Welcome Guest, Not a member yet? Register   Sign In
Entire site requires login, needs ACL. Where to put authentication check?
#1

[eluser]sneakyimp[/eluser]
I'm building a site using CodeIgniter 2.1.4. The ENTIRE site requires a user to be logged in so I need a check on each and every page/action/whatever to make sure that a user is logged in. If they are not, I will refer them to the login form. I'm really hoping to get some good advice (or read some really elegant source code) that can give me a leg up on dealing with authentication and permissions in CI.

Where would be the most efficient page to put the code to check for a session and what does this code typically look like? I've followed this "simple" login tutorial here:
http://www.codefactorycr.com/login-with-...r-php.html
But I find it odd for two reasons:
1) the tutorial instructs you to set the login page as the default controller. Seems to me it would be odd if you had a 'remember me' cookie set and type in the basic domain and are referred to the login page by default.
2) The code has the session check in the index method of the home controller. Seems pretty inefficient to have the login check in every single controller method rather than in some central location.

Would it be possible to put the session/logged-in check in the constructor of a controller to limit access? If my entire site requires all users to be authenticated, might it be possible to put this login check in the CI_Controller class or would that be a bad idea? I'm imagining that a CI version upgrade might overwrite this critical session check.

Also, I want to check role-based permissions (and permissions assigned ad-hoc to individual users) before granting permission to certain pages, certain actions, and certain page elements. Can anyone describe or recommend a robust approach to ACL implementation and management?

#2

[eluser]Zack K.[/eluser]
Extend CI_Controller by putting a file called MY_Controller.php in application/core/ and putting the following,

Code:
class MY_Controller extends CI_Controller {
function __construct() {
parent::__construct();
//TODO:Put logic here.
}

}

Then in your controllers you would extend MY_Controller instead of CI_Controller.
#3

[eluser]sneakyimp[/eluser]
Thanks so much for the suggestion. Is it common practice to put one's custom scripts into the application/core folder? I'm guessing it would be pretty safe if I was careful to choose some unique filename prefix to avoid filename collisions.

#4

[eluser]Tpojka[/eluser]
It is enough safe and recommended in documentation too.
#5

[eluser]sneakyimp[/eluser]
Thanks for the very informative link.

I'm a bit confused about 'setting your own prefix.' Why would one want to do that?

Code:
Setting Your Own Prefix

To set your own sub-class prefix, open your application/config/config.php file and look for this item:
$config['subclass_prefix'] = 'MY_';

Please note that all native CodeIgniter libraries are prefixed with CI_ so DO NOT use that as your prefix.

Also, if it's not asking too much, perhaps I could get some advice on my other problem here:
http://ellislab.com/forums/viewthread/238473/





Theme © iAndrew 2016 - Forum software by © MyBB