Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Authentication on a hook
Authentication on a hook
  • El Forum
    Guest
  •  
#11
04-01-2008, 01:27 PM

[eluser]mscahill[/eluser]
I'm just going to have to do without caching because any page I would want cached is going to have POST data. Thanks for your help.

Now I have to look into CI on the CLI so I can cache the biggest resource hogs on a nightly basis...
  • El Forum
    Guest
  •  
#12
04-02-2008, 06:22 AM

[eluser]mscahill[/eluser]
Btw - thanks for your help!
  • El Forum
    Guest
  •  
#13
04-02-2008, 07:16 AM

[eluser]wiredesignz[/eluser]
If you need access to the CI instance and classes, then you should not even consider using hooks for this.

Using MY_Controller as a parent Controller class extension and an Auth library in its constructor is all that is needed for this type of security.
  • El Forum
    Guest
  •  
#14
04-02-2008, 09:29 AM

[eluser]Jamie Rumbelow[/eluser]
Or you could do a Pre-Controller Hook; just check to see if logged in then if not send it to the login page.
  • El Forum
    Guest
  •  
#15
04-02-2008, 11:07 AM

[eluser]danostuporstar[/eluser]
I'm just now starting to use CI for the first time ... this discussion of hooks is useful and interesting to me, so thanks to everybody posting. That said, may I go slightly off-topic and mention that storing the password in a cookie may not be the best way to meet the requirement "that the entire application be secure", even if it's hashed (but especially if it's not).
  • El Forum
    Guest
  •  
#16
04-02-2008, 11:34 AM

[eluser]mscahill[/eluser]
What do you recommend?
  • El Forum
    Guest
  •  
#17
04-03-2008, 06:46 AM

[eluser]mscahill[/eluser]
I poked around online some, and it seems that the most secure method is checking user credentials, and then storing the user_name, a session_id, and a date in the database. The cookies, then, would be an encrypted user_name and session_id. The Auth model would look for the session_id and user_name to exist within that day's sessions. It would be kind of like buying a day pass to Disney. :-)

What do you think?
  • El Forum
    Guest
  •  
#18
05-20-2009, 10:34 AM

[eluser]alant[/eluser]
Does anyone know how you could get at session data as in :

Code:
function _display_cache(&$CFG, &$RTR) {
    $isLoggedIn = $this->session->userdata('isLoggedIn'));
    if ( $isLoggedIn ) { // Turn caching off when logged in
      return FALSE;
    } else {
      return parent::_display_cache($CFG,$RTR);
    }
}

I want to turn caching off if a content editor is logged in..

Cheers,
Alant
  • El Forum
    Guest
  •  
#19
05-20-2009, 12:31 PM

[eluser]louis w[/eluser]
Wht don't you just do the authentication check in your controllers construct method?

For my CMS is is what I do. I have a base controller which does all this kind of stuff, and then extend it for all my other controllers. Much more integrated and less transparent solution then remembering you have a hook in place.
  • El Forum
    Guest
  •  
#20
05-21-2009, 02:36 AM

[eluser]alant[/eluser]
It seems to me that if there is a valid cached version of a page the controller doesn't even get executed so I can't force an uncached page to be shown. That's why I was trying to manipulate _display_cache.. I think if I can return a false there, then the controller is forced to execute? I think.




Theme © iAndrew 2016 - Forum software by © MyBB