[eluser]M Moeen uddin[/eluser]
I have N controllers. one of which is HOme, home has login register etc functions.
I can check session and redirect in every controller. but what if the user just to view the site.(?) like home/viewpage/12 will not work. [BAD]
I can include security hook, which check session, I had to check what functions are to be allowed to guest, and what are to the other users. [BAD]
Whats the solution and where it is?
Please Guide as i m getting dis-interested in CI despite its ease in understanding..
Regards
Monee
[eluser]bigtony[/eluser]
Here is one way:
Step 1. Create a helper (e.g. access_helper.php) that has a function like this.
Code: function ensure_logged_in() {
$CI =& get_instance();
if ($this->session->userdata('logged-in') == '1'):
return TRUE;
else:
redirect('login');
endif;
}
Step 2: In each controller that can only be accessed by logged in users, put a call the above function in the _remap() function:
Code: function _remap() {
ensure_logged_in();
$this->index();
}
[eluser]jedd[/eluser]
[quote author="bigtony" date="1248813379"]Here is one way:
Step 1. Create a helper (e.g. access_helper.php) that has a function like this.
Code: function ensure_logged_in() {
$CI =& get_instance();
if ($this->session->userdata('logged-in') == '1'):
return TRUE;
else:
redirect('login');
endif;
}
[/quote]
That won't work - mostly because you're assuming $this is still there, despite copying it to $CI.
And I prefer this stuff in MY_Controller (read the User Guide section on extending the core controller) as this feature is something I want in every controller (and so I don't need the $CI =& ... copy at all (not that it's terribly expensive)).
But it does mean that you don't need your helper called in every controller (this might actually be expensive, depending on how fat your helper is).
Anyway, a comparable function I have in my MY_Controller for testing admin-ness:
Code: function _is_admin ( ) {
return ($this->session->userdata('admin')) ? TRUE : FALSE;
}
For just checking if someone is logged in, I have this in MY_Controller:
Code: function _ensure_authenticated_user ( $page_message = "this") {
if (! $this->session->userdata('login_name')) {
$this->session->set_flashdata('user_needs_to_login', $page_message);
redirect('/people/login');
}
}
.. and in my various controller's constructors I have this line:
Code: $this->_ensure_authenticated_user( "Forum" ); // Put your own message in there
... which is a one-way ticket (if they're not logged in) to people/login - which in turn just uses whatever info I send the function .. and that displays just above the login: box that they get shown. You could get smart and auto-generate the 'Forum' replacement there - take it from the controller name, perhaps - but I like the flexibility of picking something appropriate to the page name.
[eluser]M Moeen uddin[/eluser]
Hmm... I was assuming that the controller home has functions which are allowed to registered as well as unristered users... like view_page function could be seen by both..
Now it seems that the Controllers has to be separated like which are Session checked and which are not.
So this was my basic mistake!!
To restrict the Access on function like home/showpoll/... what will i do? I have to use security thing!!
Also If i made a Frontend [ shows the unrestricted pages] , and I want to replicate some of the functions that are in Controller say Foo having [registered check function], then i need to take my application logic (found in Foo) into the Foomodel and load the model in the FRONTEND controller...
Well, my mind is a mess right now. I need HELP!!
[eluser]jedd[/eluser]
[quote author="M Moeen uddin" date="1248819343"]Hmm... I was assuming that the controller home has functions which are allowed to registered as well as unristered users... like view_page function could be seen by both..
Now it seems that the Controllers has to be separated like which are Session checked and which are not. [/quote]
I'm not sure I can parse this properly, but .. if you're suggesting that you have some controllers that have methods that require authentication, but other methods that do not, then you can just bring the authentication back to the method level - do the check at the beginning of each method (or check the uri->segment in the constructor - take your pick). I have one controller where I do a uri->segment check in the constructor, but I accept that that's a tad ugly.
It's also possible that you have a design issue here - whereby you have a controller that has a split authentication system. This isn't necessarily a Big Problem - but given it's confusing you at the moment, it might reflect some deeper design problems for you.
[eluser]M Moeen uddin[/eluser]
This is to conclude.
I wanted have my various controlllers ( using sessions check in constructor ) functions used in some general controllers. NOW IT is clear to me the THE REALIZATION of Classes was the issue i was facing. So If you keep The class and its functionality intact, then you will not have this problem.
regards,
[eluser]bluepicaso[/eluser]
hello people,
Please help me,
below is the code for the controller that i have what i want is to start session so that as the administrator logs in the session should start and get in all admin pages so that o1 else can view them?
