I have created a user login and logout system. After login the user gets redirected to his dashboard. Currently with the help of correct url, the user can go directly to dashboard without login. to restrict this i used the following code so that user can not access any internal pages before login
class User extends CI_Controller
{
public function __construct()
{
parent::__construct();
if(!$this->session->userdata('logged_in'))
{
$this->session->set_flashdata('no_access', 'sorry you are not allowed');
redirect('user/noaccess');
}
}
}
Now when i try to access the dashboard with a correct url, but without login i am not able to view it but is is also not etting redirected to noaccess. i am getting the following error
the page not redirecting properly
Can anyone please tell how to do this properly
Sam consider doing this
public function logged_in()
{
$logged_in = $this->session->userdata('logged_in');
if (!isset($logged_in) || $logged_in != true)
{
redirect("Checkin"); //insert your login page
}
}
Then in your controller for page access you can call this method
public function admin()
{
$this->logged_in();
//rest of controller here
}
This will prevent anyone from accessing your admin pages without login. The "logged_in" method will redirect them to the login page. That way you are not redirecting to yet another page(user/noaccess) or using flashdata. Use the $this->logged_in(); on any method that requires login
Related
Let's said I have 2 pages "LowAdmin" and "Login"
I want to prevent user from accesing "LowAdmin" directly from url.
Instead, I want to redirect them to "Login" page.
I have a problem explaining my pages to my teacher, because he access LowAdmin, instead of Login page.
Anyone can help? I almost finish this final project.
By analysing your project code in GitHub you can redirect by changing your constructor function of LowAdmin Controller like this.
function __construct(){
parent::__construct();
$loginstatus = $this->session->userdata('status');
if($loginstatus!="login2"){
redirect(base_url("login"));
}
$this->load->model('project_model');
}
Please comment below if you encountered any problem.
By session you can
do it.
For example
public function index()
{
$this->load->library('session');
$admindata = $this->session->userdata('admin');
if($admindata){
$this->load->view('admin/dashboard');
}else{
redirect('admin/login');
}
}
class DashboardController extends BaseController {
protected $layout = "layouts.dashboard";
public function __construct(){
//$this->beforeFilter('csrf', array('on'=>'post'));
$this->beforeFilter('auth', array('only'=>array('getIndex')));
}
public function getIndex(){
$this->layout->content= View::make('dashboard.index');
}
}
Above given code is my dashboardController. It is ok when i login and it redirects to dashboard. When the user is in dashboard, it means the user is authenticated. Now in the url bar, i hits the url of login. in my case it is
http://localhost:8000/users/login
now it redirects to login even the user is logged in. Now when i want to know how we can redirect to dashboard authomatically if the user is logged in.
I am new to laravel 4.2. I hope you will guide me. Im lost in this section
You can try to put this into your getIndex() function:
if(Session::has('login_parameters')) return Redirect::to('foo/dashboard');
I use this code in Laravel 3, hopefully it works in laravel 4.2 as well.
Using Codeigniter, I have certain controllers that correspond to the logged-in section of my site.
Each of these controllers is defined like that:
class Account extends MY_Controller { ... }
Where MY_Controller is a core extension of CI_Controller and this is the full code:
class MY_Controller extends CI_Controller {
public function __construct()
{
parent::__construct();
if(!$this->session->userdata('loggedIn')) { //Not logged in
$this->session->set_userdata('frontend_redirect' , current_url()); //record the URL post-login
$this->output->set_status_header('401'); //Unauthorized HTTP header
redirect('app/login'); die();
}
}
}
Basically if the user is not logged in, it saves the requested page, redirects to the login page (which will redirect to the requested page again once logged in).
That works perfectly fine locally on WAMP. But on a real server if the user is not logged in it shows a blank page and doesn't redirect to the login page at all.
Any ideas why? I'm assuming the 401 status header may be the cause.
Thanks in advance!
is it possible to check user authentication at constructor function of code igniter controller?
user controller
class user extends CI_Controller{
function __construct() {
parent::__construct();
$this -> load -> model('user_model');
if (!$this -> user_model -> logged_in()) {
$this -> load -> view('user/login');
} else {
return TRUE;
}
}
}
while i running this i got login view top of my dashboard after login. before login i get two login view. i tried this for minimize to repeatedly check is user loggedin or not.
If you want to show login page with out change the url, You should do forward method. But CI have not method for forward.
check following answers.
Internal forward action in CodeIgniter
Just do a simple session check like where you check the session validity of the user if set or not:
if(!$this->session->userdata('logged_user')){
redirect('controller/function', 'refresh');
}
In the controller:
public function function(){
$this->load->view('login');
}
i have login form, and then i try to access the controller directly, it works ! how do i prevent this access ?
i got some class
class C_home extends CI_Controller{
public function __construct() {
parent::__construct();
$this->session->set_userdata('islogin'); //to set session islogin
}
function index()
{
if ($this->session->userdata('islogin') != TRUE)
{
redirect('c_home','refresh'); //caused infinite refresh
}
redirect('c_login', 'refresh');
}
}
then i try to direct access controller, the page show infinite refresh, i want the page to show the login form
how do i resolve this ?
A couple of comments:
On the $this->session->set_userdata('islogin'); line, you should pass a 2nd argument which is the value to be assigned (presumably, TRUE is what you meant to put)
I think your redirect lines are the wrong way around. If the user isn't logged in, then you want to redirect to login. Now what your code does is redirect to home if the user isn't logged in, hence the endless loop (since this code is in the home page!
The $this->session->set_userdata('islogin', TRUE); line should obviously be in your login controller, but I'm guessing you've put it here just for testing purposes?
I'd rather do this like so
class C_home extends CI_Controller {
public function __construct()
{
parent::__construct();
}
function index()
{
if ($this->session->userdata('islogin') != TRUE)
{
redirect('c_home/login','refresh'); // go for login
}
// do something for loged in users here
}
function login()
{
if ($this->session->userdata('islogin') == TRUE)
{
redirect('c_home','refresh'); // get back home
}
// perform some login logic here
// then, if successful
{
$this->session->set_userdata('islogin',TRUE);
redirect('c_home','refresh'); // get back home
}
// or else
// display login form here
}
Of course is always better to use third party login library like this one https://github.com/DaBourz/SimpleLoginSecure
You're supposed to access the controller, that is the point of them to control things. If you have specific functions you don't want accessed via URL then prefix the function name with an _ like _notForPublicFunction. As to the infinite refresh...
if(!$this->session->userdata('isLogin'))
{
redirect('c_login');
} else {
redirect('c_home');
}
What you need to do is set up a base controller that will look after the session for you and split your logged in controllers from your logged out ones via inheritance.
It is a common question on here how best to manage logged-in and logged-out states. Please refer to this answer for detailed explanation on how to do it.