Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Check for Login on Each Function?
Check for Login on Each Function?
  • El Forum
    Guest
  •  
#11
02-01-2008, 11:15 PM

[eluser]Michael Wales[/eluser]
Quote:This is exactly what hooks were made for.

Meh, hooks are ugly as there is no clear way within the application code to tell what is going on. By reviewing the code, as a third party, it can only be described as "magic happens here" until you realize a hook was involved.

By extending the Controller class, additional functionality is immediately recognizable via the class definition.
  • El Forum
    Guest
  •  
#12
02-01-2008, 11:19 PM

[eluser]Rick Jolly[/eluser]
Right on Michael.
  • El Forum
    Guest
  •  
#13
02-01-2008, 11:19 PM

[eluser]Majd Taby[/eluser]
yes, but including the same code in every controller is repetitive and counter-productive. But I see what you're saying though.
Maybe a comment in each controller or some hooks info in the profiler would be good.
  • El Forum
    Guest
  •  
#14
02-02-2008, 12:53 AM

[eluser]Michael Wales[/eluser]
Or just extend the controller - I usually have 3-4 different controller sub-classes that I use throughout my apps.

This post has more detail and my CI Dev Pack has 3 of my favorite Controller sub-classes.
  • El Forum
    Guest
  •  
#15
02-02-2008, 02:06 AM

[eluser]wiredesignz[/eluser]
I posted an auto protect user library in ignited code, it validates user credentials on every page load.
Don't you guys search the forums?
  • El Forum
    Guest
  •  
#16
02-02-2008, 04:07 AM

[eluser]Edemilson Lima[/eluser]
Instead of using:

Code:
header("Location: $no_access");

Use the right CI function:

Code:
redirect('/login/form/');

Quote:I posted an auto protect user library in ignited code, it validates user credentials on every page load.

I did try to find it, but is hard without the thread name... Can you post the link here for us?
  • El Forum
    Guest
  •  
#17
02-02-2008, 06:33 AM

[eluser]Kemik[/eluser]
I've never understood using adding logged_in to userdata. Why not just check user_id is stored?
  • El Forum
    Guest
  •  
#18
02-02-2008, 10:34 AM

[eluser]Edemilson Lima[/eluser]
user_id is enough, unless you have more than one type of authentication or privileges to check.
  • El Forum
    Guest
  •  
#19
02-02-2008, 12:56 PM

[eluser]Colin Williams[/eluser]
Hope I'm not beating a dead horse here. I have an access($perm = NULL, $redirect = TRUE) method in my user library that, when called without arguments, just checks to see for a flag in the session that the user is logged in. If they aren't logged in, in redirects them to a login page, appending the current location so that the user can return to the page which they were attempting to access. The implementation looks something like this:

Code:
//...

function dashboard() {

  // Authenticate
  $this->user->access();

  // Load current user and display dashboard
  $data['user'] = $this->user->current();
  $this->load->view('user/dashboard', $data);

}

//...

access() also does some permission checking, and can be told to redirect to a different path (or set to FALSE for a simple access check without sending the anonymous user elsewhere).

Example:

Code:
//...

function upload_photo() {

  // Can this user upload photos. If they are a current user, send them to upgrade to pro account
  $redirect = TRUE;
  if ($this->user->access('', FALSE))
  {
    $redirect = 'user/upgrade';
  }
  $this->user->access('upload photos', $redirect);

  // Load upload form
  $this->load->view('photos/upload', $data);

}

//...
  • El Forum
    Guest
  •  
#20
02-02-2008, 04:00 PM

[eluser]wiredesignz[/eluser]
Auto protect user library:
Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
* User library.
*
* Useage:
*  Load in Controller constructor.    $this->load->library('user', (int)$access_level)
*
*  Automatically verifies User privileges against your required access level for this page.
*  
*  Protects Controller by redirecting user to Login if privileges are too low
*     also provides the Controller URI string as a path back after Login.
*  
*  User privileges NULL or Zero is a Guest.
*  Sets a cookie with unique id for each Guest ('ci_user')
*  
*  Login script should also use the same cookie for a registered User ('ci_user')
*     containing the Users unique id obtained from database.
*
* @author: Wiredesignz (c) 2007-12-25
*/
class User
{
    var $id, $username, $fullname, $privileges, $uid;
    
    function User($privileges = 0)
    {
        $this->_isGuest(); // everyone is a guest until verified
        $this->verify($privileges) OR $this->logout();
    }
    
    function verify($privileges = 0)
    {        
        $users = new Users_model; // use your users_model (pre-loaded)
        
        if ($uid = get_cookie('ci_user', TRUE) AND $userdata = $users->findBy("`uid` = '{$uid}'"))
        {            
            unset($userdata->password);
            foreach ($userdata as $key => $value) $this->$key = $value;
        }
        return ($this->privileges < $privileges) ? FALSE : TRUE;
    }
    
    function _isGuest()
    {
        $this->id = 0;
        $this->username = 'guest';
        $this->fullname = 'Guest';
        $this->privileges = 0;        
        $this->uid = get_cookie('ci_user', TRUE) OR $this->uid = $this->_setCookie();
    }
    
    function _setCookie() //use autoloaded uid_helper
    {
        $uid = generate_uid();
        set_cookie('ci_user', $uid, 86500);
        return $uid;
    }
    
    function logout()
    {
        $CI = & get_instance();
        redirect('login'.$CI->uri->uri_string); // take user to login controller with return uri attached
    }
}




Theme © iAndrew 2016 - Forum software by © MyBB