Hi RWCH,
Quote:And why have a front-end controller and a back-end controller? How do they differ?
Why not ALWAYS use authorization and authentication. If u user is not specifically granted access, he does NOT have access. This is a well known security rule/ best practice.
In answer to this question, it's just the way that works for me, the sites I have been developing recently have a number of site pages (which are public) e.g. home, contact us, about, etc the usual, and have a full-blown administration back-end where changes can be made by authorised members of staff such as adding or removing services, offers, news, training or editing certain public sections, in this case, I wanted to keep the public on the one hand and the authorization, admin routines on the other completely separate.
In my frontend controller I set up variables that are common to all public pages and are therefore accessible by each pages controller, whereas, my backend controller sets up variables that are common to all admin pages and contains the authorisation logic in its constructor, I use the MY_controller for loading various libraries, helpers and variables that are common to both.
As the sites grow e.g. adding additional user groups I feel that this arrangement makes it easier to extend or add functionality on an as-needed basis.
I'm not saying this is the only way, it's just a way that works for me
edjon2000