I started working on a project which should have admin panel and frontend and I want to use CodeIgniter framework on client request. But the problem is I am not able to understand how to start the project as mentioned above.
I want folder similar to the image shared
Besides the Admin_controller (for separeted security rules), for better organization, it's good to use some extension like this one:
HMVC: https://bitbucket.org/wiredesignz/codeigniter-modular-extensions-hmvc/src
With this you'll be able to that this type os structure:
URLs
http://awesome.site/public_controller
http://awesome.site/*module_name*/*controller_inside_module*
http://awesome.site/admin/login
Try using Codeigniter's session functionality to authenticate the user and his role (e.g., "admin", "customer", etc)
Then add a constructor like this to every controller (this is just an example)
class Admin_only extends CI_Controller {
public function __construct()
{
parent::__construct();
if( !isset($this->session->userdata['logged_in']) || $this->session->userdata['logged_in']['user_type'] != 'administrator' )
{
// you're not welcome here
redirect('welcome/access_error');
}
}
The __construct() is run every time anything within the controller is accessed.
See how in my example (there's cleaner ways, but this will definitely work), I'm constantly checking if the user is logged in AND if the user is an administrator (actually I'm checking the opposite... logged out OR not administrator, but it's pretty much the same thing logically) and if the check fails, the user is redirected away from the controller.
Related
I have two types of users: "vendors" and "clients". And I'm currently using Laravel's built-in Auth Controllers (from the make:auth command) to do my client user authentication.
And since I have two kinds of users, I have changed the $redirectTo property on the LoginController, RegisterController, and ResetPasswordController to /client/home.
Here is proof:
RegisterController
LoginController
Now, it redirects to /client/home every time I successfully do registration, login, and password reset.
But the problem is when I'm in mysite.com/client/home already, whenever I would try to go to mysite.com/register or mysite.com/login via the address bar, it would redirect to mysite.com/home instead of mysite.com/client/home...
How can I make it redirect to mysite.com/client/home whenever an authenticated user tries to go to /login or /register?
The simplest option is to create separate controllers for both of your login areas. It will be easier to manage later on, and you can customise the behaviour a bit better.
The default folder structure looks like this:
app
|__Http
|__Controllers
|__Auth
|__ForgotPasswordController.php
|__LoginController.php
|__RegisterController.php
|__ResetPasswordController.php
You could create an additional folder for your client controllers, like so:
app
|__Http
|__Controllers
|__Auth
| |__ForgotPasswordController.php
| |__LoginController.php
| |__RegisterController.php
| |__ResetPasswordController.php
|__Client
|__Auth
|__ForgotPasswordController.php
|__LoginController.php
|__RegisterController.php
|__ResetPasswordController.php
This way you can customise the $redirectTo properties of each controllers individually.
As an alternative solution, you could overwrite the redirectPath of the RedirectsUsers trait, by creating a redirectPath method in your respective controllers, and return the URL you'd like:
public function redirectPath()
{
if (\Request::is('client/*'))
{
return url('client/home');
}
return url('home');
}
The advantage of this second solution is that you can return controller actions and named routes as well. I personally don't like routing to URLs, as if I ever decide to change them, then I'll have to change them everywhere. Using controller actions seems like a better idea, but you could run into the same problem if you refactor your code later on. I prefer using named routes, as I can give them a sensible name, and never change them again, yet still keep all my redirects in a working order.
I am not sure what exact term for it but what I am trying to do is to redirect all guest if they are on admin/ or any url after admin/dashboard/ or admin/posts/new/` etc.. no matter how deep segments are there.
I have written helper to redirect guest guest_redirect() to the login screen and working find without any issue but just want to do above stuff so I don't have to check on every controller below admin/
Note: I am using HMVC so all controllers extends MX_Controller
EDIT:
I have tried below code in MX_Controller class __construct() and it is working fine
if($this->uri->segment(1) === 'admin'){
guest_redirect();
}
It is redirecting all url under admin/ to the login screen. Just wonder if it is good practice to modify core MX_Controller class or there is any other way to do so.
You can try a credentials system.
You can use an array in the session or a table in the db, with the users and their credentials.
You can check if the user has the credential and then permit the access or redirect him/her to other controller.
Edit:
You can use $this->router->class to know the name of the controller where you are.
if ($this->router->class == "admin") {
guest_redirect();
}
You can use $this->router->method too, this returns the name of the method where you are.
I'm running Kohana 3, and having a hard time understanding the Auth module, or even if it's what I need. Basically I want to create a basic user profile site with basic username/password protection.
