• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Best way to check if user is logged in

#1
[eluser]Unknown[/eluser]
Hi, everyone ... I'm building my own administration system for my web page and I have a one simple question Smile ... I have controller for manage articles (in administration part, so user must be logged in) and I don't know what is the best way how to check if user is logged in (so user has permission to manage articles).

I have several functions to manage articles and my question is, if it's good idea to check user sessions in every one function. I mean this :

Code:
if($this->_is_logged === TRUE)
{
//do something, etc. in function all() show articles; in function delete(), delete articles ...
}
else
{
redirect($this->_login_form);
}

Look at this part of my Articles controller below :
as you can see I'm checking user session in every function, is this way correct ?
is there a better way how to do it ? or is this correct ?

Code:
class Articles extends CI_Controller {

private $_is_logged;

private $_login_form;

function __construct()
{
  parent::__construct();
  
  $this->load->library('session');
  
  $this->_is_logged = $this->session->userdata('is_logged');
  
  $this->_login_form = 'admin/login_form';
  
}

public function all()
{
  if($this->_is_logged === TRUE)
  {
   //get all article from database
  }
  else
  {
   redirect($this->_login_form);
  }
}

public function delete()
{
  if($this->_is_logged === TRUE)
  {
   //remove article
  }
  else
  {
   redirect($this->_login_form);
  }
}
}

Thanks for the answers Smile

#2
[eluser]Beginers[/eluser]
I am using this method that will always check if user is already logged. first you create a class that will test if the user is active and put it to this folder application/libraries/usession.php:
sample
Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

    class Usession extends CI_Session {

    public function  __construct() {
        parent::__construct();
    }

    public function is_logged_in()
    {
        $logged = $this->userdata('logged_in');
       return ($logged) ? TRUE : FALSE;
    }
}

and on your controller this will be the sample that check if the user is logged (do not forget to load this class in order to access the method of your usession class):

Code:
class Articles extends CI_Controller {
function __construct()
{
  parent::__construct();
  $this->load->library('usession');
}

public function all()
{
  if($this->is_logged_in())
  {
   //get all article from database
  }
  else
  {
   redirect($this->_login_form);
  }
}

public function delete()
{
  if($this->is_logged_in())
  {
   //remove article
  }
  else
  {
   redirect($this->_login_form);
  }
}
}

#3
[eluser]alexwenzel[/eluser]
[quote author="Beginers" date="1351123795"]
Code:
class Articles extends CI_Controller {
function __construct()
{
  parent::__construct();
  $this->load->library('usession');
}

public function all()
{
  if($this->is_logged_in())
  {
   //get all article from database
  }
  else
  {
   redirect($this->_login_form);
  }
}

public function delete()
{
  if($this->is_logged_in())
  {
   //remove article
  }
  else
  {
   redirect($this->_login_form);
  }
}
}
[/quote]

This is bad and very redundant design!
What if you want to change the behaviour if a user isnt logged in. You have to touch every controller again.

Better you wrap your "not-logged-in" in a seperate function:

Code:
class Usession extends CI_Session {

    public function  __construct() {
        parent::__construct();
    }

    public static function check_login() {
        $ci = &get;_instance();
        if ( ! $ci->usession->is_logged_in()) {
            redirect('to_login_page');
        }
    }

    public function is_logged_in()
    {
       $logged = $this->userdata('logged_in');
       return ($logged) ? TRUE : FALSE;
    }
}

Now you can add anywhere where you want this call:

Code:
Usession::check_login();

You can even be more flexible by adding special parameter:

Code:
Usession::check_login('redirect_to_page_whatever_if_not_logged');

Code:
Usession::check_login('require_special_permissions');

If you now decide to change your login bevaviour you simply change the check_login() function.

#4
[eluser]jojo777[/eluser]
You can simply create a Controller that will be the Mother of the controllers in your admin site and create like this

Code:
class MY_Controller extends CI_Controller{


    public function __construct ()
    {
        parent::__construct();
        $this->_is_logged_in();
    }

    private function _is_logged_in()
    {
        if ( ! $this->session->userdata('is_logged_in') )
        {
            redirect('login_view');
        }
    }
    #....
}

So your Articles

Code:
class Articles extends MY_Controller {
        function __construct(){
            parent::__construct();
        }
...
}

Now every time you send a request to this controller it will verify if the user is logged in. If the users isn´t logged he'll be redirected to login view.

This is vaery basic script, but i think it'll help you.

#5
[eluser]Beginers[/eluser]
@alexwenzel ops sorry I am still a newbie and i just read that article then I follow his method.

#6
[eluser]alexwenzel[/eluser]
@Beginers:

i noticed that you just followed the first post. dont wanted to offend you Smile


The method @jojo777 suggests is also a good one. but has the disadvantage that EVERY controller will do a login check. Maybe you want to control yourself which controller/method need a log in check, then stick with my example.

#7
[eluser]jojo777[/eluser]
[quote author="alexwenzel" date="1351162868"]@Beginers:

i noticed that you just followed the first post. dont wanted to offend you Smile


The method @jojo777 suggests is also a good one. but has the disadvantage that EVERY controller will do a login check. Maybe you want to control yourself which controller/method need a log in check, then stick with my example.[/quote]

Thanks.

Yeah i realized that, thats because that was code from project that only needed login system for accesing the control panel Tongue

You are right, it can be improved controlling only the funcions where you need the is_logged_in check.

PS: I'll try your code looks good!


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.