a hook. I just like visualizing the process of hooking into specific parts of the framework execution.
One thing I'm not sure about is how to have a controller extend more than one other class...You said if you have a custom controller which all other controllers extend...All the controllers should already be extending "Controller". I guess I'm just confused about how you execute your example. Would love to see how you do it.
I guess I just like the simplicity of a hook. Define it, and it runs.
Greg
Checking a session in a hook - El Forum - 05-05-2009
[eluser]Dam1an[/eluser]
your controllers would only extends a single class (MY_Controller), which in turn extends Controller
So the chain of command is
Code:
Page > MY_Controller > Controller > CI_BaseTo me this seems more natiraul, coming form a Java background with lots of inheritence going on, and when I started with CI, hooks seemed scary, but they are proving to be useful now
Checking a session in a hook - El Forum - 05-05-2009
[eluser]ggoforth[/eluser]
[quote author="Dam1an" date="1241577717"]your controllers would only extends a single class (MY_Controller), which in turn extends Controller
So the chain of command is
Code:
Page > MY_Controller > Controller > CI_BaseTo me this seems more natiraul, coming form a Java background with lots of inheritence going on, and when I started with CI, hooks seemed scary, but they are proving to be useful now
[/quote]That is really slick! I hadn't thought of doing that. I do really like that. This makes me wonder about perfomance. Is it quicker to run a hook or extend multiple controllers in that fashion. Either way, that's really nice. I don't come from a programming background, I started on doing simple sites and had to learn PHP to keep clients happy. So I can appreciate programmers than can code in multiple languages. Nice work!
Greg
Checking a session in a hook - El Forum - 05-06-2009
[eluser]devvee[/eluser]
I've tried using the CI object:
Code:
var $CI
$CI =& get_instance();
echo $this->CI->session->userdata('username');This gives me the same error. I forgot to mention that the controller I'm trying to call also tries to use $this->session->userdata('username');
The application I'm working on is supposed to be completely closed off from the outside and not a single controller that will be added in the future will be visible without first having logged in.
I chose to do it with hooks because that way other colleagues don't have to stray off the default code igniter way by extending a custom controller or by having to put a login check in every controller.
Regardless of whether this is good practice or not (since I read about hooks being seen as obfuscated/invisible code and I agree), I'd like to solve this issue so I won't be having it in the future
Thanks for all the replies though!
Checking a session in a hook - El Forum - 05-06-2009
[eluser]ggoforth[/eluser]
[quote author="devvee" date="1241611969"]I've tried using the CI object:
Code:
var $CI
$CI =& get_instance();
echo $this->CI->session->userdata('username');This gives me the same error. I forgot to mention that the controller I'm trying to call also tries to use $this->session->userdata('username');
The application I'm working on is supposed to be completely closed off from the outside and not a single controller that will be added in the future will be visible without first having logged in.
I chose to do it with hooks because that way other colleagues don't have to stray off the default code igniter way by extending a custom controller or by having to put a login check in every controller.
Regardless of whether this is good practice or not (since I read about hooks being seen as obfuscated/invisible code and I agree), I'd like to solve this issue so I won't be having it in the future
Thanks for all the replies though![/quote]
Did you try running your hook at the post_controller_constructor instead of pre controller? Also, when are you loading your session library? Is it autoloaded or loaded manually in the controller? If your going to stick to hooks (with Damien's method being the alternative) just run it AFTER the constructor, that way you will have access to $this->session->userdata(). If your doing it pre controller the CI object hasn't been created yet, so you won't be able to access it.
FYI, I'm doing it this exact way and I know it works. I run a check post construct and if they aren't logged in, back to the login they go.
Greg
Checking a session in a hook - El Forum - 05-06-2009
[eluser]devvee[/eluser]
[quote author="ggoforth" date="1241612259"][quote author="devvee" date="1241611969"]I've tried using the CI object:
Code:
var $CI
$CI =& get_instance();
echo $this->CI->session->userdata('username');This gives me the same error. I forgot to mention that the controller I'm trying to call also tries to use $this->session->userdata('username');
The application I'm working on is supposed to be completely closed off from the outside and not a single controller that will be added in the future will be visible without first having logged in.
I chose to do it with hooks because that way other colleagues don't have to stray off the default code igniter way by extending a custom controller or by having to put a login check in every controller.
Regardless of whether this is good practice or not (since I read about hooks being seen as obfuscated/invisible code and I agree), I'd like to solve this issue so I won't be having it in the future
Thanks for all the replies though![/quote]
Did you try running your hook at the post_controller_constructor instead of pre controller? Also, when are you loading your session library? Is it autoloaded or loaded manually in the controller? If your going to stick to hooks (with Damien's method being the alternative) just run it AFTER the constructor, that way you will have access to $this->session->userdata(). If your doing it pre controller the CI object hasn't been created yet, so you won't be able to access it.
FYI, I'm doing it this exact way and I know it works. I run a check post construct and if they aren't logged in, back to the login they go.
Greg[/quote]
I ran my hooks both post_controller_constructor and pre_controller, both gave me the same error. My session library is autoloaded.
If you run the login check post_controller, doesn't that mean code inside a controller gets executed before the person gets sent back to the login page? So if, for instance, you were to access a page that upon accessing performs a certain action, it would do so even if you weren't logged in?
And in that sense, wouldn't it be faster to take care of all these things pre_controller or at least post_controller_constructor?