Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Deny dirrect access to a controller...
Deny dirrect access to a controller...
  • El Forum
    Guest
  •  
#1
02-05-2009, 11:46 AM

[eluser]rvent[/eluser]
Hello,

I was wondering how can i deny direct access to a controller so users cant just do:
http://domain.com/control_pannel/

I have written a library that uses LDAP to authenticate to Active directory and want to be able to redirect an authenticated user to a different controller, but i dont want them to be able to type the full address in the address bar and gain access...

Any ideas...?

some CI file have:
if ( ! defined('BASEPATH')) exit('No direct script access allowed');

But i dont think that's what i am looking for...

Thanks..
  • El Forum
    Guest
  •  
#2
02-05-2009, 11:58 AM

[eluser]Steven_W[/eluser]
you can set functions within a controllor to private by adding an underscore to its name, _myfunction(), would that work?
  • El Forum
    Guest
  •  
#3
02-05-2009, 12:09 PM

[eluser]rvent[/eluser]
Nope...

Here is one of the functions i have in the default controller:

Code:
function test()
    {
        $user = '[email protected]';
        $pass = 'my_secret';
        $out = $this->hst_ldap_auth->hst_ldap_login($user, $pass);
        
        if($out)
            redirect('/welcome', 'location');
        else
            echo 'no good';
            
    }

If user successfully logs in he is redirected from /application/controller/login.php to application/controller/control_panel.php

But i find that i am able to type http://localhost/index.php/control_panel and get to it with no problems, therefore, defying the purpose of the authentication.

What you mention it refers to whether or not a function can be called from a different class..

Any more ideas..?

Thanks
  • El Forum
    Guest
  •  
#4
02-05-2009, 12:38 PM

[eluser]Steven_W[/eluser]
did you set the index function to private?
  • El Forum
    Guest
  •  
#5
02-05-2009, 12:44 PM

[eluser]kyleect[/eluser]
I notice a lot of people who post CI code use syntax that's friendly to PHP4, esp controllers. Why not declare that controller method private rather than using an underscore? I also noticed that a lot of people don't declare class variables as public/private but use PHP4 syntax. I know the CI framework does this for compatibility but are there really that many people out there that are either running php4 or only know php through CI?

Regarding the question, setting this:

Code:
private function index(){}

will prevent people from accessing the controller. You need to declare every method private if you don't want them to access any of it.
  • El Forum
    Guest
  •  
#6
02-05-2009, 01:02 PM

[eluser]rvent[/eluser]
Yeah, but then i get:
[05-Feb-2009 13:15:20] PHP Fatal error: Call to private Welcome::Welcome()
  • El Forum
    Guest
  •  
#7
02-05-2009, 01:11 PM

[eluser]GSV Sleeper Service[/eluser]
how about
Code:
...
$out = $this->hst_ldap_auth->hst_ldap_login($user, $pass);
if($out){
   $this->session->set_userdata('logged_in','true');
   redirect('/welcome', 'location');
}

and in your control_panel controller

function __construct(){
   if(!$this->session->userdata('logged_in'){
      echo "bugger off";
      //redirect to login
   }
}
  • El Forum
    Guest
  •  
#8
02-05-2009, 02:17 PM

[eluser]rvent[/eluser]
[quote author="GSV Sleeper Service" date="1233882696"]how about
Code:
...
$out = $this->hst_ldap_auth->hst_ldap_login($user, $pass);
if($out){
   $this->session->set_userdata('logged_in','true');
   redirect('/welcome', 'location');
}

and in your control_panel controller

function __construct(){
   if(!$this->session->userdata('logged_in'){
      echo "bugger off";
      //redirect to login
   }
}
[/quote]

Thanks..




Theme © iAndrew 2016 - Forum software by © MyBB