Site built now session problem

[eluser]the_unforgiven[/eluser]
Hi Guys,

I've 95% built this site i'm doing, but one small problem....

If i login as a customer i can access /admin and vice versa. Obviously I dont want this to happen has it would like signing my own death warrant! So is there a way this can in the construct method for the whole admin controller or do i have to do something like:

Code:

public function dashboard()
{
if ($this->session->userdata('is_admin') == TRUE && $this->session->userdata('is_logged_in') == TRUE) {

//rest of code for the controller
}
else {
  redirect('access/denied','refresh');
}
}

For each function? I hope I dont have to do the example for each function surely there's something simpler and can be done in the construct method:

Code:

public function __construct()
{
  parent::__construct();
// hopefully something can go in here to say if not logged in and not admin the nothing on this controller gets shown and the user gets redirected somewhere else 404 maybe?
}

So any advice would be greatly appreciated.
Thanks in advance.

[eluser]pisio[/eluser]
Try to dump session vars.

Code:

var_dump($this->session->userdata('is_admin'));
var_dump($this->session->userdata('is_logged_in'));

If code don't work first check that you use

[eluser]the_unforgiven[/eluser]
i get

Code:

bool(true) ­

for both dumps!

[eluser]pisio[/eluser]

Code:

class   YOUR_CONTROLLER_HERE extend CI_Controller{

public function __construct()
{   parent :: __construct(); }

public function dashboard()
{
if ($this->session->userdata('is_admin') && $this->session->userdata('is_logged_in')) {
  
        var_dump($this->session->userdata);
}
else {
echo " failed";
//  redirect('access/denied','refresh');
}
}

Your session seems legit. So... the problem is in that checking session data. Try this code.

[eluser]the_unforgiven[/eluser]
think you may have read the question/post wrong.

The code i posted to start with does work, but i wish to know if theres a way to do the same thing but within the constructor method and not keep repeating myself throughout the whole controller with

Code:

public function someClass()
{
if ($this->session->userdata('is_admin') == TRUE && $this->session->userdata('is_logged_in') == TRUE) {

//rest of code for the controller
}
else {
  redirect('access/denied','refresh');
}
}

Has I have over 700 lines of code in this controller and dont want to be putting this in every new function/method

[eluser]pisio[/eluser]
[quote author="the_unforgiven" date="1358025461"]think you may have read the question/post wrong.

The code i posted to start with does work, but i wish to know if theres a way to do the same thing but within the constructor method and not keep repeating myself throughout the whole controller with

Code:

public function someClass()
{
if ($this->session->userdata('is_admin') == TRUE && $this->session->userdata('is_logged_in') == TRUE) {

//rest of code for the controller
}
else {
  redirect('access/denied','refresh');
}
}

Has I have over 700 lines of code in this controller and dont want to be putting this in every new function/method[/quote]

Code:

public function __construct()
{
parent::__construct();

if ($this->session->userdata('is_admin') == TRUE && $this->session->userdata('is_logged_in') == TRUE) {

//rest of code for the controller
}
else {
  redirect('access/denied','refresh');
}
}

[eluser]the_unforgiven[/eluser]
Tried that but still allows a customer to see the admin side of things.

Any other suggestions?

[eluser]pisio[/eluser]
I dont understand you dont work. That is the way i do it .
I have one more idea .

Code:

private function isAdmin()
{
if ($this->session->userdata('is_admin') == FALSE && $this->session->userdata('is_logged_in') == FALSE) {
  redirect('access/denied','refresh');
}

}

And you call this function in others.

Code:

public function dashboard()
{
    $this->isAdmin();
// REST OF YOUR CODE
}

[eluser]the_unforgiven[/eluser]
again also tried that you out too, but still if i login as a customer the navigate to my admin url locahost/site/admin for example i can still access the whole admin system

[eluser]CroNiX[/eluser]
Easy - with a base controller (aka MY_Controller), where you'd check the login info in the construct of the base controller, and then have all of your other "admin" controllers extend that controller instead of CI_Controller. Google "codeigniter base controller"