Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion [SOLVED] Log in access restriction problem
[SOLVED] Log in access restriction problem
  • El Forum
    Guest
  •  
#1
08-11-2010, 04:18 PM

[eluser]Xarren[/eluser]
Hi, im attempting to use my controller constructor to limit access to any of the controller functions unless the user is logged in (session). Im trying to get the following to work:

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            $this->load->view('admin/header');
            $this->load->view('admin/log_in_view');
        }
    }

Now that works fine if someone goes to www.mysite.com/admin - however if someone goes to www.mysite.com/admin/function then the login form will display, but so will the output of the function, right below it. This means that someone can still view the pages without logging in if he knows the direct link.

How do I correct that problem?
  • El Forum
    Guest
  •  
#2
08-11-2010, 10:23 PM

[eluser]intractve[/eluser]
This is a problem with using 0 for checking the value of logged_in because comparing strings can result in a zero thus making your if clause pass.

I personally use TRUE/FALSE (as boolean and not strings) as the session value for logged_in
and check it with
Code:
parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in===FALSE) { redirect('/user/login'); }

To my knowledge you shouldn't call the load view in the constructor.
  • El Forum
    Guest
  •  
#3
08-12-2010, 09:57 AM

[eluser]Xarren[/eluser]
I've tried redirection before, but whenever I try it in the constructor i get the "This page is redirecting in a way that will never complete" browser error. Any clues why that might be?
  • El Forum
    Guest
  •  
#4
08-12-2010, 10:26 AM

[eluser]evstevemd[/eluser]
[quote author="Xarren" date="1281583100"]Hi, im attempting to use my controller constructor to limit access to any of the controller functions unless the user is logged in (session). Im trying to get the following to work:

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            $this->load->view('admin/header');
            $this->load->view('admin/log_in_view');
        }
    }

Now that works fine if someone goes to www.mysite.com/admin - however if someone goes to www.mysite.com/admin/function then the login form will display, but so will the output of the function, right below it. This means that someone can still view the pages without logging in if he knows the direct link.

How do I correct that problem?[/quote]

I think that other thing should go in else clause

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            $this->load->view('admin/header');
            $this->load->view('admin/log_in_view');
        }
        
         else{
            $this->load->view('admin/header');
            $this->load->view('admin/iam_logged_in');
        }
    }
  • El Forum
    Guest
  •  
#5
08-12-2010, 12:26 PM

[eluser]Xarren[/eluser]
The problem is that else is whatever function the person has called. So for example if someone goes to www.mysite.com/admin/view_members i want it to display view members if he is logged in, not the standard controller view. The redirect thing is really what Im after, however redirects in the header do not seem to work well..

Could someone who has done this before post their code for me please?

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            redirect('admin/log_in_form');
        }
    }
    function index()
    {    
            $this->load->view('admin/header');
            $this->load->view('admin/welcome_view');
    }

    function log_in_form()
    {
        $this->load->view('admin/header');
        $this->load->view('admin/log_in_view');
    }

This returns a "Firefox has detected that the server is redirecting the request for this address in a way that will never complete." error.
  • El Forum
    Guest
  •  
#6
08-12-2010, 03:29 PM

[eluser]pickupman[/eluser]
Hey got your email. Try this
Code:
function Admin()
    {
        parent::Controller();

        $logged_in = $this->session->userdata('logged_in');
        $segment = $this->uri->segment(2);

        if ($logged_in == 0 && $segment != 'log_in_form')
        {
            redirect('admin/log_in_form');
        }
        
    }
    function index()
    {    
            $this->load->view('admin/header');
            $this->load->view('admin/welcome_view');
    }

    function log_in_form()
    {
        $this->load->view('admin/header');
        $this->load->view('admin/log_in_view');
    }




Theme © iAndrew 2016 - Forum software by © MyBB