Welcome Guest, Not a member yet? Register   Sign In
Login check


In the application I am building I need to check if a user is logged in. Currently I am doing this by extending the Core Controller.
Every controller I create now extends MY_Controller.

But I was thinking: Can't I put this Login check into a Library, Helper or Plugin?
This way I can use the default "extends Controller" again. Which is a lot easier...

Can anyone tell me which way is correct?

I think you should only extend Controllers if really necessary.
A library is a perfectly suited place to put things like authentication.
You can load the library in the constructor of each Controller you want to use it in,
or you can autoload it so it is fully 'automatic'.

Autoloading seems the best option, but is there a way to prevent a library from autoloading?
Because the logincheck should not load in the Login controller. Else it will end up in a endless loop...

Then maybe you should change your library a little bit. In stead of the library automatically redirecting to the login controller, you could create a method in the library called 'is_logged_in()'. Then you can use this information in each controller. It makes the library more useful than just a simple 'redirect if not logged in' function.

The nice thing about that is that you can do things like
function show_some_info()
  if ($this->login_model->is_logged_in())
    // show some private information here
    // show a message to the public here, like "if you were logged in, you could see more information!"

Thanks for your example. But i'm using it for a Admin panel where you NEED to be logged in. No need to show "if you were logged in" information there.

I now used the autoload method. I need to add "$this->checklogin->check();" to every controller which requires login.
Wish it could be easier. To require login unless you set a variable in the controller to disable login. But I can't think of a solution now...

I see. Most websites have an admin area but also a public area. So in those cases it is very handy to do it that way.

I think it is not so bad to have this extra line of code. It allows you flexibility.
Also, you can use your Login model for other tasks, such as administrator roles: so you can have controllers that are
available to some administrators and not others, depending on their level of access rights.

I now solved it using autoloading. Just like I had in mind.
I only have to add the pages to the exclude array to prevent them being checked. At this moment it's only the login page, but more might be coming...

Maybe I will use your code in the future, but at this moment it's not needed. Thanks for your help!

if (!defined("BASEPATH")) {
    exit("No direct script access allowed");

class CheckLogin {
    function __construct() {
        $ci =& get_instance();
        // Pages to exclude from login check
        $excluded = array("login");
        if (!in_array($ci->uri->segment(1), $excluded)) {
            $is_logged_in = $ci->session->userdata("is_logged_in");
            if (!isset($is_logged_in) || $is_logged_in != TRUE) {

Theme © iAndrew 2016 - Forum software by © MyBB