Let's said I have 2 pages "LowAdmin" and "Login"
I want to prevent user from accesing "LowAdmin" directly from url.
Instead, I want to redirect them to "Login" page.
I have a problem explaining my pages to my teacher, because he access LowAdmin, instead of Login page.
Anyone can help? I almost finish this final project.
By analysing your project code in GitHub you can redirect by changing your constructor function of LowAdmin Controller like this.
function __construct(){
parent::__construct();
$loginstatus = $this->session->userdata('status');
if($loginstatus!="login2"){
redirect(base_url("login"));
}
$this->load->model('project_model');
}
Please comment below if you encountered any problem.
By session you can
do it.
For example
public function index()
{
$this->load->library('session');
$admindata = $this->session->userdata('admin');
if($admindata){
$this->load->view('admin/dashboard');
}else{
redirect('admin/login');
}
}
Related
I have created a user login and logout system. After login the user gets redirected to his dashboard. Currently with the help of correct url, the user can go directly to dashboard without login. to restrict this i used the following code so that user can not access any internal pages before login
class User extends CI_Controller
{
public function __construct()
{
parent::__construct();
if(!$this->session->userdata('logged_in'))
{
$this->session->set_flashdata('no_access', 'sorry you are not allowed');
redirect('user/noaccess');
}
}
}
Now when i try to access the dashboard with a correct url, but without login i am not able to view it but is is also not etting redirected to noaccess. i am getting the following error
the page not redirecting properly
Can anyone please tell how to do this properly
Sam consider doing this
public function logged_in()
{
$logged_in = $this->session->userdata('logged_in');
if (!isset($logged_in) || $logged_in != true)
{
redirect("Checkin"); //insert your login page
}
}
Then in your controller for page access you can call this method
public function admin()
{
$this->logged_in();
//rest of controller here
}
This will prevent anyone from accessing your admin pages without login. The "logged_in" method will redirect them to the login page. That way you are not redirecting to yet another page(user/noaccess) or using flashdata. Use the $this->logged_in(); on any method that requires login
I'm trying to make a login process in codeigniter because I'm new to it and want to familiarize myself with it. Then I want to add a security feature where if the dashboard is accessed using the URL, if the session of account_id is not set I will redirect them to login:
public function index() {
if ($this->session->userdata('account_id') === FALSE ) {
redirect('/');
}
return $this->_renderPage();
}
but then it gives me this result
As you can see it's still in the dashboard but its all blank page and it did not redirect.
How can I fix this?
Thanks in advance for the help.
Have you load the right helper ? Do it with $this->load->helper('url');.
After you can use redirect like this: redirect('/', 'refresh');
The CodeIgniter documentation about url helper
PS: The PHP way to do this is header('Location: http://www.website.com/');
i have implement the php sdk for the facebook login in my project.. and all works with the login except the logout.
how can i write the code to call a function from the controller to destroy the session?
tried a lot of things but canĀ“t get understand how can i do this..
hope that somebody can help me with this.
my model with the logouturl is this:
'logoutUrl' => $this->facebook->getLogoutUrl()
and the function in the controller is this:
public function logout()
{
$this->CI->session->sess_destroy('logourUrl');
$this->load->view('home');
// do more thing you want to do such as redirect
}
Try adding the below in your controller
function logout()
{ $logout = $this->facebook->getLogoutUrl(array('next'=>'url to be redirected after logout'));
$this->facebook->destroySession();
$this->session->sess_destroy();
header("Location:$logout");
}
You don't need to load the view because facebook will automatically redirect to the given url after logout.
i have login form, and then i try to access the controller directly, it works ! how do i prevent this access ?
i got some class
class C_home extends CI_Controller{
public function __construct() {
parent::__construct();
$this->session->set_userdata('islogin'); //to set session islogin
}
function index()
{
if ($this->session->userdata('islogin') != TRUE)
{
redirect('c_home','refresh'); //caused infinite refresh
}
redirect('c_login', 'refresh');
}
}
then i try to direct access controller, the page show infinite refresh, i want the page to show the login form
how do i resolve this ?
A couple of comments:
On the $this->session->set_userdata('islogin'); line, you should pass a 2nd argument which is the value to be assigned (presumably, TRUE is what you meant to put)
I think your redirect lines are the wrong way around. If the user isn't logged in, then you want to redirect to login. Now what your code does is redirect to home if the user isn't logged in, hence the endless loop (since this code is in the home page!
The $this->session->set_userdata('islogin', TRUE); line should obviously be in your login controller, but I'm guessing you've put it here just for testing purposes?
I'd rather do this like so
class C_home extends CI_Controller {
public function __construct()
{
parent::__construct();
}
function index()
{
if ($this->session->userdata('islogin') != TRUE)
{
redirect('c_home/login','refresh'); // go for login
}
// do something for loged in users here
}
function login()
{
if ($this->session->userdata('islogin') == TRUE)
{
redirect('c_home','refresh'); // get back home
}
// perform some login logic here
// then, if successful
{
$this->session->set_userdata('islogin',TRUE);
redirect('c_home','refresh'); // get back home
}
// or else
// display login form here
}
Of course is always better to use third party login library like this one https://github.com/DaBourz/SimpleLoginSecure
You're supposed to access the controller, that is the point of them to control things. If you have specific functions you don't want accessed via URL then prefix the function name with an _ like _notForPublicFunction. As to the infinite refresh...
if(!$this->session->userdata('isLogin'))
{
redirect('c_login');
} else {
redirect('c_home');
}
What you need to do is set up a base controller that will look after the session for you and split your logged in controllers from your logged out ones via inheritance.
It is a common question on here how best to manage logged-in and logged-out states. Please refer to this answer for detailed explanation on how to do it.
I am really new to CodeIgniter.
I am trying to setup a website where the user must be logged in to view the pages. Coming from Java, I am taking the hierarchical approach to things.
My thought was to write my own Controller base:
<?php
class MY_Controller extends Controller
{
function Controller()
{
parent::Controller();
if(!$this->quickauth->logged_in())
{
//they need to login, send them to the login page.
}
}
}
?>
Now I can write controllers which extend it and I will be sure that they will always be logged in.
Here is the outline for the login page:
<?php
class login extends Controller
{
function index()
{
//Lets just double check, they might not have to login.
if ($this->quickauth->logged_in())
{
//send them to the main controller
}
}
}
?>
Well as you can see I have gotten this far. What do I need to replace:
1. //send them to the main controller
2. //they need to login, send them to the login page.
with?
Is there a better way of doing this?
Thanks,
Blake
Redirection is easy.
Just use:
redirect('controller/method');
Yes, load the url helper to access the redirect function.
$this->load->helper('url);
Since the url helper is used a lot, you should autoload it in config/autoload.
if you load the 'url_helper' you've got a redirect function in there. Read the docs about the url helper for more information.
You could also use soemthing like this
function is_logged_in()
{
$is_logged_in = $this->session->userdata('is_logged_in');
if (!isset($is_logged_in) || $is_logged_in != true)
{
echo 'You don't have permission to access this page. Login';
die();
//$this->load->view('login_form');
}
}
You could build on this