• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Authentication checking

#1
[eluser]someone Smile[/eluser]
Hello,

I'm going to write some little authentication for my news system, but I don't know how to check authentication from some other controller.

So I will write controller with name Authentication and I would like to check auth in other controller which is named Admin. To this controller can access only those who are logged in (for now, after I will create user groups) and nobody else. I have never used construct in my controller so I don't know what do I have to type in it to restrict access to non-users.

Thanks for help! :-)

#2
[eluser]InsiteFX[/eluser]
CodeIgniter Base Classes: Keeping it DRY

#3
[eluser]LuckyFella73[/eluser]
You could extend the CI_Controller with an Admin_Controller.
In your Admin_Controller construct you check for logged in
user. Then extend all controllers where access has to be restricted
with the Admin_Controller.

In application/core you would have:
Code:
// Admin_Controller.php

<?php

class Admin_Controller extends CI_Controller
{

function __construct()
{
  parent::__construct();
  
  // check for looged in user here
  // redirect if user is not logged
}
}

In your restricted controllers you would have:
Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Your_restricted_controller extends Admin_Controller {
function __construct()
{
  parent::__construct();
}
// more code here

I guess you need that in your config.php also:
Code:
// application/config/config.php

/*
| -------------------------------------------------------------------------
| Native spl_autoload_register() - by Kenneth Vogt
| -------------------------------------------------------------------------
|
| Here is an updated version of Phil Sturgeon’s code:
|
| Thanks to Phil Sturgeon and Kenneth Vogt.
|
| NOTE:
| Requires PHP 5.3.+
| As of CI 3.0 Dev - The constant EXT has been removed modified
| should work for all version of CI and PHP 5.3
|
| Place at the bottom of your ./application/config/config.php file.
| -------------------------------------------------------------------------
*/
spl_autoload_register(function($class)
{
if (strpos($class, 'CI_') !== 0)
{
  if (file_exists($file = APPPATH . 'core/' . $class . '.php'))
  {
   include $file;
  }
  elseif (file_exists($file = APPPATH . 'libraries/' . $class . '.php'))
  {
   include $file;
  }
}
});

Hope that makes sense to you

#4
[eluser]someone Smile[/eluser]
I understand this, but it make sense to create new Admin_Controller if I will use this "protection" on just one controller?

#5
[eluser]LuckyFella73[/eluser]
I set up all my projects having a MY_Controller, Admin_Controller and Frontend_Controller.
Maybe you need to check for logged in user in an other controller later then
you can just extend the new controller with Admin_Controller without much hassle.
It's no big deal to set it up that way from beginning so why not just do it?

#6
[eluser]JamieBarton[/eluser]
I'd create a MY_Controller.php file which contains perhaps:

Code:
public function is_logged_in() {
  return $this->auth->current_user();
}

Then you'd have in the auth library the logic behind that, that would check if the session existed for that for user, if not it would return FALSE.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.