Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Architectural question
Architectural question
  • El Forum
    Guest
  •  
#1
01-12-2009, 06:24 AM

[eluser]i_am_using_ci[/eluser]
Hi, I got a problem while developing my application with CI:

I have admin class which handles some methods, also this class has internal login/logout methods, it's based on sessions.

The problem is: I wan't to deny usage of any method except login/logout to unauthorized users, how can it be done? I've tried to make some checks in __construct() and wrote internal library for this, but I got infitity redirect when I'm trying to redirect unauthorized user.

How can I fix my architectural problem?
  • El Forum
    Guest
  •  
#2
01-12-2009, 08:25 AM

[eluser]jalalski[/eluser]
Use public, protected and private on the methods.
  • El Forum
    Guest
  •  
#3
01-12-2009, 08:29 AM

[eluser]i_am_using_ci[/eluser]
In what way? How can it help me?
  • El Forum
    Guest
  •  
#4
01-12-2009, 08:59 AM

[eluser]dmorin[/eluser]
Apparently, you've managed to implement the "Authentication" portion (who are you) of a login system and now you need the "Authorization" component (what can you do). So the question becomes, how are you storing who is an authorized admin and who is not? Is this being added to the session? If not, it should be.

The next issue I see is that you're mixing multiple concepts in one controller. What is an "Admin" class? It sounds like a class for managing the backend of the application in which case it isn't related to the login system and the two should be in different classes/controllers. Once you do this, you can add checks for the is_logged_in and is_admin (whatever you're naming them) session variables to the construct of your "admin" class to protect all of the methods within it.

Hope that makes sense. Also note that a good login system is difficult to implement and if this will be a public website, you may want to look at the systems other people have created. Just search on the wiki. Good luck.
  • El Forum
    Guest
  •  
#5
01-12-2009, 09:18 AM

[eluser]jalalski[/eluser]
[quote author="i_am_using_ci" date="1231792163"]In what way? How can it help me?[/quote]

Sorry, maybe I misunderstood the question. It was 'pre-coffee'... Smile
  • El Forum
    Guest
  •  
#6
01-12-2009, 09:29 AM

[eluser]i_am_using_ci[/eluser]
I understand OOP and MVC logic,
I have site which has admin area to manage some public site content, authorization is related only to admins, there are just 1 user class so I doesn't need to separate privileges.

I have simple problem, why can't you understand this?

This is source (primitively) of my controller: http://stikked.com/view/38325689

if I'm doing in my controller something like this:

pubic function __construct() {

...

if($this->session->userdata('logged_in') != true) {

redirect('admin/login_form');

}

}

I am getting infinity redirect, because it's in constructor, and login_form executes after controller, but when you have redirect in conroller - it's getting to be infinity,

that's understandably?

I don't need quotes from theories about OOP and MVC,
I need answer what's incorrect in my arch/brain/hands or maybe CI, how can I redirect unauthorized users to login form and disallow them to use any of admin methods?
  • El Forum
    Guest
  •  
#7
01-12-2009, 09:40 AM

[eluser]dmorin[/eluser]
Um...ok...so you totally completely understand OOP and MVC, you just have no idea what's going on...got it :-)

So you have something in the constructor of your class that redirects anyone that isn't logged in. How could you ever possibly get to the login function within that class if you're checking to see if they are logged in when the class is instantiated??? Of course there's an infinite redirect!

The solution is to either break out the authentication functions into a NEW class that isn't checking for a login in the constructor (AS I RECOMMENDED PREVIOUSLY), or just move your logged_in session check out of the constructor into each individual method (function) that needs to be protected.

Quote:I don’t need quotes from theories about OOP and MVC

This kind of attitude isn't going to get you very far on this forum or any other. The answer to your problem is in my previous post, but you got so caught up it knowing that you were doing it correctly, you didn't realize that maybe you're not!

Anyway good luck. If this doesn't work, please don't reply back telling us how you already know everything and you don't need "quotes from theories" and then proceed to ask for our help. Bad form...
  • El Forum
    Guest
  •  
#8
01-12-2009, 09:51 AM

[eluser]i_am_using_ci[/eluser]
Nice sense of humor, I din't tell you I completely and defenetely understand everything, don't even told "WTF's going on, it must not be so".

It's not the way to check session var in every method, I'll try with outer login/logout.

Thx.
  • El Forum
    Guest
  •  
#9
01-13-2009, 12:16 AM

[eluser]MpaK69[/eluser]
[quote author="i_am_using_ci" date="1231795781"]I understand OOP and MVC logic,
pubic function __construct() {
if($this->session->userdata('logged_in') != true) {

redirect('admin/login_form');

}

}
[/quote]

show error Smile

Code:
pubic function __construct() {
    if($this->session->userdata('logged_in') != true) {
        show_error('Access denied');
    }
}
  • El Forum
    Guest
  •  
#10
01-13-2009, 07:45 AM

[eluser]dmorin[/eluser]
The problem with showing an error this way is that it's still being done in the constructor of the controller containing the login method. So, going to the login page will always show an error and they'll never be able to login. Which is why the check either needs to be moved into the protected methods, or the login methods need to be moved to a new controller.




Theme © iAndrew 2016 - Forum software by © MyBB