• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
authentication

#1
Hi I am new to codigniter, and I am a beginner at php.

I am having trouble setting the "authentication system", that said, I can log in, log out and verify if user is logged in.

But I wanted to be able to prevent access to pages by a user that is not logged in and send the user to the login page.

I have tryed :
inside /Helpers/functions_helper.php
function check_session()
{
  if (!isset($_SESSION['login_utiliz'])) {
    return redirect()->to(base_url('login'));
  }
}


load it in Base_controller:
  protected $helpers = ['paths''functions'];

and use it on header view:

<?php
check_session()
?>
<!DOCTYPE html>
<html lang="en">


so that when a page that is loaded with this header it would check for the session attribute 'login_utiliz'

is my logic wrong, is there any other examples i can follow, I couldn't find answers on codeigniter 4 documentation.

Thank you for your help.
Reply

#2
Hi, you probably shouldn't set it to the header view. These types of "check if logged in" functions are best set somewhere along the top of the method or even in controller __construct function. You should looking for something like "simple login" made with php on github for examples. Doesn't matter if its Codeigniter - as long as YOU can understand the code.

Aaaand if you want to go beyond simple session logins - you may read up on logging in with JSON Web tokens.
You can see things I made with codeigniter here: itart.pro its not overly impressive as I have very little time to learn.
Reply

#3
So could you demonstrate as how i would place it in BaseController  __construct function, as so to run it on every controller that extends from it?
Reply

#4
I don't usually use the base_controller that comes as an example in Codeigniter.

I build my controllers in a unique way. For example, if I have a login system, I build the controller with methods to manage that system.

That said, I would build a controller with a method to perform the login.

In the login method I set the session variable to true if the user has logged in correctly.

From there, in the other methods I check if the user is logged in using Codeigniter's session library:



PHP Code:
<?php namespace App\Controllers;

use 
CodeIgniter\Controller;

class 
Login extends Controller
{
    protected $my_session;

    public function __construct()
    {
        $this->my_session session();
    }

     public function login()
     {

         //Check if ok login, set the session

         $this->my_session->set('user_logged'true);

     }

     
     
public function yourPrivateMethod() 
     {

        if ($this->my_session->has('user_logged')) {

            //your method

        } else {

            return redirect()->to(base_url('login'));
        }
     }




If you want to check the Codeigniter documentation regarding the session library, the link is this:

https://codeigniter.com/user_guide/libra...sions.html
Reply

#5
(04-16-2020, 10:46 AM)PHS Wrote: I don't usually use the base_controller that comes as an example in Codeigniter.

I build my controllers in a unique way. For example, if I have a login system, I build the controller with methods to manage that system.

That said, I would build a controller with a method to perform the login.

In the login method I set the session variable to true if the user has logged in correctly.

From there, in the other methods I check if the user is logged in using Codeigniter's own global variables:



PHP Code:
<?php namespace App\Controllers;

use 
CodeIgniter\Controller;

class 
Login extends Controller
{
    protected $my_session;

    public function __construct()
    {
        $this->my_session session();
    }

     public function login()
     {

         //Check if ok login, set the session

         $this->my_session->set('user_logged'true);

     }

     
     
public function yourPrivateMethod() 
     {

        if ($this->my_session->has('user_logged')) {

            //your method

        } else {

            return redirect()->to(base_url('login'));
        }
     }


oh so does that mean its ok to verify the session in every controller that I require to protect from unauthorized user
like so:

class Def_nivel extends BaseController
{
  public function index()
  {
    if (isset($_SESSION['login_utiliz'])) {

      echo view('common/header');
      echo view('common/sidebar');
      echo view('definicoes_view/nivel');
      echo view('common/footer');
    } else {
      return redirect()->to(base_url('login'));
    }
  }
Reply

#6
(04-16-2020, 11:01 AM)oh so does that mean its ok to verify the session in every controller that I require to protect from unauthorized user Wrote: like so:

class Def_nivel extends BaseController
{
  public function index()
  {
    if (isset($_SESSION['login_utiliz'])) {

      echo view('common/header');
      echo view('common/sidebar');
      echo view('definicoes_view/nivel');
      echo view('common/footer');
    } else {
      return redirect()->to(base_url('login'));
    }
  }

It can be. I usually make a function that checks if the user is logged in, in the BaseController.
Something like this: 

PHP Code:
class BaseController extends Controller
{
    /*
    All the default stuff in the base controller that comes with Codeigniter 4, like the comments and the
   initController function
    */
    protected function check_login(bool $kick truebool $show_404 false)
    {
         if(isset($_SESSION['login_utiliz']) {
            return true;
         } else {
            if($kick) {
                header('Location: /login');
                exit();
            }

            if($show_404) {
                throw \CodeIgniter\Exceptions\PageNotFoundException::forPageNotFound();
            }

            return false;
         }
    

This way you can call this function from any controller, like admin, or users, or home or whatever - and you can set what you want be done from there - quick and easy. Maybe you want them kicked to login screen, or show them 404 if its a sensitive administrator only page.

While a Login controller, PHS was talking about, handles the actual logging in part, (and maybe it can also have registration and user delete and other user related methods) THIS little function handles the actual CHECKING of being logged in.

Now you can just write one line from any controller to perform a check. Like this:
class Def_nivel extends BaseController
{
  public function index()
  {
      $this->check_login();
      echo view('common/header');
      echo view('common/sidebar');
      echo view('definicoes_view/nivel');
      echo view('common/footer');
  }
}

Much cleaner
You can see things I made with codeigniter here: itart.pro its not overly impressive as I have very little time to learn.
Reply

#7
(04-16-2020, 01:37 PM)Leo Wrote:
(04-16-2020, 11:01 AM)oh so does that mean its ok to verify the session in every controller that I require to protect from unauthorized user Wrote: like so:

class Def_nivel extends BaseController
{
  public function index()
  {
    if (isset($_SESSION['login_utiliz'])) {

      echo view('common/header');
      echo view('common/sidebar');
      echo view('definicoes_view/nivel');
      echo view('common/footer');
    } else {
      return redirect()->to(base_url('login'));
    }
  }

It can be. I usually make a function that checks if the user is logged in, in the BaseController.
Something like this: 

PHP Code:
class BaseController extends Controller
{
    /*
    All the default stuff in the base controller that comes with Codeigniter 4, like the comments and the
   initController function
    */
    protected function check_login(bool $kick truebool $show_404 false)
    {
         if(isset($_SESSION['login_utiliz']) {
            return true;
         } else {
            if($kick) {
                header('Location: /login');
                exit();
            }

            if($show_404) {
                throw \CodeIgniter\Exceptions\PageNotFoundException::forPageNotFound();
            }

            return false;
         }
    

This way you can call this function from any controller, like admin, or users, or home or whatever - and you can set what you want be done from there - quick and easy. Maybe you want them kicked to login screen, or show them 404 if its a sensitive administrator only page.

While a Login controller, PHS was talking about, handles the actual logging in part, (and maybe it can also have registration and user delete and other user related methods) THIS little function handles the actual CHECKING of being logged in.

Now you can just write one line from any controller to perform a check. Like this:
class Def_nivel extends BaseController
{
  public function index()
  {
      $this->check_login();
      echo view('common/header');
      echo view('common/sidebar');
      echo view('definicoes_view/nivel');
      echo view('common/footer');
  }
}

Much cleaner

Thank you very much Leo that really helped.
I have followed your advise and sure enough now it works like a charm.
It is probably my lack of php knowledge in the first place.
I really appreciate the help, also thank you PHS.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.