Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Automatically check if session exists else redirect
Automatically check if session exists else redirect
  • El Forum
    Guest
  •  
#1
04-22-2010, 01:13 PM

[eluser]egunay[/eluser]
Hello,

First of all I want to thank everybody for this great framework. Since today I had never used a framework and I finally understood that once you understand how it works, everything is much more simple. As I'm still in the learning the framework and generally how a framework works, things are unfortunately not easy for me hope I can get used to it.

Anyway, I want to ask you something;

I'm trying to build a blog but I want everypage to be visible only by logged in users. I've managed to do that by creating a model which checks for the session but as I do have to load the function everytime from the class, I think it's not the best way.

Can you suggest me a way to do this automatically, without having to call the function everytime.

Thanks
  • El Forum
    Guest
  •  
#2
04-22-2010, 03:04 PM

[eluser]frist44[/eluser]
Make a library MY_Controller. Have every controller that you want to be restricted extend My_Controller. In the constructor of My_Controller, do your check.

Or like you did, put that function in the top of those restricted files.
  • El Forum
    Guest
  •  
#3
04-23-2010, 11:33 AM

[eluser]egunay[/eluser]
Thanks for the answer but I want to ask you a question (maybe a stupid one)

As every controller is extended to "Controller"(ex: class Someclass extends Controller) is it possible to extend one more time by?

Instead, I don't know if it can be like this but I was thinking: Will it work if I autoload the library so that I don't have to extend any controller etc. and make every page restricted (Ofcourse with the exception of login page, but in this scenario I don't know either how to exclude)
  • El Forum
    Guest
  •  
#4
04-23-2010, 01:59 PM

[eluser]Mischievous[/eluser]
When you setup your MY_Controller and use it in your controller

Code:
Account extends MY_Crontroller {

  function Acccount()
  {
    parent::MY_Controller;
  }
}

you only apply these to the controllers you want to be secured now for excluding logins run a check in the controller on the URI requested to see if the requested page is the login page and allow access to that

Code:
if(strtolower($this->uri->segment(2)) != "login")
{
  redirect('account/login');
}

or what i prefer doing is setting an array of allowed uri's and the checking to see if the uri requested is in the array of allowed uri's ... so if you want to have multiple pages that are allowed access.


you could also do it in a model so that when your controller constructor runs and loads the model... the model's contructor checks the uri or session or whatever youd like... but the extended model is neater IMO
  • El Forum
    Guest
  •  
#5
04-23-2010, 02:25 PM

[eluser]frist44[/eluser]
[quote author="Mischievous" date="1272070757"]When you setup your MY_Controller and use it in your controller

Code:
Account extends MY_Crontroller {

  function Acccount()
  {
    parent::MY_Controller;
  }
}

you only apply these to the controllers you want to be secured now for excluding logins run a check in the controller on the URI requested to see if the requested page is the login page and allow access to that

Code:
if(strtolower($this->uri->segment(2)) != "login")
{
  redirect('account/login');
}

or what i prefer doing is setting an array of allowed uri's and the checking to see if the uri requested is in the array of allowed uri's ... so if you want to have multiple pages that are allowed access.


you could also do it in a model so that when your controller constructor runs and loads the model... the model's contructor checks the uri or session or whatever youd like... but the extended model is neater IMO[/quote]

Yeah good point. That's how we do it on very large applications because you know that there is once place to find the application related lists and permissions. Our array for each page[function] has 10 or so elements that define its behavior in production, development, and security features. It's very organized. However, for something small, I probably wouldn't go down that route.

It all depends on what you're trying to do with it. If it works and you know where to find it and you're the only one that'll deal with it, do whatever feels comfortable.
  • El Forum
    Guest
  •  
#6
04-25-2010, 02:18 PM

[eluser]egunay[/eluser]
Thank you!

Extending the controller I've done something very similar to the one that you suggested.

Thanks again both of you for your help!
  • El Forum
    Guest
  •  
#7
04-25-2010, 03:30 PM

[eluser]vitoco[/eluser]
hi.. the best way ( to me ) to do what you want is to use hooks
http://ellislab.com/codeigniter/user-gui...hooks.html
...in this case the 'pre_controller' or 'post_controller_constructor' hook, when all base classes, routing, and security checks have been done, so in that point, you can access the session , ask if it's created...and then redirect to the login page.




Theme © iAndrew 2016 - Forum software by © MyBB