Writing Admin/User/Public controllers to insure authentication

That would get a little too complex in my opinion. Instead of just requiring the composer autoloader inside the index we would have to move a file from system/core to application/core and then make the require in index.php. That would still be a hack .

My decision was to just put the vendor directory inside the application, and do a require_once() of the autoloader inside the config.php file just after the $config['composer_autoload']=FALSE;

This way, if in the future the core files of the CodeIgniter will change the way the composer is used, I just look in the config.php, change the composer_autoload parameter to TRUE and delete the line that required the autoloader.

Website: http://avenir.ro