What is the best point in CI to run an authentication check for an admin section?

[eluser]hal10001[/eluser]
I have several controllers that make up my admin section, and I'm having trouble determining where I should be running my authentication check. I'm looking for a one-time check, so I thought a hook would be appropriate -- pre-controller, where I would first check if the user was in the admin, and if they were, check to see if they are logged in. Is that typical, or is there another better approach? I'm not interested in an auth library, but if you have insight into how most CI auth libraries accomplish the task it would be helpful. Thanks.

[eluser]pistolPete[/eluser]
Another approach, which I think is better because it's better structured, is extending the controller class:

MY_Controller.php

Code:

class Auth_controller extends Controller
{    
    function Auth_controller()
    {
        parent::Controller();
        // do the auth stuff here
    }
}

Admin.php

Code:

class Admin extends Auth_controller
{    
    function Admin()
    {
        parent::Auth_controller();
        (...)
    }
}

[eluser]TheFuzzy0ne[/eluser]
I've added these two functions to my custom controller:

Code:

function _admin_restricted_area()
{
    if (! $this->auth->isAdmin())
    {
        show_404();
    }
}
    
function _user_restricted_area()
{
    if (! $this->auth->isLoggedIn())
    {
        redirect('/forums/member/login');
    }
}

I can then simply add:

Code:

$this->_admin_restricted_area();
// or
$this->_user_restricted_area();

to my controller constructor, and the jobs a good'en.

[eluser]rvent[/eluser]
i do it like this since many users have different roles which are based on Active directory groups. I know the === is not very good practice, but it works for the moment.

Code:

/**
     * Loads admin view
     *
     * @access    public
     * @return    void
     **/
    function index()
    {
        if ($this->session->userdata('user_role') === "sys_admin")
        {
            $sess_data['role'] = $this->session->userdata('user_role');
            $this->load->view('Admin/home', $sess_data);
        }
        else
        {
            $this->session->sess_destroy();
            // Change to make this grafully        
            redirect('../index.php/testcenter', 'refresh');
        }
    }

[eluser]drewbee[/eluser]
Since when is using === not a good practice? IMO, it is even better practice and is above and beyond. It validates the context of the comparison, as well as the literal types.

'1' == 1 (TRUE)
'1' === 1 (FALSE)

Also, I use an ACL with groups. Anyone with the admin role can access the admin area of the site.

[eluser]pistolPete[/eluser]
[quote author="drewbee" date="1236122737"]Since when is using === not a good practice? IMO, it is even better practice and is above and beyond.[/quote]

=== is even faster than ==

[eluser]jdfwarrior[/eluser]
Agreed, if someone told you that was bad.... they lied.

[eluser]hal10001[/eluser]
[quote author="pistolPete" date="1236114666"]Another approach, which I think is better because it's better structured, is extending the controller class:

MY_Controller.php

Code:

class Auth_controller extends Controller
{    
    function Auth_controller()
    {
        parent::Controller();
        // do the auth stuff here
    }
}

Admin.php

Code:

class Admin extends Auth_controller
{    
    function Admin()
    {
        parent::Auth_controller();
        (...)
    }
}

[/quote]

This approach worked well for me (although I used the generic MY_Controller name instead of Auth_controller), and I think it fits within the OO paradigm. If I had a need to extend the Controller from other points in the application I would need to rethink how I would want my custom controller structured, but this gets me going in the right direction. I suppose that is why I have read where some other developers request the ability to extend core classes more than once.