Code: <?php
class Admin extends Controller {
function Admin()
{
parent::Controller();
}
function index()
{
$data['not_exist'] = "";
$this->load->view('admin', $data);
}
function log()
{
$this->form_validation->set_rules('user', 'Username', 'required|min_length[5]|max_length[20]');
$this->form_validation->set_rules('pwd', 'password', 'required|min_length[8]|max_length[20]');
//-------------------------------------------^this above will be shown in the error above on the form-----
//----------------------Also the above function Says the field is required-------------
if ($this->form_validation->run() == False)
{
$data['not_exist'] = "Login Unsuccessfull, Please enter valid detials";
$this->load->view('admin', $data);
}
else
{
$user = $this->input->post('user');
$password = $this->input->post('pwd');
$password = md5($password);
$this->load->model('getUser');
$data['result'] = $this->getUser->getAdmin($user, $password);
if($data['result'] == null)
{
$data['not_exist'] = "Login Unsuccessfull, Please enter valid detials";
$this->load->view('admin', $data);
}
elseif(!$data['result'] == null)//---if the values are found------
{
$this->load->view('admin_home', $data);//-----i wnat to create session before it reachs view
}
}
}
}
?>
[eluser]Shanto[/eluser]
[quote author="joymania" date="1250584219"]hello people,
Please help me,
below is the code for the controller that i have what i want is to start session so that as the administrator logs in the session should start and get in all admin pages so that o1 else can view them?
Code: <?php
class Admin extends Controller {
function Admin()
{
parent::Controller();
}
function index()
{
$data['not_exist'] = "";
$this->load->view('admin', $data);
}
function log()
{
$this->form_validation->set_rules('user', 'Username', 'required|min_length[5]|max_length[20]');
$this->form_validation->set_rules('pwd', 'password', 'required|min_length[8]|max_length[20]');
//-------------------------------------------^this above will be shown in the error above on the form-----
//----------------------Also the above function Says the field is required-------------
if ($this->form_validation->run() == False)
{
$data['not_exist'] = "Login Unsuccessfull, Please enter valid detials";
$this->load->view('admin', $data);
}
else
{
$user = $this->input->post('user');
$password = $this->input->post('pwd');
$password = md5($password);
$this->load->model('getUser');
$data['result'] = $this->getUser->getAdmin($user, $password);
if($data['result'] == null)
{
$data['not_exist'] = "Login Unsuccessfull, Please enter valid detials";
$this->load->view('admin', $data);
}
elseif(!$data['result'] == null)//---if the values are found------
{
$this->load->view('admin_home', $data);//-----i wnat to create session before it reachs view
}
}
}
}
?>
[/quote]
Try this
Code: <?php
class Admin extends Controller {
function Admin()
{
parent::Controller();
}
function index()
{
$data['not_exist'] = "";
$this->load->view('admin', $data);
}
function log()
{
$this->form_validation->set_rules('user', 'Username', 'required|min_length[5]|max_length[20]');
$this->form_validation->set_rules('pwd', 'password', 'required|min_length[8]|max_length[20]');
//-------------------------------------------^this above will be shown in the error above on the form-----
//----------------------Also the above function Says the field is required-------------
if ($this->form_validation->run() == False)
{
$data['not_exist'] = "Login Unsuccessfull, Please enter valid detials";
$this->load->view('admin', $data);
}
else
{
$user = $this->input->post('user');
$password = $this->input->post('pwd');
$password = md5($password);
$this->load->model('getUser');
$data['result'] = $this->getUser->getAdmin($user, $password);
if($data['result'] == null)
{
$data['not_exist'] = "Login Unsuccessfull, Please enter valid detials";
$this->load->view('admin', $data);
}
elseif(!$data['result'] == null)//---if the values are found------
{
// Load session library, if already loaded skip this line
$this-load->library('session');
// Set an admin session
$this->session->userdata('admin', true);
$this->load->view('admin_home', $data);//-----i wnat to create session before it reachs view
}
}
}
}
?>
[eluser]bluepicaso[/eluser]
Thanx it helped.. actually i solved it last night....Thanks a lot...
|
