Authentication using tank auth - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Authentication using tank auth (/showthread.php?tid=52827) |
Authentication using tank auth - El Forum - 06-28-2012 [eluser]ozy123[/eluser] I'm using tank auth and just trying to figure out how best to implement it. I have a bookings system. I have controllers to retrieve a booking, to delete a booking etc I don't want a user to be able to copy and paste a URL to delete bookings. Therefore should I do a check that the user is logged in before the controller loads views etc i.e. I begin my controller as such : if ($this->tank_auth->is_logged_in()) { $this->load->view; } else {redirect('/auth/login/');}; ? Or is there a better way? Sorry if its an obvious question, still grappling. Thanks in advance Authentication using tank auth - El Forum - 06-28-2012 [eluser]jmadsen[/eluser] Hi ozy, Yes, you have the idea. I generally have a Private_Controller & Public_Controller extending MY_Controller, then in the Private_Controller I put similar code to yours in the construct. Then each controller extends Private_Controller if logged in status is required. Don't forget in addition,you'll want to get your user_id & check they have the correct privileges to do the action (deleting, editing, whatever) Authentication using tank auth - El Forum - 06-28-2012 [eluser]regal2157[/eluser] I would also put it before the actions. Not at the loading view level. Just to make sure the controller doesn't do the leg work, then display a "You're not authorized" message, while in the background - they just did what you wanted them not to do. Authentication using tank auth - El Forum - 06-28-2012 [eluser]ozy123[/eluser] [quote author="regal2157" date="1340885283"]I would also put it before the actions. Not at the loading view level. Just to make sure the controller doesn't do the leg work, then display a "You're not authorized" message, while in the background - they just did what you wanted them not to do.[/quote] Good call. Thanks all for the advice, appreciate it massively. |