Filter controller without authentication

i , in ci 3 in a construct method or in every method of a controller except for login i do :

PHP Code:

if(!isset($_SESSION['user_id'])) {
            
            redirect('user/login','refresh');
            die();
        } 


How can i do the same using filter ?

It would be something like this not tested.

PHP Code:

<?php namespace Your\Name\Space;

use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Filters\FilterInterface;

class YourFilterName implements FilterInterface
{
    /**
     * Do whatever processing this filter needs to do.
     * By default it should not return anything during
     * normal execution. However, when an abnormal state
     * is found, it should return an instance of
     * CodeIgniter\HTTP\Response. If it does, script
     * execution will end and that Response will be
     * sent back to the client, allowing for error pages,
     * redirects, etc.
     *
     * @param \CodeIgniter\HTTP\RequestInterface $request
     * @param array|null                         $params
     *
     * @return mixed
     */
    public function before(RequestInterface $request, $params = null)
    {
        // if no user is logged in then send them to the login form
        if (! isset($_SESSION['user_id']))
        {
            session()->set('redirect_url', current_url());
            return redirect('login');
        }
    }

    //--------------------------------------------------------------------

    /**
     * Allows After filters to inspect and modify the response
     * object as needed. This method does not allow any way
     * to stop execution of other after filters, short of
     * throwing an Exception or Error.
     *
     * @param \CodeIgniter\HTTP\RequestInterface  $request
     * @param \CodeIgniter\HTTP\ResponseInterface $response
     * @param array|null                          $arguments
     *
     * @return void
     */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
    {

    }

    //--------------------------------------------------------------------

}   // End of YourFilterName Class.

/**
 * -----------------------------------------------------------------------
 * Filename: YourFilterName.php
 * Location: ./app/Filters/YourFilterName.php
 * -----------------------------------------------------------------------
 */ 


Put your own namespace and class names in.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

It would be something like this not tested.

PHP Code:

<?php namespace Your\Name\Space;

use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Filters\FilterInterface;

class YourFilterName implements FilterInterface
{
    /**
     * Do whatever processing this filter needs to do.
     * By default it should not return anything during
     * normal execution. However, when an abnormal state
     * is found, it should return an instance of
     * CodeIgniter\HTTP\Response. If it does, script
     * execution will end and that Response will be
     * sent back to the client, allowing for error pages,
     * redirects, etc.
     *
     * @param \CodeIgniter\HTTP\RequestInterface $request
     * @param array|null                         $params
     *
     * @return mixed
     */
    public function before(RequestInterface $request, $params = null)
    {
        // if no user is logged in then send them to the login form
        if (! isset($_SESSION['user_id']))
        {
            session()->set('redirect_url', current_url());
            return redirect('login');
        }
    }

    //--------------------------------------------------------------------

    /**
     * Allows After filters to inspect and modify the response
     * object as needed. This method does not allow any way
     * to stop execution of other after filters, short of
     * throwing an Exception or Error.
     *
     * @param \CodeIgniter\HTTP\RequestInterface  $request
     * @param \CodeIgniter\HTTP\ResponseInterface $response
     * @param array|null                          $arguments
     *
     * @return void
     */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
    {

    }

    //--------------------------------------------------------------------

}   // End of YourFilterName Class.

/**
 * -----------------------------------------------------------------------
 * Filename: YourFilterName.php
 * Location: ./app/Filters/YourFilterName.php
 * -----------------------------------------------------------------------
 */ 


Put your own namespace and class names in.

Why this : session()->set('redirect_url', current_url());  ?

Now how can use it in route for every controller ? for example for User controller must be for every method except login

PHP Code:

.app/Config/Filters.php

// Add to the aliases section.
'login'      => \YourNameSpace\YourFolder\Filters\YourFilterName::class,

// Or restrict your entire site by adding the LoginFilter to the $globals array:
public $globals = [
    'before' => [
        //'honeypot'
        // 'csrf',
    'login',
    ],
    'after'  => [
        'toolbar',
        //'honeypot'
    ],
];

Restricting a single route:

// Any single route can be restricted by adding the filter option to the last parameter in any of the route definition methods:
$routes->get('admin/users', 'UserController::index', ['filter' => 'permission:manage-user']);

Restricting Route Groups:

// In the same way, entire groups of routes can be restricted within the group() method:
$routes->group('admin', ['filter' => 'role:admin,superadmin'], function($routes) {
    ...
}); 


A lot of this is from Myth/Auth, I suggest that you download it and go through the code.

Myth:Auth

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

i create two filter : usersFiltersAuth and usersFiltersNoAuth

if i use filter in sigle route as:

$routes->get('/login', 'User::login',['filter'=>'usersFiltersNoAuth']);
$routes->get('/registration', 'User::registration',['filter'=>'usersFiltersNoAuth']);
$routes->get('/logout', 'User::logout');


work fine .

How can i  do for an entire controller ?

$routes->group('/user',['filter'=>'usersFiltersAuth'],function($routes){


});


Dont' work and i must except /user/login and /user/registration

Did you try to add the user to the filter?

