login prompt bypassed - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24) +--- Thread: login prompt bypassed (/showthread.php?tid=73128) |
login prompt bypassed - scatman98 - 03-21-2019 i have an admin account setup in the database which allows login from login form but if someone knows the url of pages protected by login they can bypass the login how do i protect the pages from not being viewed without login? RE: login prompt bypassed - InsiteFX - 03-21-2019 In your index method do a check to see if the admin is logged in, You can do that by saving the value to the session ( logged_in = TRUE ). RE: login prompt bypassed - SomeGuy - 03-29-2019 1. Create a Base controller, MY_Controller, that extends CI_Controller; 2. Create Admin_controller that extends MY_Controller; 3. Create the method Admin_controller::isLoggedIn() and add appropriate logic; 4. Create Admin_base controller that extends Admin_controller; 5. Create Admin_base::login() that displays the login view and handles the form response; 6. Have every OTHER (not login()) method within Admin_base check for: if(FALSE === $this->isLoggedIn()) { // redirect to login } 7. Create many admin controllers that extend Admin_controller and handle your functionality - "class Admin_customer extends Admin_controller {}" 8. Have the constructor of all of the non Admin_base controllers that extend Admin_Controller check for if(FALSE === $this->isLoggedIn() { // redirect to login }} 9. Profit. PHP Code: <?php defined('BASEPATH') OR exit('No direct script access allowed'); |