CodeIgniter Forums
Filter controller without authentication - Printable Version

+- CodeIgniter Forums (
+-- Forum: CodeIgniter 4 (
+--- Forum: CodeIgniter 4 Support (
+--- Thread: Filter controller without authentication (/showthread.php?tid=77384)

Filter controller without authentication - pippuccio76 - 08-25-2020

i , in ci 3 in a construct method or in every method of a controller except for login i do :

PHP Code:
if(!isset($_SESSION['user_id'])) {

How can i do the same using filter ?

RE: Filter controller without authentication - InsiteFX - 08-25-2020

It would be something like this not tested.

PHP Code:
<?php namespace Your\Name\Space;


YourFilterName implements FilterInterface
     * Do whatever processing this filter needs to do.
     * By default it should not return anything during
     * normal execution. However, when an abnormal state
     * is found, it should return an instance of
     * CodeIgniter\HTTP\Response. If it does, script
     * execution will end and that Response will be
     * sent back to the client, allowing for error pages,
     * redirects, etc.
     * @param \CodeIgniter\HTTP\RequestInterface $request
     * @param array|null                         $params
     * @return mixed
public function before(RequestInterface $request$params null)
// if no user is logged in then send them to the login form
if (! isset($_SESSION['user_id']))


     * Allows After filters to inspect and modify the response
     * object as needed. This method does not allow any way
     * to stop execution of other after filters, short of
     * throwing an Exception or Error.
     * @param \CodeIgniter\HTTP\RequestInterface  $request
     * @param \CodeIgniter\HTTP\ResponseInterface $response
     * @param array|null                          $arguments
     * @return void
public function after(RequestInterface $requestResponseInterface $response$arguments null)



}   // End of YourFilterName Class.

 * -----------------------------------------------------------------------
 * Filename: YourFilterName.php
 * Location: ./app/Filters/YourFilterName.php
 * -----------------------------------------------------------------------

Put your own namespace and class names in.

RE: Filter controller without authentication - pippuccio76 - 08-25-2020

(08-25-2020, 03:42 AM)InsiteFX Wrote: It would be something like this not tested.

PHP Code:
<?php namespace Your\Name\Space;


YourFilterName implements FilterInterface
     * Do whatever processing this filter needs to do.
     * By default it should not return anything during
     * normal execution. However, when an abnormal state
     * is found, it should return an instance of
     * CodeIgniter\HTTP\Response. If it does, script
     * execution will end and that Response will be
     * sent back to the client, allowing for error pages,
     * redirects, etc.
     * @param \CodeIgniter\HTTP\RequestInterface $request
     * @param array|null                         $params
     * @return mixed
public function before(RequestInterface $request$params null)
// if no user is logged in then send them to the login form
if (! isset($_SESSION['user_id']))


     * Allows After filters to inspect and modify the response
     * object as needed. This method does not allow any way
     * to stop execution of other after filters, short of
     * throwing an Exception or Error.
     * @param \CodeIgniter\HTTP\RequestInterface  $request
     * @param \CodeIgniter\HTTP\ResponseInterface $response
     * @param array|null                          $arguments
     * @return void
public function after(RequestInterface $requestResponseInterface $response$arguments null)



}   // End of YourFilterName Class.

 * -----------------------------------------------------------------------
 * Filename: YourFilterName.php
 * Location: ./app/Filters/YourFilterName.php
 * -----------------------------------------------------------------------

Put your own namespace and class names in.

Why this : session()->set('redirect_url', current_url());  ?

Now how can use it in route for every controller ? for example for User controller must be for every method except login

RE: Filter controller without authentication - InsiteFX - 08-25-2020

PHP Code:

// Add to the aliases section.
'login'      => \YourNameSpace\YourFolder\Filters\YourFilterName::class,

// Or restrict your entire site by adding the LoginFilter to the $globals array:
public $globals = [
    'before' => [
        // 'csrf',
    'after'  => [

Restricting a single route:

// Any single route can be restricted by adding the filter option to the last parameter in any of the route definition methods:
$routes->get('admin/users''UserController::index', ['filter' => 'permission:manage-user']);

Restricting Route Groups:

// In the same way, entire groups of routes can be restricted within the group() method:
$routes->group('admin', ['filter' => 'role:admin,superadmin'], function($routes) {

A lot of this is from Myth/Auth, I suggest that you download it and go through the code.


RE: Filter controller without authentication - pippuccio76 - 08-26-2020

i create two filter : usersFiltersAuth and usersFiltersNoAuth

if i use filter in sigle route as:

$routes->get('/login', 'User::login',['filter'=>'usersFiltersNoAuth']);
$routes->get('/registration', 'User::registration',['filter'=>'usersFiltersNoAuth']);
$routes->get('/logout', 'User::logout');

work fine .

