[eluser]sikko[/eluser]
Hi all,
I am trying a new way of protecting my application which requires authentication:
I used to check if the session was set in every method that should be protected (using a if) - which is a bit annoying to do for every method.
Here is the idea: instead of using a if in every method I use a hook, and check the current controller/method to see if it is in a predefined array containing my protected controllers/methods.
The array looks like this:
Code:
$protectedControllers = array(
'programme' => '*',
'school' => array('create', 'delete'),
'coach' => '*'
);
It says "protect the whole programme and coach controllers, and protect the create and delete method from school controller".
Here is the entire method used by the hook:
Code:
function getAuthorization(){
$ci =& get_instance();
$protectedControllers = array(
'programme' => '*',
'school' => array('create', 'delete'),
'coach' => '*'
);
// if the current controller is protected
if(array_key_exists($ci->router->class, $protectedControllers)){
//if we want to protect the whole controller
if($protectedControllers[$ci->router->class] == '*'){
if($ci->session->userdata('logged') == null){
redirect('user/login');
exit; // exit after redirect: seems to be useless but it makes sure that no further code is executed
}
}
//if we want to protect just specific methods
if(is_array($protectedControllers[$ci->router->class])){
if(in_array($ci->router->method, $protectedControllers[$ci->router->class])){
if($ci->session->userdata('logged') == null){
redirect('user/login');
exit; // exit after redirect: seems to be useless but it makes sure that no further code is executed
}
}
}
}
}
The used hook is
post_controller_constructor:
Code:
$hook['post_controller_constructor'] = array(
'class' => '',
'function' => 'getAuthorization',
'filename' => 'my_hooks.php',
'filepath' => 'hooks',
'params' => array()
);
And obviously hooks enabled in config file:
Code:
$config['enable_hooks'] = true;
My question is: Is that a secure way to do this, and... is it crackable ?
Thanks for your help