Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Hiding Views
Hiding Views
  • El Forum
    Unregistered
  •  
#1
11-05-2010, 12:29 PM

[eluser]jordanarseno[/eluser]
Hello all,

I've recently implemented a Controller, MY_Admin_Controller which will be the parent Controller for all admin sections of my site.

To load a specific admin view, In my Admin Controller I'm calling:
Code:
$this-load->view('admin_view');

This is all fine, because I have the logic built so that only users who are set as administrators in the database can access this area.

However, it does not stop the circumvention of pointing your browser to:
http://localhost/Project_Name/applicatio...n_view.php

How can I ensure that this area is kept locked down when requested explicitly in the URL?

Does CodeIgniter have built in functions or configuration settings that will allow me to block all views unless called from a controller?
  • El Forum
    Unregistered
  •  
#2
11-05-2010, 01:26 PM

[eluser]Mutsop[/eluser]
I've been searching for a solution on a similar problem.
One article that might help is this article about view objects

I hope its that what you meant Smile
  • El Forum
    Unregistered
  •  
#3
11-05-2010, 02:19 PM

[eluser]smilie[/eluser]
Hm, place your application folder outsite the website root? :-)

http://ellislab.com/forums/viewreply/820708/

Cheers,
Smilie
  • El Forum
    Unregistered
  •  
#4
11-05-2010, 04:13 PM

[eluser]jordanarseno[/eluser]
hey thanks you two,

But my application folder contains my controllers.
The controllers must be inside the web root in order for the PHP to be processed...

Will this not present a problem if I move the folder?
  • El Forum
    Unregistered
  •  
#5
11-05-2010, 05:21 PM

[eluser]cereal[/eluser]
Just as I said in another thread lately, I use an .htaccess file to restrict that area, read here:

Code:
<Files ~ "\.(htaccess|php)$">
order allow,deny
deny from all
</Files>

just put this file on system » application » views
it's recursive Smile
  • El Forum
    Unregistered
  •  
#6
11-06-2010, 02:10 AM

[eluser]tonanbarbarian[/eluser]
all CI processing is done through the index.php file.
so it is the only file that must be in the webroot

if you are removing the index.php then you will also need the .htaccess file, but that is all

well apart from any images, css, js etc you need for your site
  • El Forum
    Unregistered
  •  
#7
11-10-2010, 02:01 AM

[eluser]nuwanda[/eluser]
You need to test if the user is an admin.

Your admin controller will need to contain that check. If not admin, redirect to somewhere else.

In the controller's constructor you have something like:

Code:
if(!$user_role == 'admin'){
      redirect('site');
    }

This implies that when the user logged in, you set a role for that user. Then you check the role.




Theme © iAndrew 2016 - Forum software by © MyBB