09-18-2009, 11:11 AM
[eluser]benoa[/eluser]
I'm currently building a project that requires two layers of authentication : admin and clients.
So I went through many Open Source CI apps in order to see how authentication was managed. Looking at Bamboo Invoice's MY_Controller, I found a smart way to protect a list of controllers :
We could store the $unlocked array in a config file, or in a database so that the administrator can decide which parts of the sites are supposed to be restricted access (from the backend). I can see an implementation of roles here too.
I found this was useful, but I would like to know if you ci-mates have another way of managing access to your controllers ?
I'm currently building a project that requires two layers of authentication : admin and clients.
So I went through many Open Source CI apps in order to see how authentication was managed. Looking at Bamboo Invoice's MY_Controller, I found a smart way to protect a list of controllers :
Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class MY_Controller extends Controller
{
function My_Controller()
{
parent::Controller();
// a list of unlocked (ie: not password protected) controllers. We assume
// controllers are locked if they aren't explicitly on this list
$unlocked = array('changelog', 'credits', 'donate', 'front', 'help', 'login');
if ( ! $this->site_sentry->is_logged_in() AND ! in_array(strtolower(get_class($this)), $unlocked))
{
redirect('login/');
}
}
}We could store the $unlocked array in a config file, or in a database so that the administrator can decide which parts of the sites are supposed to be restricted access (from the backend). I can see an implementation of roles here too.
I found this was useful, but I would like to know if you ci-mates have another way of managing access to your controllers ?
