• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
login prompt bypassed

#1
i have an admin account setup in the database which allows login from login form but if someone knows the url of pages protected by login they can bypass the login

how do i protect the pages from not being viewed without login?
Reply

#2
In your index method do a check to see if the admin is logged in,
You can do that by saving the value to the session ( logged_in = TRUE ).
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#3
1. Create a Base controller, MY_Controller, that extends CI_Controller;
2. Create Admin_controller that extends MY_Controller;
3. Create the method Admin_controller::isLoggedIn() and add appropriate logic;
4. Create Admin_base controller that extends Admin_controller;
5. Create Admin_base::login() that displays the login view and handles the form response;
6. Have every OTHER (not login()) method within Admin_base check for: if(FALSE === $this->isLoggedIn()) { // redirect to login }
7. Create many admin controllers that extend Admin_controller and handle your functionality - "class Admin_customer extends Admin_controller {}"
8. Have the constructor of all of the non Admin_base controllers that extend Admin_Controller check for if(FALSE === $this->isLoggedIn() { // redirect to login }}
9. Profit.

PHP Code:
<?php defined('BASEPATH') OR exit('No direct script access allowed');

/*
 * Put each class in it's own file and write the appropriate autoloader.
 */

class MY_Controller extends CI_Controller 
    public function 
__construct() {
        
$this->load->database();
        
$this->db->query('SET time_zone="+0:00"');
    }

    public function 
ci() {
        return 
$this->get_instance();
    }
}

class 
Admin_controller extends MY_Controller {
    public function 
isLoggedIn() {
        
// Return (bool) TRUE/FALSE based on some condition you set upon login
    
}
}

class 
Admin_base extends Admin_controller {
    public function 
index() {
        if(
TRUE !== $this->isLoggedIn()) {
            
// Redirect to login
        
}

        
// Build and output the view
    
}

    public function 
login() {
        if(
TRUE === $this->isLoggedIn()) {
            
// Redirect to index()
        
}

        if(
$this->ci()->input->post()) {
            
// Handle form
        
}

        
// Build and output the view
    
}

    public function 
logout() {
        if(
TRUE !== $this->isLoggedIn()) {
            
// Log the user out
        
}

        
// Redirect somewhere
    
}

    public function 
profile() {
        if(
TRUE !== $this->isLoggedIn()) {
            
// Redirect to login
        
}

        if(
$this->ci()->input->post()) {
            
// Handle form
        
}

        
// Build and output the view
    
}
}

class 
Admin_product extends Admin_base {
    public function 
__construct() {
        
parent::__construct();

        if(
TRUE !== $this->isLoggedIn()) {
            
// Redirect to login
        
}
    }

    public function 
browse() {
        
// Build and output the view
    
}

    public function 
create() {
        
// Build and output the view
    
}

    public function 
delete() {
        
// Build and output the view
    
}

    public function 
edit() {
        
// Build and output the view
    
}

    public function 
restore() {
        
// Build and output the view
    
}

Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.