+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Authentication using tank auth (/showthread.php?tid=52827)
Authentication using tank auth - El Forum - 06-28-2012
[eluser]ozy123[/eluser]
I'm using tank auth and just trying to figure out how best to implement it.
I have a bookings system.
I have controllers to retrieve a booking, to delete a booking etc I don't want a user to be able to copy and paste a URL to delete bookings. Therefore should I do a check that the user is logged in before the controller loads views etc
i.e. I begin my controller as such :
if ($this->tank_auth->is_logged_in()) {
$this->load->view;
}
else {redirect('/auth/login/');};
?
Or is there a better way?
Sorry if its an obvious question, still grappling. Thanks in advance
Authentication using tank auth - El Forum - 06-28-2012
[eluser]jmadsen[/eluser]
Hi ozy,
Yes, you have the idea. I generally have a Private_Controller & Public_Controller extending MY_Controller, then in the Private_Controller I put similar code to yours in the construct.
Then each controller extends Private_Controller if logged in status is required.
Don't forget in addition,you'll want to get your user_id & check they have the correct privileges to do the action (deleting, editing, whatever)
Authentication using tank auth - El Forum - 06-28-2012
[eluser]regal2157[/eluser]
I would also put it before the actions. Not at the loading view level. Just to make sure the controller doesn't do the leg work, then display a "You're not authorized" message, while in the background - they just did what you wanted them not to do.
Authentication using tank auth - El Forum - 06-28-2012
[eluser]ozy123[/eluser]
[quote author="regal2157" date="1340885283"]I would also put it before the actions. Not at the loading view level. Just to make sure the controller doesn't do the leg work, then display a "You're not authorized" message, while in the background - they just did what you wanted them not to do.[/quote]
Good call. Thanks all for the advice, appreciate it massively.