[eluser]Unknown[/eluser]
Hey all,
My plan is to use hooks(post controller) to see if the user has access to the uri. Basically I do this by checking session variables which I added myself.
The problem is that the first time the hook gets executed I havent added these user session variables yet.
Solved this by adding the !session_id statement. Followed by adding the user session variables, im not sure which one to use at this moment.
The hasAccess function looks at the first uri segment and checks if this segment is linked with the role the user has at that time (session variable). The array accessList contains this information.
Currently I have a infinite loop error once I enable hooks.
Code:
<?php
class Security {
function Security()
{
$this->ci =& get_instance();
if(!session_id())
{
$this->ci->load->library('session');
//$_SESSION['userid'] = NULL;
//$_SESSION['username'] = NULL;
//$_SESSION['admin'] = NULL;
//$_SESSION['logged_in'] = NULL;
$this->ci->session->set_userdata('userid', NULL);
$this->ci->session->set_userdata('username', NULL);
$this->ci->session->set_userdata('admin', NULL);
$this->ci->session->set_userdata('logged_in', FALSE);
}
$this->accessList = array('login' => '',
'admin' => 'adminRole',
'user' => 'userRole'); //role linked with uri
}
function HasAccess()
{
$requestedUrl = $this->ci->uri->segment(1); // get the uri
$role = '';
if ($requestedUrl == "") $requestedUrl="login"; // if no uri then redirect to login
if ($this->ci->session->userdata('logged_in')) // if the user is logged in see what role he has
{
if ($this->ci->session->userdata('admin') == 1)
{
$role = 'adminRole';
}else
{
$role = 'userRole';
}
}
//array_push($role, '');
if (array_key_exists($requestedUrl, $this->accessList)) // check to see what uri's the role has access to
{
if (in_array($this->accessList[$requestedUrl], $role))
{
//echo $requestedUrl; //has access
}else
{
redirect("login"); // doesnt have access redirect to login
}
}else show_error("URL not validated");
}
}
?>