PHP Code:

$routes->group('user',['filter'=>'user:usersFiltersAuth'],function($routes){ 


What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

Did you try to add the user to the filter?

PHP Code:

$routes->group('user',['filter'=>'user:usersFiltersAuth'],function($routes){ 


doesn't work  or i dont understand :

$routes->group('user',['filter'=>'user:usersFiltersAuth'],function($routes){

});

the violet user is the name of controller ?How can i do exception for some method ?

When I was doing this, I had an exclusion list that would be checked first, if the controller/method was in the exclusion list, the filter was finished and processing stopped.

Something like this...

PHP Code:

        $current = (string)current_url(true)->setHost('')->setScheme('')->stripQuery('token');

        // the array must be all methods that do NOT require being checked
        if (in_array((string)$current, ['/controller/method1', '/controller/method2']))
        {
            return;
        } 


You can of course add as many controller/method items to the exclusion array.

Put any must do filter code after this snippet. It will then exit if necessary or allow the processing as necessary.

When I was doing this, I had an exclusion list that would be checked first, if the controller/method was in the exclusion list, the filter was finished and processing stopped.

Something like this...

PHP Code:

        $current = (string)current_url(true)->setHost('')->setScheme('')->stripQuery('token');

        // the array must be all methods that do NOT require being checked
        if (in_array((string)$current, ['/controller/method1', '/controller/method2']))
        {
            return;
        } 


Put any must do filter code after this snippet. It will then exit if necessary or allow the processing as necessary.

You can of course add as many controller/method items to the exclusion array.

Codeigniter 4 have except to remove some uri to filter , i want know how use it ,principally i want know how use filter for every method of a controller without write a row for every method (if it's possible) than i want exclude the filter for some method ....

I don't know how doesn't work :

Route 

PHP Code:

$routes->add('/user/login', 'User::login',['filter'=>'usersFiltersNoAuth']);
$routes->add('/login', 'User::login',['filter'=>'usersFiltersNoAuth']);
$routes->add('/user/registration', 'User::registration',['filter'=>'usersFiltersNoAuth']);
$routes->add('/logout', 'User::logout');
$routes->add('/user/changeEmail', 'User::changeEmail',['filter'=>'usersFiltersAuth']);
$routes->add('/user/changePassword', 'User::changePassword',['filter'=>'usersFiltersAuth']); 


Filter class :

PHP Code:

class UsersFiltersNoAuth implements FilterInterface
{
    /**
     * Do whatever processing this filter needs to do.
     * By default it should not return anything during
     * normal execution. However, when an abnormal state
     * is found, it should return an instance of
     * CodeIgniter\HTTP\Response. If it does, script
     * execution will end and that Response will be
     * sent back to the client, allowing for error pages,
     * redirects, etc.
     *
     * @param \CodeIgniter\HTTP\RequestInterface $request
     * @param array|null                         $params
     *
     * @return mixed
     */
    public function before(RequestInterface $request, $params = null)
    {
        // if no user is logged in then send them to the login form
        if (isset($_SESSION['user_id']))
        {
                        
            return redirect()->to('/user/index');
        }
    }

    //--------------------------------------------------------------------

    /**
     * Allows After filters to inspect and modify the response
     * object as needed. This method does not allow any way
     * to stop execution of other after filters, short of
     * throwing an Exception or Error.
     *
     * @param \CodeIgniter\HTTP\RequestInterface  $request
     * @param \CodeIgniter\HTTP\ResponseInterface $response
     * @param array|null                          $arguments
     *
     * @return void
     */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
    {

    }

    //--------------------------------------------------------------------

}   // End of YourFilterName Class. 


PHP Code:

class UsersFiltersAuth implements FilterInterface
{
    /**
     * Do whatever processing this filter needs to do.
     * By default it should not return anything during
     * normal execution. However, when an abnormal state
     * is found, it should return an instance of
     * CodeIgniter\HTTP\Response. If it does, script
     * execution will end and that Response will be
     * sent back to the client, allowing for error pages,
     * redirects, etc.
     *
     * @param \CodeIgniter\HTTP\RequestInterface $request
     * @param array|null                         $params
     *
     * @return mixed
     */
    public function before(RequestInterface $request, $params = null)
    {
        // if no user is logged in then send them to the login form
        if (!isset($_SESSION['user_id']))
        {
            
            session()->set('redirect_url', current_url());
            
            return redirect()->to('/login');
        }
    }

    //--------------------------------------------------------------------

    /**
     * Allows After filters to inspect and modify the response
     * object as needed. This method does not allow any way
     * to stop execution of other after filters, short of
     * throwing an Exception or Error.
     *
     * @param \CodeIgniter\HTTP\RequestInterface  $request
     * @param \CodeIgniter\HTTP\ResponseInterface $response
     * @param array|null                          $arguments
     *
     * @return void
     */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
    {

    }

    //--------------------------------------------------------------------

}   // End of YourFilterName Class. 


if i try to go to /user/chengeEmail or /user/changePassword when ($_SESSION['user_id] is set) i am redirect to /user/index why ?