• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Access restrictions to pages using Session.

#1
[eluser]Joseph1982[/eluser]
Hi all,


Now I am facing another issue with CI and is related to Session.. The task is about User Validation.. After login, the details are stored in Session..And I want to make it, so that only Logged In users can access some pages..

In normal php development, we can make it by using a function and call to that function in the restricted pages. Then the page will be redirected to login page, if the user doesn't have permission or not logged in.. How can I do this from inside the Controllers ?


Have any libraries available for this ?

#2
[eluser]LuckyFella73[/eluser]
Hi Aniesh,

in the CI wiki you can get more informations about that:
http://codeigniter.com/wiki/Category:Con...ntication/

If you don't need more advanced settings like different user levels I can
recommend a tutorial written by Bramme. I just gave it a try and found
it very usefull. It's a good way to start and you can extend the class like
needed. Tutorial link:
http://www.bramme.net/2008/07/29/auth-li...-tutorial/

There are a lot of threads about advanced libraries in this forum in case
Brammes library is too basic for you.

#3
[eluser]crumpet[/eluser]
I extended the controller class and added a function called _weed_nonusers(). This function will check if the person is logged in and then redirect to the login page if they aren't. So whenever i have a function that is restricted access, I just add $this->_weed_nonusers() at the very beginning of the function.

Also, if you haven't changed your database class to one of hte user created ones in the wiki section that store session info in the database, then you should write a sentry class which validates the session cookie whenever you need to restrict access. Otherwise its easy for someone to go into the cookie and change admin=0 to admin=1 for instance.

#4
[eluser]Joseph1982[/eluser]
Hi Friends,

After searching, I created a library for Session Validation. It works like this:

1. After a user login to the site, I added a variable 'logged_in' to Session.

2. Then on the page where it need to check the User Authentication, I just called the Session validation function to make sure that whether the user is logged in or not.

To do this:

Create a new library and save with the name: 'User_authentication.php'

Path to save the Library is: system/application/libraries/User_authentication.php

User_authentication.php file Content is:

Code:
<?php  if (!defined('BASEPATH')) exit('No direct script access allowed');

/**
* Code Igniter AJAX Class
*
* This class enables you to check User Authentication with the help of Session.
*
* @package        CodeIgniter
* @subpackage    Libraries
* @category    Libraries
* @author        Aniesh
* @link        http://www.no-link-yet.com
*/


class User_authentication
{
    private $obj = null;

    function User_authentication()
    {
        $this->obj =& get_instance();
    }

    function user_validation()
    {

        // Not logged in, then redirect to the Home Page.
        if(!$this->obj->session->userdata('logged_in'))
            redirect('');
    }

}

?>

Then load the Session and this User Authentication library to all pages. For this open the page:

system/application/config/autoload.php


Then search for the $autoload['libraries'] and add the following:

Code:
$autoload['libraries'] = array('User_authentication', 'session');

A sample Controller page, where I need to test the Use Authentications is:

Code:
<?php

class Mysubscription extends Controller
{
    function __construct()
    {
        parent::Controller();

                // This will do the Session Validation task.
        $this->user_authentication->user_validation();
    }

        //  function add-your-functions-here()
      
}

?>


Thank You.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.