How do I take my existing controllers...
class Controller_Profile extends Controller
{
function action_index( $user_id )
{
// User should already be authenticated by here I think
}
}
...and use them with some sort of authentication system
For Kohana 3 you'll want to do your check in before and not __construct like JIStone suggests.
public function before()
{
parent::before();
// This automatically checks for an auto login cookie (thanks kemo).
if ( ! Auth::instance()->logged_in())
{
// Redirect to a login page (or somewhere else).
$this->request->redirect('');
}
}
Simple enough to understand. You can put this into a controller and have all the controllers that need authentication to extend that.
If you will be requiring a user to be registered for all pages on the controller you can put a check in your __construct() statement:
function __construct()
{
//Check roles for Access!!!!
parent::__construct();
$this->load_user();
if( ! $this->is_registered )
{
if(request::is_ajax())
die('This ajax call cannot be completed due to permission issues.');
// this will redirect from the login page back to this page
$this->session->set('requested_url', url::current());
url::redirect('user/login');
}
}
This is the code we use, but it is Kohana 2, not 3, so you will need to adjust a bit for your purposes.
I have provided a link to a short walkthrough for the installation and basic usage of the Auth Module in Kohana 3
Once you have your Auth process working, you can protect certain controllers by checking for a logged in user and proper authentication role in your before() method, or create a base controller for all your controllers that will need this check. If the user is not logged in, redirect them to the login page, if they do not have the proper access level (or role), then you can show them an "Access Denied" page.
I have a site using CodeIgniter that is almost complete now. My problem is that, even though I have implemented sessions and maintain a login system, a person can access any page by typing the URL into the browser address bar.
I have implemented the session for patient registration like this:
function index(){
$this->is_logged_in();
}
function log_out(){
$this->session->sess_destroy();
redirect('login_controller');
}
function is_logged_in(){
$is_logged_in = $this->session->userdata('is_logged_in');
if(!isset($is_logged_in)||$is_logged_in!= TRUE ){
redirect('login_controller');
}else{
$this->main();
}
}
Anonymous users can't acess the system just by typing the controller name like this:
http://localhost/demo_site/index.php/register_controller
But they can do it like this:
http://localhost/demo_site/index.php/register_controller/search_patient
Person can't access by typing the controller name, but can enter the system by typing a longer url than the controller, like the one shown above.
What is the problem here? What are the possible solutions??
You will have to implement a login check in the controller's constructor.
Whenever the controller is called, it should check if the user is logged in - if they are not, redirect to a login page or an error page.
To confirm if it is entering the login check put an echo and exit inside the is_logged_in() function and check if it appears in case of http://localhost/demo_site/index.php/register_controller/search_patient
You are probably doing login check in your respective modules and thus you missed for some cases.
It is better to define a set of private modules (say in an array) and do the login check in the frontcontroller itself (in one place) instead of repeatedly in module level.
Sounds like a routing problem. You need to set up your routes to make the second case illegal or at least map to the same controller as the first case. More on routing here.
I agree with tHeSiD. This code should go in the constructor. Ideally in a base class which you use to extend all admin related or restricted classes with. Normally I use an Admin_Controller base class that extends CI_Controller (2.0) or Controller (1.7.x) and then create my application controllers by extending the Admin Controller.
I am building an application using cakePHP. Do we have a method where we can allow public users access to certain pages without logging in. There would be a few pages such as about us regarding the whole organisation or a contact us page. Is there a method to avoid login access, something similar to how we have ways to add components or set layouts.
As Martin Bean says, you can use ACL. For a sophisticated site, that would be my choice. You do not have to be logged in to access the public pages. http://multiheadweighers.co.uk is an example of a site that uses ACL. There is a fully featured CMS behind the public pages.
For a simple site I would allow access to, for instance, the view action using
function beforeFilter() {
parent::beforeFilter;
$this->Auth->allow('view');
}
see: http://book.cakephp.org/view/1257/allow
It really isn't a big deal - try it and you'll see how easy it is.
EDIT:
From the book # http://book.cakephp.org/view/1550/Setting-up-permissions
Now we want to take out the references
to Auth->allowedActions in your users
and groups controllers. Then add the
following to your posts and widgets
controllers:
function beforeFilter()
{
parent::beforeFilter();
$this->Auth->allowedActions = array('index', 'view');
}
This removes the 'off switches' we put in earlier on the users and groups controllers, and gives public access on the index and view actions in posts and widgets controllers. In AppController::beforeFilter() add the following:
$this->Auth->allowedActions = array('display');
This makes the 'display' action public. This will keep our PagesController::display() public. This is important as often the default routing has this action as the home page for you application.
EDIT 2:
$user = ($this->Auth->user())?$this->Auth->user():'Anonymous';
if(!$this->Acl->check($user,"{$url}"))
$this->redirect($this->referer()); // or whatever action you want to take.
The solution would be to use the allow method in the Auth component to let the user visit those pages.
Thank you!