I want to be able to check a page outside of the CodeIgniter environment to see if a user is logged in.
My setup might be as follows:
test.php
/codeigniter/index.php
In my CodeIgniter application, I have a method which checks to see if a user loggedin:
if($this->user->loggedin) {
// Logged in
} else {
// not logged in
}
It's basically calling my user class and checking the loggedin variable. It's easy to use inside the CodeIgniter environment.
How can I use the CodeIgniter functions from my script test.php?
You could set a cookie in CI that your test.php page can check. That would do it.
Or here is something that might help:
Accessing CodeIgniter super object from external php script outside codeigniter installation
Related
I have created a PHP project using Codeigniter and its working perfectly with the localhost. I'm using Xampp 3.2.1 and when I upload the project to the server and try to load the project its working and show the login page. When I enter credentials and login, it redirect me to the home page of my project and when I try to navigate to any other location it redirects me to login page. Please can any one help me on this matter?
This cause because Codeigniter In-built session is not supported in the sever. What you can do is Use PHP Sessions
refer to this link if you want more details -
http://www.php.net/manual/en/book.session.php
What you can do is use start_session() in you controller and use $_SESSION to save your session data and access it.
If you have More than one Controller the approach is different,
You have to create a controller in your project's \application\core\ call MY_Controller(Its okay if you want to use a different Name). The Code of the Controller Should be
<?php
class MY_Controller extends CI_Controller
{
function __construct()
{
parent::__construct();
if(!isset($_SESSION))// to avoid A session had already been started - ignoring session_start()
{
session_start();
}
}
}
?>
and extend all your controllers in your \application\controllers\ with this controller in order to access the session globally
Now use
$_SESSION['data_name'] = $Your_Data;
to set values to session
and in log out function just use session_unset() to clear your current session data
Hope It helps :)
I have some problems using Code Igniter and I feel there is something I don't understand because I can't get my redirects and my headers to work. Here is the situation :
When site is entered, the default "home" controller is called.
public function initialize()
{
printf("CONSTRUCTION OF HOME CONTROLLER - \n");
// print_r($_SESSION);
//TODO : CONSIDER CREATING A LIBRARY TO AVOID WRITING THIS OFTEN. NOT
// SESSION TROLLING DETECTION
if( isset($_SESSION['banana']))
{
echo "SPLITTING THE TRUTH";
}
// GETTING AS SERIOUS AS GREG
if( !isset($_SESSION['username']))
{
printf("USERNAME IS NOT SET. SETTING UP THE LOGIN PAGE. \n");
redirect('home_invite');
}
else
{
$this->load->view('welcome_message');
}
}
public function index()
{
//INITIALIZING THE PATH USED FOR THIS NAVIGATION
printf("TROLLING THE BEGINNING OF THIS CONTROLLER HOME - ");
$this->initialize();
printf("TROLLING THE END OF THIS CONTROLLER HOME - ");
//TODO : CONSIDER CREATING A LIBRARY TO AVOID WRITING THIS OFTEN
}
Index calls initialize who verify if the user has already a session variable with username in it. If that's the case, we would proceed to check his level of privileges, etc, and load corresponding view. Thats not the problem.
If the session is not started, I want to load the "login" view, called here "home_invite". And I want to redirect him to that page. But if I use this code, the page will show a 404 error.
If I use $this->load->view('home_invite'), it works, but I don't understand and I feel it isn't what I want it to do.
Why is redirect not working in this context?
Using the redirect() method redirects to a URL. You therefore need to pass it a full URL (as it uses the header() function which according to the RFC for HTTP1.1 requires a full URL.
This means that you can use
redirect(site_url('home_invite'));
Which will redirect your user to http://www.yoursite.com/home_invite
This means that you must have a controller called home_invite available as you can't load a view from the URL. Equally you could create a method in your existing controller and use the routes.php file to masquerade /your_controller/home_invite as /home_invite
The site_url() function is also part of the URL helper you've already included to use redirect().
