+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Is it possible to make controllers private? (/showthread.php?tid=23036)
Is it possible to make controllers private? - El Forum - 09-28-2009
[eluser]rvillalon[/eluser]
Is it possible to make controllers private? Not accessible by http?
I'm trying to protect my controllers for cron jobs and error reporting .
Is it possible to make controllers private? - El Forum - 09-28-2009
[eluser]renownedmedia[/eluser]
You could check the client ip and see if it equalled 127.0.0.1
Is it possible to make controllers private? - El Forum - 09-28-2009
[eluser]guillermo, out of repose[/eluser]
Why not create a library for each of those? One for crons and one for error reporting?
Is it possible to make controllers private? - El Forum - 09-28-2009
[eluser]moodh[/eluser]
http://ellislab.com/codeigniter/user-guide/general/controllers.html#private maybe?
Is it possible to make controllers private? - El Forum - 09-29-2009
[eluser]attos[/eluser]
This might not work if you are trying to call a method inside the controller.
You should also be able to execute your controller from the command line. There's an entry on this in the wiki at http://codeigniter.com/wiki/CI_on_the_command_line/
Also you can create two controllers. One with the functions accessible from a browser and another for the functions accessible from the command line.
In all the public functions in the controller for the command line functions you should check if the request is coming from a browser and if this is the case the function would simply die, return an error message or redirect to user to another page.
From the same wiki page, you should be able to detect this by checking the REQUEST_URI:
Code:
isset($_SERVER['REQUEST_URI'])
{
// This request most likely comes from a browser
die();
}
// We can continue processing this requestIs it possible to make controllers private? - El Forum - 09-29-2009
[eluser]mattthehoople[/eluser]
would something like...
Code:
class Sysadmin extends Controller {
function Sysadmin() {
parent::__construct();
if($_SERVER['REQUEST_METHOD']!='CLI') {
die("Only accessible via the shell.");
}
}
function index() {
etc......do the trick? (I'm not sure, it's not my code...)
Is it possible to make controllers private? - El Forum - 09-29-2009
[eluser]attos[/eluser]
This will not work. The $_SERVER['REQUEST_METHOD'] will not be 'CLI'
From the PHP manual:
[$_SERVER['REQUEST_METHOD'] indicates] Which request method was used to access the page; i.e. 'GET', 'HEAD', 'POST', 'PUT'.
Replace your line:
Code:
if($_SERVER['REQUEST_METHOD']!='CLI') {with:
Code:
if(!isset($_SERVER['REQUEST_URI'])) {This might do the trick if you're using the command line, give it a try.
This will not work if your cron job uses wget (assuming *nix system). This is because the you would be using something like:
Code:
wget http://localhost/your_app/index.php/Sysadmin/index/and this sets the REQUEST_URI element of the $_SERVER variable.
Is it possible to make controllers private? - El Forum - 09-29-2009
[eluser]rvillalon[/eluser]
So I guess Thomas Hunter's solution would be best?
Check if the IP address is set to 127.0.0.1?
Is it possible to make controllers private? - El Forum - 09-29-2009
[eluser]jedd[/eluser]
Alternatively, you could deign to clarify if you mean running something like wget or lynx in your cron, or do you mean a CLI version of PHP is being run there.
Is it possible to make controllers private? - El Forum - 09-29-2009
[eluser]BrianDHall[/eluser]
[quote author="jedd" date="1254260911"]Alternatively, you could deign to clarify if you mean running something like wget or lynx in your cron, or do you mean a CLI version of PHP is being run there.[/quote]
I don't think many people know there is a difference. For those not aware, CLI or 'command line' actually executes a special PHP executable file with certain parameters, just like running a 'ping' command or 'rn' in SSH.
Not everyone even has that special CLI executable, as while it is enabled by default it is not always actually installed.
Meanwhile using wget or lynx will call a special system command and instruct it to do something, such as to act as though it were a browser and 'get' the address you give it. In that case CI/PHP doesn't really know any different than if a regular person visited the address, so protecting such a script from outside use is another matter entirely.