[SOLVED] Log in access restriction problem

#1
[eluser]Xarren[/eluser]
Hi, im attempting to use my controller constructor to limit access to any of the controller functions unless the user is logged in (session). Im trying to get the following to work:

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            $this->load->view('admin/header');
            $this->load->view('admin/log_in_view');
        }
    }

Now that works fine if someone goes to www.mysite.com/admin - however if someone goes to www.mysite.com/admin/function then the login form will display, but so will the output of the function, right below it. This means that someone can still view the pages without logging in if he knows the direct link.

How do I correct that problem?

#2
[eluser]intractve[/eluser]
This is a problem with using 0 for checking the value of logged_in because comparing strings can result in a zero thus making your if clause pass.

I personally use TRUE/FALSE (as boolean and not strings) as the session value for logged_in
and check it with
Code:
parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in===FALSE) { redirect('/user/login'); }

To my knowledge you shouldn't call the load view in the constructor.

#3
[eluser]Xarren[/eluser]
I've tried redirection before, but whenever I try it in the constructor i get the "This page is redirecting in a way that will never complete" browser error. Any clues why that might be?

#4
[eluser]evstevemd[/eluser]
[quote author="Xarren" date="1281583100"]Hi, im attempting to use my controller constructor to limit access to any of the controller functions unless the user is logged in (session). Im trying to get the following to work:

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            $this->load->view('admin/header');
            $this->load->view('admin/log_in_view');
        }
    }

Now that works fine if someone goes to www.mysite.com/admin - however if someone goes to www.mysite.com/admin/function then the login form will display, but so will the output of the function, right below it. This means that someone can still view the pages without logging in if he knows the direct link.

How do I correct that problem?[/quote]

I think that other thing should go in else clause

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            $this->load->view('admin/header');
            $this->load->view('admin/log_in_view');
        }
        
         else{
            $this->load->view('admin/header');
            $this->load->view('admin/iam_logged_in');
        }
    }

#5
[eluser]Xarren[/eluser]
The problem is that else is whatever function the person has called. So for example if someone goes to www.mysite.com/admin/view_members i want it to display view members if he is logged in, not the standard controller view. The redirect thing is really what Im after, however redirects in the header do not seem to work well..

Could someone who has done this before post their code for me please?

Code:
function Admin()
    {
        parent::Controller();
        $logged_in = $this->session->userdata('logged_in');
        if ($logged_in==0)
        {
            redirect('admin/log_in_form');
        }
    }
    function index()
    {    
            $this->load->view('admin/header');
            $this->load->view('admin/welcome_view');
    }

    function log_in_form()
    {
        $this->load->view('admin/header');
        $this->load->view('admin/log_in_view');
    }

This returns a "Firefox has detected that the server is redirecting the request for this address in a way that will never complete." error.

#6
[eluser]pickupman[/eluser]
Hey got your email. Try this
Code:
function Admin()
    {
        parent::Controller();

        $logged_in = $this->session->userdata('logged_in');
        $segment = $this->uri->segment(2);

        if ($logged_in == 0 && $segment != 'log_in_form')
        {
            redirect('admin/log_in_form');
        }
        
    }
    function index()
    {    
            $this->load->view('admin/header');
            $this->load->view('admin/welcome_view');
    }

    function log_in_form()
    {
        $this->load->view('admin/header');
        $this->load->view('admin/log_in_view');
    }


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.