How can i  do for an entire controller ?



Dont' work and i must except /user/login and /user/registration

RE: Filter controller without authentication - InsiteFX - 08-26-2020

Did you try to add the user to the filter?

PHP Code:

RE: Filter controller without authentication - pippuccio76 - 08-26-2020

(08-26-2020, 10:09 AM)InsiteFX Wrote: Did you try to add the user to the filter?

PHP Code:

doesn't work  or i dont understand :



the violet user is the name of controller ?How can i do exception for some method ?

RE: Filter controller without authentication - Chroma - 08-27-2020

When I was doing this, I had an exclusion list that would be checked first, if the controller/method was in the exclusion list, the filter was finished and processing stopped.

Something like this...

PHP Code:
        $current = (string)current_url(true)->setHost('')->setScheme('')->stripQuery('token');

        // the array must be all methods that do NOT require being checked
        if (in_array((string)$current, ['/controller/method1''/controller/method2']))

You can of course add as many controller/method items to the exclusion array.

Put any must do filter code after this snippet. It will then exit if necessary or allow the processing as necessary.

RE: Filter controller without authentication - pippuccio76 - 08-28-2020

(08-27-2020, 04:18 AM)Chroma Wrote: When I was doing this, I had an exclusion list that would be checked first, if the controller/method was in the exclusion list, the filter was finished and processing stopped.

Something like this...

PHP Code:
        $current = (string)current_url(true)->setHost('')->setScheme('')->stripQuery('token');

        // the array must be all methods that do NOT require being checked
        if (in_array((string)$current, ['/controller/method1''/controller/method2']))

Put any must do filter code after this snippet. It will then exit if necessary or allow the processing as necessary.

You can of course add as many controller/method items to the exclusion array.

Codeigniter 4 have except to remove some uri to filter , i want know how use it ,principally i want know how use filter for every method of a controller without write a row for every method (if it's possible) than i want exclude the filter for some method ....

RE: Filter controller without authentication - pippuccio76 - 08-28-2020

I don't know how doesn't work :

PHP Code:

Filter class :

PHP Code:
class UsersFiltersNoAuth implements FilterInterface
     * Do whatever processing this filter needs to do.
     * By default it should not return anything during
     * normal execution. However, when an abnormal state
     * is found, it should return an instance of
     * CodeIgniter\HTTP\Response. If it does, script
     * execution will end and that Response will be
     * sent back to the client, allowing for error pages,
     * redirects, etc.
     * @param \CodeIgniter\HTTP\RequestInterface $request
     * @param array|null                         $params
     * @return mixed
    public function before(RequestInterface $request$params null)
        // if no user is logged in then send them to the login form
        if (isset($_SESSION['user_id']))
return redirect()->to('/user/index');


     * Allows After filters to inspect and modify the response
     * object as needed. This method does not allow any way
     * to stop execution of other after filters, short of
     * throwing an Exception or Error.
     * @param \CodeIgniter\HTTP\RequestInterface  $request
     * @param \CodeIgniter\HTTP\ResponseInterface $response
     * @param array|null                          $arguments
     * @return void
    public function after(RequestInterface $requestResponseInterface $response$arguments null)



}   // End of YourFilterName Class. 

PHP Code:
class UsersFiltersAuth implements FilterInterface
     * Do whatever processing this filter needs to do.
     * By default it should not return anything during
     * normal execution. However, when an abnormal state
     * is found, it should return an instance of
     * CodeIgniter\HTTP\Response. If it does, script
     * execution will end and that Response will be
     * sent back to the client, allowing for error pages,
     * redirects, etc.
     * @param \CodeIgniter\HTTP\RequestInterface $request
     * @param array|null                         $params
     * @return mixed
    public function before(RequestInterface $request$params null)
        // if no user is logged in then send them to the login form
        if (!isset($_SESSION['user_id']))
return redirect()->to('/login');


     * Allows After filters to inspect and modify the response
     * object as needed. This method does not allow any way
     * to stop execution of other after filters, short of
     * throwing an Exception or Error.
     * @param \CodeIgniter\HTTP\RequestInterface  $request
     * @param \CodeIgniter\HTTP\ResponseInterface $response
     * @param array|null                          $arguments
     * @return void
    public function after(RequestInterface $requestResponseInterface $response$arguments null)



}   // End of YourFilterName Class. 

if i try to go to /user/chengeEmail or /user/changePassword when ($_SESSION['user_id] is set) i am redirect to /user/index why ?