[eluser]Sven Delle[/eluser]
I'm trying to protect a website using the MY_Controller way.
I have a custom config file with:
Code:
$config['site_protected'] = true; // or false
in it.
I then have a MY_Controller that looks like this:
Code:
<?php if(!defined('BASEPATH')) exit('No direct script access allowed');
class MY_Controller extends CI_Controller
{
function __construct()
{
parent::__construct();
if($this->config->item('site_protected')) // also tried with '== true' added
{
$this->session->set_userdata('REDIRECT', uri_string());
$this->output->set_status_header('401');
redirect('login');
}
}
}
/* End of file: ./application/core/MY_Controller.php */
All pages I want to protect extends the MY_Controller.
I then have a login controller, extending CI_Controller (so it does not conflict with the redirect in the MY_Controller).
If the login validates I want to change the config setting ($config['site_protected']) to false and send the user to the recorded url.
Code:
$this->config->set_item('site_protected', false);
redirect($this->session->userdata('REDIRECT'));
I then expect the MY_Controller to never redirect the user to the login page again.
But this seems not to be the case!?
Am I wrong in assuming that the config value will have changed throughout the session? Should I somehow use a session setting, and if, then how?
Any help in achieving a simple to maintain solution to the problem are appreciated.
But I suspect that the config file gets reloaded on every page visit, and therefore resets back to the default value. Is this the case?