Point me in the right direction?

[eluser]Jason McCallister[/eluser]
I am still new to CI and I understand what it can be used for but I am having a problem piecing together the back-end "user" area.

I know that I need to create forms for the end user but I am kind of confused as to where/what I need to create a password protected area with CI. Can someone point me in the right direction?

I want to make a very simple CMS for a client and I need to secure it for them... Its basically going to have 3 pages that they can actually edit so does anyone have any good tips/add ons for CI I should know about?

BTW I did watch the tutorials on CI and made a "blog" so I have gotten at least that far! :cheese:

[eluser]Colin Williams[/eluser]
Usually the first step is to sketch out a diagram for how your system is going to work. Basically you need an authentication system that matches supplied credentials against stored credentials. Then, you need an authorization system that checks whether or not the authenticated user can access a specific area or perform a specific action.

[eluser]ehicks727[/eluser]
[quote author="WTHIGO?" date="1219563918"]I am still new to CI and I understand what it can be used for but I am having a problem piecing together the back-end "user" area.

I know that I need to create forms for the end user but I am kind of confused as to where/what I need to create a password protected area with CI. Can someone point me in the right direction?

I want to make a very simple CMS for a client and I need to secure it for them... Its basically going to have 3 pages that they can actually edit so does anyone have any good tips/add ons for CI I should know about?

BTW I did watch the tutorials on CI and made a "blog" so I have gotten at least that far! :cheese:[/quote]

I mean no disrespect to the CI community, and I understand why it's not included, but this is one of the things that has really frustrated me about CI... no authentication library. Yes, you can use FreakAuth and others, but quite frankly, I haven't found an auth system that I like. I ended up having to pay someone to write one for us.

Anyway, you need an authentication system. Just do a search on "auth" or "authentication" and don't forget to search the wiki either.

To directly answer your question...

You just do a check for any page that you need to secure. So, if your user is just looking at your /aboutus.php page, then you don't really need to secure that, right?

However, if your user is trying to edit a post in your CMS, then you need to make sure that they have privileges to edit the post.

This is simply an if statement in your controller (well, this is one way of doing it. There can be more).

This is pseudocode, but something like this would do

if user = admin show this view
else go to a login or "error, you don't have privileges" view.

make sense?

[eluser]Randy Casburn[/eluser]
@ehicks727 -- Reference:

[quote author="ehicks727" date="1219614814"]... but quite frankly, I haven't found an auth system that I like. I ended up having to pay someone to write one for us.[/quote]

Since this is off topic, in order to respect the OPs thread, would you mind sending me a PM specifying precisely what you needed or didn't like about the existing solutions?

I'm not affiliated with EllisLab in anyway.

Thanks,

Randy

[eluser]Colin Williams[/eluser]
ehicks727, I think you, and many others who gripe about the lack of core authentication and authorization libraries, miss the fact that CI provides every tool needed to build robust systems of your own. The core does have a solid Session library, Database abstraction layer and Encryption library, all the tools you need for authentication/authorization.

By the same token, CI does not have a core Taxonomy library, but it has every tool needed to build one.