Welcome Guest, Not a member yet? Register   Sign In
Authentication
#1

[eluser]elmne[/eluser]
I have the following code which requires the placing of

$this->load->library('auth'); - in the constructor of a class so as to call the script in the library

$this->auth->restrict(); - in the method that i wish to restrict


However, this is not so convenient with many controllers and methods. How can i customise this so that i can have an additional function within "auth" that can restrict access to the entire class so that

$this->auth->restrict(); - is only used to restrict a method

$this->auth->restrict_class(); - a possible new function which can restrict access to an entire class

or even possibly a third function restricting access to an entire folder like "admin" so that all controllers within it are innacessible without logging in?


The code is shown below


auth.php - which is in libraries
Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');

class Auth {

    var $CI = null; // declare property
    
    // get the CI Super object
    function Auth()
    {
        $this->CI =& get_instance();
        $this->CI->load->library('session');
        $this->CI->load->database();
        $this->CI->load->helper('url');
    }

    

    function process_login($login = NULL)
    {
        // A few safety checks
        // Our array has to be set
        if(!isset($login))
            return FALSE;
    
        //Our array has to have 2 values
        //No more, no less!
        if(count($login) != 2)
            return FALSE;
    
        $username = $login[0];
        $password = $login[1];
    
        // Query time
        $this->CI->db->where('username', $username);
        $this->CI->db->where('password', $password);
        $query = $this->CI->db->get('users');
    
        if ($query->num_rows() == 1)
        {
            // Our user exists, set session.
            $this->CI->session->set_userdata('logged_user', $username);
            return TRUE;
        }
        else
        {
            // No existing user.
            return FALSE;
        }
    }

    function redirect()
    {
        if ($this->CI->session->userdata('redirected_from') == FALSE)
        {
            redirect('/admin');
        } else {
            redirect($this->CI->session->userdata('redirected_from'));
        }
    
    }



    /**
     *
     * This function restricts users from certain pages.
     * use restrict(TRUE) if a user can't access a page when logged in
     *
     * @access    public
     * @param    boolean    wether the page is viewable when logged in
     * @return    void
     */
    function restrict($logged_out = FALSE)
    {
        // If the user is logged in and he's trying to access a page
        // he's not allowed to see when logged in,
        // redirect him to the index!
        if ($logged_out && $this->logged_in())
        {
            redirect('/admin');
        }
    
        // If the user isn' logged in and he's trying to access a page
        // he's not allowed to see when logged out,
        // redirect him to the login page!
        if ( ! $logged_out && ! $this->logged_in())
        {
            $this->CI->session->set_userdata('redirected_from', $this->CI->uri->uri_string()); // We'll use this in our redirect method.
            redirect('/admin/login');
        }
    }
    
    /**
     *
     * Checks if a user is logged in
     *
     * @access    public
     * @return    boolean
     */
    function logged_in()
    {
        if ($this->CI->session->userdata('logged_user') == FALSE)
        {
            return FALSE;
        }
        else
        {
            return TRUE;
        }
    }


    function logout()
    {
        $this->CI->session->sess_destroy();
    
        return TRUE;
    }



}
// End of library class
// Location: system/application/libraries/Auth.php



the admin controller
Code:
<?php
class Admin extends Controller {

    function Admin()
    {
        parent::Controller();
        $this->load->library('auth');

    }

    function index()
    {
        // Show some fancy stuff, like a dashboard
        // OR, just use index as a placeholder for another, 'standard', method, like so:
        $this->news();
    }

    function news()
    {
        $this->auth->restrict();

        // Post some news items
        $this->load->view('news');
    }

    function profile()
    {
        $this->auth->restrict();

        $this->load->view('profile');
    }

    function login()
    {
        $this->auth->restrict(TRUE);

        if ($this->input->post('submLogin') != FALSE)
        {
            $login = array($this->input->post('username'), $this->input->post('password'));
            if($this->auth->process_login($login))
            {
                // Login successful, let's redirect.
                $this->auth->redirect();
            }
            else
            {
                $data['error'] = 'Login failed, please try again';
                $this->load->vars($data);
            }
        }
        $this->load->view('login');
    }
}

function logout()
{
    if($this->auth->logout())
        redirect('/admin/login');
}
#2

[eluser]Buso[/eluser]
the constructor Admin() is a method too, and if you restrict it, you restrict the whole class
#3

[eluser]elmne[/eluser]
Thanks for that.

Is there a way i can also restrict access to an entire folder?

For instance, having something that prevents "admin" from being added to the path or checks it to see if user is logged in?

I put the restrict in the admin controller but the path for subfolders and other controllers doesn't go through the admin controller, therefore i can now restrict each controller one at a time, but not all of them.
If there was a way i could make it work for folders beside extending the controller class, as it creates another task of having to remember to differentiate controller class for admin from that of non-admin areas.
#4

[eluser]Buso[/eluser]
For this I use different base controllers, eg: Frontend_Controller, Backend_Controller, Main_Controller, etc.
All the backend (or admin) controllers extend Backend_Controller, that way I only have to do the check inside Backend_Controller::__construct()
You will have to reaserch further on this subject, there are many approaches. I recommend you this article http://philsturgeon.co.uk/news/2010/02/C...ing-it-DRY
#5

[eluser]elmne[/eluser]
Thanks




Theme © iAndrew 2016 - Forum software by © MyBB