• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Deny dirrect access to a controller...

#1
[eluser]rvent[/eluser]
Hello,

I was wondering how can i deny direct access to a controller so users cant just do:
http://domain.com/control_pannel/

I have written a library that uses LDAP to authenticate to Active directory and want to be able to redirect an authenticated user to a different controller, but i dont want them to be able to type the full address in the address bar and gain access...

Any ideas...?

some CI file have:
if ( ! defined('BASEPATH')) exit('No direct script access allowed');

But i dont think that's what i am looking for...

Thanks..

#2
[eluser]Steven_W[/eluser]
you can set functions within a controllor to private by adding an underscore to its name, _myfunction(), would that work?

#3
[eluser]rvent[/eluser]
Nope...

Here is one of the functions i have in the default controller:

Code:
function test()
    {
        $user = 'test1@domain.com';
        $pass = 'my_secret';
        $out = $this->hst_ldap_auth->hst_ldap_login($user, $pass);
        
        if($out)
            redirect('/welcome', 'location');
        else
            echo 'no good';
            
    }

If user successfully logs in he is redirected from /application/controller/login.php to application/controller/control_panel.php

But i find that i am able to type http://localhost/index.php/control_panel and get to it with no problems, therefore, defying the purpose of the authentication.

What you mention it refers to whether or not a function can be called from a different class..

Any more ideas..?

Thanks

#4
[eluser]Steven_W[/eluser]
did you set the index function to private?

#5
[eluser]kyleect[/eluser]
I notice a lot of people who post CI code use syntax that's friendly to PHP4, esp controllers. Why not declare that controller method private rather than using an underscore? I also noticed that a lot of people don't declare class variables as public/private but use PHP4 syntax. I know the CI framework does this for compatibility but are there really that many people out there that are either running php4 or only know php through CI?

Regarding the question, setting this:

Code:
private function index(){}

will prevent people from accessing the controller. You need to declare every method private if you don't want them to access any of it.

#6
[eluser]rvent[/eluser]
Yeah, but then i get:
[05-Feb-2009 13:15:20] PHP Fatal error: Call to private Welcome::Welcome()

#7
[eluser]GSV Sleeper Service[/eluser]
how about
Code:
...
$out = $this->hst_ldap_auth->hst_ldap_login($user, $pass);
if($out){
   $this->session->set_userdata('logged_in','true');
   redirect('/welcome', 'location');
}

and in your control_panel controller

function __construct(){
   if(!$this->session->userdata('logged_in'){
      echo "bugger off";
      //redirect to login
   }
}

#8
[eluser]rvent[/eluser]
[quote author="GSV Sleeper Service" date="1233882696"]how about
Code:
...
$out = $this->hst_ldap_auth->hst_ldap_login($user, $pass);
if($out){
   $this->session->set_userdata('logged_in','true');
   redirect('/welcome', 'location');
}

and in your control_panel controller

function __construct(){
   if(!$this->session->userdata('logged_in'){
      echo "bugger off";
      //redirect to login
   }
}
[/quote]

Thanks..


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.