Welcome Guest, Not a member yet? Register   Sign In
Restricted area
#1

[eluser]Mauricio de Abreu Antunes[/eluser]
I created a validation to check if the user is admin type.
I wanted to automate this checking in the admin pages.
My administration pages look like: www.example.com / admin / controller / function
Maybe I can pick up the thread and see if it is "admin", if I call to check. Any better ideas? And for other levels of security? What would you do?

Thx! :-)
#2

[eluser]InsiteFX[/eluser]
You could create a restrict method in your library and then restrict the controller to
groups, admin etc. this way you could restrict different controllers to different groups etc.
#3

[eluser]code137[/eluser]
I've only been working with codeigniter for the past few days, but what I ended up doing was creating custom core controllers for different levels of access. So I now just extends Admin_Controller in all of my regular controllers than provide admin functions. Then in the Admin_Controller's constructor I do all of the session checking. I saw this post about it http://philsturgeon.co.uk/blog/2010/02/C...ing-it-DRY
#4

[eluser]solid9[/eluser]
As far as I know.
The common way is to create a table called users_groups and groups.

You can use the GROUPs table as reference
Code:
ID | Name   | Description
-----------------------------
1  | Admin  | Administrator
2  | Normal | Ordinary member
3  | Gold   | Gold member

And you can use the users_groups table as junction table.

As InsiteFX said you can create a method to restrict a user.

#5

[eluser]kr1pt[/eluser]
ACL.
#6

[eluser]Mauricio de Abreu Antunes[/eluser]
Thanks for the tips! I was going for this. :-)
#7

[eluser]Mauricio de Abreu Antunes[/eluser]
Ok,
I was coding some ideas and i have one question: i don't wanna check if the user is admin, premium member or common user in all controller.
My admin pages are indexed in http://www.example.com/admin/controller/function
Any idea?
#8

[eluser]kr1pt[/eluser]
Simplest to do is just create a folder 'admin' inside controllers folder, and make every controller in 'admin' extend MY_Controller, not CI_Controller.

Code:
<?php if (! defined('BASEPATH')) exit('No direct script access allowed');

// application/core/MY_Controller.php
class MY_Controller extends CI_Controller
{
    public function __construct()
    {
        parent::__construct();
        
        $user_level = $this->user_model->get_level('some_user_id');
        
        if ($user_level != 'admin')
        {
            redirect();
            show_error();
            die();
            exit();
            echo '';
            $this->load->view();
            // use anything you want, but make sure to kill application
        }
    }
}

You can also do this from the modules. Smile




Theme © iAndrew 2016 - Forum software by © MyBB