Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Trying To Redirect Non-Authenticated Users Via Constructor, Problems.
Trying To Redirect Non-Authenticated Users Via Constructor, Problems.
  • El Forum
    Unregistered
  •  
#1
11-05-2010, 01:32 PM

[eluser]mdvaldosta[/eluser]
I've got a bit of an issue, I'm trying to secure and Admin controller and have put this in the constructor:

Code:
// Make sure only an Administrator can use this controller
        if ($this->session->userdata('user_group') != 'Administrator')
        {
            $data['title'] = 'Sorry, You Can\'t Do That';
            $data['content'] = 'admin/not_admin';
            $this->load->view('template', $data);
        }

Problem is that, even though I'm redirecting to another view - other functions in the controller can still be called. Essentially, two views are being called (the constructor and the function) when not in the Administrator usergroup. I can send to an error page instead and fix that, but I'd rather send to a view. Thoughts?
  • El Forum
    Unregistered
  •  
#2
11-05-2010, 04:51 PM

[eluser]Crimp[/eluser]
I usually use an auth library and a login controller. If the session is initiated, you can, for example, use flashdata to pass appropriate messages to the login view. I find this a logcial way to deal with authentication across an entire application. Btw, you are not doing a header redirect, just loading a view. See redirect() in the URL helper.
  • El Forum
    Unregistered
  •  
#3
11-06-2010, 07:50 AM

[eluser]mdvaldosta[/eluser]
I understand that. I suppose what I'm really after is a way to exit the script and not run any functions if the above condition is met. When I use die() after loading the view I get a white page instead of the view.
  • El Forum
    Unregistered
  •  
#4
11-06-2010, 07:59 AM

[eluser]wingdspur[/eluser]
The problem is trying to load a view from the constructor. You want to redirect them either to the base_url or to another controller function where you can pass some flashdata telling them they don't have permission.

Code:
redirect('controller/function');

Like the previous poster was saying, if you redirect after the permission check, no code after that redirect will be executed, so this is what you would need to do.
  • El Forum
    Unregistered
  •  
#5
11-07-2010, 03:24 PM

[eluser]Codepeak[/eluser]
Or you can add "else" statement

// Make sure only an Administrator can use this controller
if ($this->session->userdata('user_group') != 'Administrator')
{
$data['title'] = 'Sorry, You Can\'t Do That';
$data['content'] = 'admin/not_admin';
$this->load->view('template', $data);
}
else
{
$data['title'] = 'My nice admin page';
$this->load->view('admin');
}

But I would rather build a proper auth library or use an existing.




Theme © iAndrew 2016 - Forum software by © MyBB