Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Scaffolding password protection
Scaffolding password protection
  • El Forum
    Guest
  •  
#1
10-06-2009, 05:21 AM

[eluser]markwu[/eluser]
Original post come from: How to add password protection in CodeIgniter Scaffolding

It is really bad that CodeIgniter does not support password protection in scaffolding. I just go thorugh most scaffolding related posts in CodeIgniter forum, it seems no easy and clear solution for it. So, I just come out my own based on hooks function.

Here comes the code. Just follow it, and you will get a simple password protection for scaffolding:

1. Enable hook in your CodeIgniter application

Code:
application/config.php

    [...]
    $config['enable_hooks'] = TRUE;
    [...]

2. Add a hook setting for pre-controller
Code:
application/hooks.php

    [...]
    $hook['pre_controller'][] = array(
                                    'class'    => 'SimpleHttpAuth',
                                    'function' => 'authenticate',
                                    'filename' => 'SimpleHttpAuth.php',
                                    'filepath' => 'hooks/SimpleHttpAuth',
                                    'params'   => array()
                                    );
    [...]



3. Put the following scripts into application/hooks/SimpleHttpAuth/SimpleHttpAuth.php

Code:
<?php
        class SimpleHttpAuth
        {
            private $user = "username";
            private $pass = "password";

            function __constructor()
            {
            }

            function authenticate()
            {
                $router =& load_class('Router');

                if($router->scaffolding_request === TRUE)
                {
                    while (!$this->isAuthenticated()) {
                        header('WWW-Authenticate: Basic realm="Scaffolding"');
                        header('HTTP/1.1 401 Unauthorized');
                        die('Authorization Required');
                    }
                }
            }

            function isAuthenticated() {
                if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
                    $httpd_username = filter_var($_SERVER['PHP_AUTH_USER'], FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW);
                    $httpd_password = filter_var($_SERVER['PHP_AUTH_PW'], FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH|FILTER_FLAG_ENCODE_LOW);
                    if ($httpd_username == $this->user && $httpd_password == $this->pass) {
                        return TRUE;
                    } else {
                        return FALSE;
                    }
                }
                return FALSE;
            }

        }
    ?>

Now, you can have password protection scaffolding in CodeIgniter.

Original post come from: How to add password protection in CodeIgniter Scaffolding

PS. As everybody said before: "Scaffolding is for development and testing, don't use it in production. I can not guarantee the security level, use it with your own risk."
  • El Forum
    Guest
  •  
#2
10-06-2009, 07:01 AM

[eluser]bigtony[/eluser]
Scaffolding was deprecated in CI ages ago. And did you also miss the part in the docs where it tells you how to add a password for it?
  • El Forum
    Guest
  •  
#3
10-06-2009, 09:10 AM

[eluser]markwu[/eluser]
[quote author="bigtony" date="1254852116"]Scaffolding was deprecated in CI ages ago. [/quote]

Yep, I saw the message "Scaffolding has been deprecated from CodeIgniter as of 1.6.0.".

But, it still exists in 1.7.x for testing and development purpose, I have no idea why I should give up such good tools even it deprecated. Smile

[quote author="bigtony" date="1254852116"]And did you also miss the part in the docs where it tells you how to add a password for it?[/quote]
Are you sure the information listed is wiki? I try to search forum and wiki for several times, no related information list there! I very appreciate if you would kindly point me to the exactly url? Thanks!

If you mean secret word, I alerady know that. But, I suppose secret word is different from password.

Mark
  • El Forum
    Guest
  •  
#4
10-06-2009, 09:24 AM

[eluser]bigtony[/eluser]
[quote author="markwu" date="1254859853"]If you mean secret word, I alerady know that. But, I suppose secret word is different from password.[/quote]
Yes, I meant secret word as a synonym for password. But I was curious as to why you went to the effort of coding something fancy when a secret word would do the job given it's only meant to be used for a testing environment and is deprecated anyway?
  • El Forum
    Guest
  •  
#5
10-06-2009, 10:23 AM

[eluser]markwu[/eluser]
[quote author="bigtony" date="1254860671"]
Yes, I meant secret word as a synonym for password. But I was curious as to why you went to the effort of coding something fancy when a secret word would do the job given it's only meant to be used for a testing environment and is deprecated anyway?[/quote]

It is not facny, just a few scripts can make the testing/development environment more secure when your developers or clients are cross internet, It is worth to do it. Smile

And, there are a lot of people ask this in forum from very beginning, I have no idea why I shouldn't share this snippets.

Even a deprecated function, it still exists in core ... mmm ... unless core team remove the function from the core, or I don't think only a message list in document can prevent or avoid user/develper to use it. Especially, it is really a good tools when you do prototype.

Mark




Theme © iAndrew 2016 - Forum software by © MyBB