• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Basic authentication system

#11
[eluser]jayrulez[/eluser]
i haven't started using CI yet so i'm not sure about the syntax but my suggestion would be to use two controllers, one for the public where you can have your login method and pther methods that do not require authorisation.

have your controller that requires authorisation extend a base controller. eg

Code:
<?php

class Base extends CI_main_controller//whatever the name of CI_main_controller is
{
   public function __construct()
   {
      if(!$this->session->userdata('logged_in'))
      {
         redirect('/login/');
      }
   }
}

?>

now ur controller
Code:
<?php

class Blog extends Base
{
   public function __construct()
   {
      parent::__construct();
   }

   public function index()
   {
      $this->display();
   }
}

?>

and then your public controller
Code:
<?php

class Public extends CI_main_controller//whatever the name of CI_main_controller is
{
   public function login()
   {

   }

   public function register()
   {

   }
}

?>

#12
[eluser]Dam1an[/eluser]
@jayrulez, that was going to be my first suggestion, but he has the login function in the same controller as lots of restricted functions, hence my 'hack' of making sure you're not on the login page

#13
[eluser]TheFuzzy0ne[/eluser]
"public" is a reserved word, so it would probably be wise not to use that as a class name.

#14
[eluser]jayrulez[/eluser]
yes, in my experience with MVC i used PublicAction as the class name hence i put Public. it would be wise not to use public as you said.

#15
[eluser]Huji[/eluser]
Ok let me tell why I put authentication inside the same controller that handles private data: If I had a different controller for authentication, the url would have been like: /login/ and I might have to submit to /login/do/ for example. Then if authentication was successfull, I would have to redirect to /private/ and this redirect thing is what I want to avoid. You can't maintain the posted data in a redirect easily, so I don't want a redirect to take place.

You may say I don't need a redirect if I set my forms action to /private/login/ for example. However, if the input is incorrect and I have to redirect the user back to the login form, I can't transfer the posted data along with it (I need this data to fill in the "username" box again, asking for the correct password).

#16
[eluser]jayrulez[/eluser]
thats quite simple if you have the login method in a different controller.

the setup should be something like this, this is not codeignitor standard but should give you an idea of what to do
Code:
if($this->request->isPost())
{
  $map['email'] = $_POST['email'];
  $map['pass'] = $_POST['pass'];

  $userDao = D('User');
  $user = $userDao->find($map);
  if($user)
  {
    //set cookies or sessions etc
    $this->redirect('private');
  }else{
    $error = 'email or password incorrect';
  }
  
}
$this->display();

and in your template file you might have

Code:
<div class="login">
  <present name="error"><div class="error">{$error}</div></present>
  &lt;form action="/login" method="post"&gt;
    <label>Email</label>&lt;input name="email" type="text" value="&lt;?php echo $_POST['email']; ?&gt;"/&gt;
    <br/>
    <label>Password</label>&lt;input name="pass" type="password" value=""/&gt;
    <br/>
    &lt;input type="submit" value="Login"/&gt;
  &lt;/form&gt;
</div>

now that way, even if login fails, the login page will be shown again and the email you entered previously will be in the input box for email

#17
[eluser]n0xie[/eluser]
[quote author="Huji" date="1244765655"] Then if authentication was successfull, I would have to redirect to /private/ and this redirect thing is what I want to avoid.
[/quote]
Why?

[quote author="Huji" date="1244765655"]
You can't maintain the posted data in a redirect easily, so I don't want a redirect to take place.
[/quote]
What POST data would you want to maintain? The only POST data is the username/pw combo. If the user is logged in successful, there is no need for this POST data any more. If the username/pw was incorrect, you would handle that in the '/login' controller which does have access to the POST data (so you can repopulate the form just like you want.) The decoupling of the login credentials concern with the rest of your website is a good thing. If you ever decide to change the way people log in, you'd have to go over ALL your controllers to change the code. This way you only have to worry about 1 controller. Let's say you want to add OpenID support. You just add it as a method to your login controller and you're done.

I don't really understand what the problem is, maybe you can explain it more clearly, since to me it sounds like you have problems that aren't really problems.

#18
[eluser]Huji[/eluser]
I have another question in this same area: when we call redirect() can we be sure than the rest of the code is not executed? I mean, if we have code like this:

Code:
if( ! $this->session->userdata(‘logged_in’))
    {
      redirect(’/login/’);
    }

// OTHERWISE DELETE A WIPE OUT THE DATABASE
...

Can we be sure that the wipe out section is only run when authentication is confirmed?

#19
[eluser]jayrulez[/eluser]
that section shouldn't execute but if you want to be sure then why not just do it like this

Code:
if( ! $this->session->userdata(‘logged_in’))
    {
      redirect(’/login/’);
    }else{
//trancuate database
}

or exit on redirecct like
Code:
if( ! $this->session->userdata(‘logged_in’))
    {
      redirect(’/login/’);
exit();
    }

#20
[eluser]Huji[/eluser]
if .. else is not an option here (read the whole post again please) since I was looking for a way to put the IF condition inside the constructor instead of having it in the beginning of every function, and I can't have an ELSE like that.

Using exit() or die() is another option, but that is exactly my question: Do I need to use it? Or does redirect automatically take care of it?


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.