• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
User Auth with Private Function

#1
[eluser]johnmchilton[/eluser]
My login function sets a session userdata variable called "logged_in". At the beginning of each other function, the value of that is checked. This was a terrible solution, because it meant that all of the function's code had to be in an else {} block:
Code:
function index() {
  if(!$this->session->userdata('logged_in') {
    $this->load->view('login');
  } else {
    //what this function is meant to do, ending with...
    $this->load->view('main');
  }
}
So I decided to move that to a private function, which I'm calling _init(). Here is the basic structure of how I want it to work:
Code:
function _init($check=true) {
  $data["header"] = "Welcome ...";
  $data["title"] = "Site Title ...";

  if($check) {
    if(!$this->session->userdata('logged_in')) {
      $this->load->view('login');
    }
  }
}


function index() {
  $this->_init();

  $this->load->view('main');
}
However, loading the login view doesn't stop execution. I don't know how to get the login part to stop the rest of its caller...does anyone know what I'm trying to say or how to help? Thanks!

#2
[eluser]Phil Sturgeon[/eluser]
Right k, STOP right there.

That is one nasty way of user authentication. To answer your question, try the code:

Code:
if(!$this->session->userdata('logged_in')) {
      $this->load->view('login');
      exit(); // <-- Add that
    }

But this code is not the way to go. Instead of using this code in _init use it in a hook. In /config/hooks.php add:

Code:
$hook['post_controller_constructor'][] = array(
    'function' => 'grantAccess',
    'filename' => 'grantAccess.php',
    'filepath' => 'hooks',
    );

Enable hooks in /config/config.php

Make a file in /hooks/ called grantAccess.php and make a function the same name.

In that function, put your authorisation code. That will make it load for all controllers!

You could put in an array or a few if's for pages you dont want blocked. For example:

Code:
$class = $CI->uri->router->class;
$method = $CI->uri->router->method;

if(in_array($class, $public_classes)) return;
if(in_array($method, $public_methods)) return;

Something like that.

#3
[eluser]Henrik Pejer[/eluser]
Good advice mr Pyro!

#4
[eluser]johnmchilton[/eluser]
Thanks. I'm taking your advice, but just for my knowledge (or whomever else is reading), why specifically was my first method bad?

#5
[eluser]johnmchilton[/eluser]
EDIT: I fixed my problem. Just in case anyone wants to see what I did, here you go! :-)
Code:
&lt;?php

function siteSetup() {
    
    $ci =& get_instance();
    
    $class = strtolower($ci->uri->router->class);
    $method = $ci->uri->router->method;
    
    $public_functions["admin"] = array("login","logout");

    
    if(!in_array($method,$public_functions[$class])) {
        
        if($ci->session->userdata($class . "_logged_in") != true) {
            
            redirect($class . "/login");
        }
    }
}
?&gt;

#6
[eluser]Phil Sturgeon[/eluser]
[quote author="johnmchilton" date="1183409938"]Thanks. I'm taking your advice, but just for my knowledge (or whomever else is reading), why specifically was my first method bad?[/quote]

Basically you want as little code repetition as possible. You also want no hard-coded settings. All options should be in sensible places and your newest code is an example of this.

I was proposing either a database or a /config/permission.php with such arrays in them, but this is one potential method and not one you have to use. There is little point in setting the array directly over the IF statement though.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.