Login

cwchong · 05-23-2016, 01:00 AM

(05-23-2016, 12:32 AM)skunkbad Wrote: Yes, use the lowest level that is allowed to access the page. If login is not required at all and you're just trying to verify if anyone is logged in, then use $this->is_logged_in(); at the top of your controller method.

After that, use your ability to access the auth variables to determine who is/not logged in and what to show them.

Docs: http://community-auth.com/documentation/...rification

Show some code too, unless I've answered your question already.

Thank you for the quick reply. To clarify, login is required for the entire page, but some sub-content will require higher privileges.
The following is a small modification of the Examples->simple_verification() method:

PHP Code:
public function simple_verification()
    {
        $this->is_logged_in();

        echo $this->load->view('examples/page_header', '', TRUE);
        
        if( $this->verify_min_level(10) ) { // set this to any level higher than the current logged in user
            echo '<p>Showing admin level content</p>';
        } else {
            echo '<p>Hiding admin level content</p>';
        }

        echo '<p>';
        if( ! empty( $this->auth_role ) )
        {
            echo $this->auth_role . ' logged in!<br />
                User ID is ' . $this->auth_user_id . '<br />
                Auth level is ' . $this->auth_level . '<br />
                Username is ' . $this->auth_username;

            if( $http_user_cookie_contents = $this->input->cookie( config_item('http_user_cookie_name') ) )
            {
                $http_user_cookie_contents = unserialize( $http_user_cookie_contents );
                
                echo '<br />
                    <pre>';

                print_r( $http_user_cookie_contents );

                echo '</pre>';
            }

            if( config_item('add_acl_query_to_auth_functions') && $this->acl )
            {
                echo '<br />
                    <pre>';

                print_r( $this->acl );

                echo '</pre>';
            }

            /**
             * ACL usage doesn't require ACL be added to auth vars.
             * If query not performed during authentication, 
             * the acl_permits function will query the DB.
             */
            if( $this->acl_permits('general.secret_action') )
            {
                echo '<p>ACL permission grants action!</p>';
            }
        }
        else
        {
            echo 'Nobody logged in.';
        }

        echo '</p>';

        echo $this->load->view('examples/page_footer', '', TRUE);
    } 

After logging in and visiting the page for the first time, the correct behaviour ("Hiding admin level content" shown along with the rest of the auth information).
However, visiting the page again will show that the user is no longer logged in.

Should I avoid calling verify_min_level() if I do not wish to log the user out, and instead just check ($this->auth_level >= 10) instead?

Thanks!