If you don't want to use site_url(), you could just as well hard code the URL in like
redirect('http://www.yoursite.com/home_invite');
I have a site using CodeIgniter that is almost complete now. My problem is that, even though I have implemented sessions and maintain a login system, a person can access any page by typing the URL into the browser address bar.
I have implemented the session for patient registration like this:
function index(){
$this->is_logged_in();
}
function log_out(){
$this->session->sess_destroy();
redirect('login_controller');
}
function is_logged_in(){
$is_logged_in = $this->session->userdata('is_logged_in');
if(!isset($is_logged_in)||$is_logged_in!= TRUE ){
redirect('login_controller');
}else{
$this->main();
}
}
Anonymous users can't acess the system just by typing the controller name like this:
http://localhost/demo_site/index.php/register_controller
But they can do it like this:
http://localhost/demo_site/index.php/register_controller/search_patient
Person can't access by typing the controller name, but can enter the system by typing a longer url than the controller, like the one shown above.
What is the problem here? What are the possible solutions??
You will have to implement a login check in the controller's constructor.
Whenever the controller is called, it should check if the user is logged in - if they are not, redirect to a login page or an error page.
To confirm if it is entering the login check put an echo and exit inside the is_logged_in() function and check if it appears in case of http://localhost/demo_site/index.php/register_controller/search_patient
You are probably doing login check in your respective modules and thus you missed for some cases.
It is better to define a set of private modules (say in an array) and do the login check in the frontcontroller itself (in one place) instead of repeatedly in module level.
Sounds like a routing problem. You need to set up your routes to make the second case illegal or at least map to the same controller as the first case. More on routing here.
I agree with tHeSiD. This code should go in the constructor. Ideally in a base class which you use to extend all admin related or restricted classes with. Normally I use an Admin_Controller base class that extends CI_Controller (2.0) or Controller (1.7.x) and then create my application controllers by extending the Admin Controller.
In CakePHP we can use $this->Auth->allow('someMethod'); to make a page viewable without having to login. How do I make some the same page is not viewable when a user is logged in? An example of this would be a register page which we want to be accessible without user logged in ... but not accessible once a user logged in.
I put $this->Auth->deny('someMethod') in isAuthorized() but it seems to me that if the method is in the allow list then isAuthorized is not called when we try to run that page.
Any input? Thank you
There are no complex rules like that built into Cake Auth. You'll have to manually check for conditions like this. It's very simple though:
// Controller
function register() {
if ($this->Auth->user()) {
$this->redirect(/* somewhere else */);
}
}
Contrary to mlevits answer, you don't need to store anything in the Session, the info is readily available from the AuthComponent itself. http://book.cakephp.org/view/387/user
There's also an example how to do it by dynamically using deny(), but that's not as clear in a simple case like this IMHO. http://book.cakephp.org/view/383/deny
Also, deny() produces an error message ("You're not authorized to access this location"), which is probably not what you want for the user experience in this case.
EDIT:
Wasn't aware that CakePHP used a different syntax.
You can then use the following to set the Session variable:
$this->Session->write('user_id', '<some_user_name>');
Then use this to redirect the user if they are logged in:
if ($this->Session->check('user_id'))
{
$this->redirect('http://google.com');
}
And then to destroy a Session use:
$this->Session->destroy()
More information about CakePHP Sessions
Thanks
You can check it in method beforeFilter in AppController to allow aplication-wide check. For example:
<?php
class AppContoller extends Controller {
var $components = array('Session', 'Auth');
function beforeFilter(){
$this->Auth->allow('register', 'home');
// Check if current action allowed to access without authorization and User has login
if(array_key_exists($this->params['action'], $this->Auth->allowedActions) && $this->Auth->user()){
$this->redirect(/* somewhere else */);
}
}
}
?>
Of course you can also implements it in some controller instead of AppController.
I'm not looking for the whole ACO-ARO implementation... I just want to use Auth, and check against the user's role....
What do I put where in order to simply deny users from a given controller unless they have a certain role.
I'm trying to use the $this->Auth->authorize = 'controller';
... but I don't even know where to put that??
Any help would be awesome!
Thanks in advance.
Short answer: Sounds like you need to create and app_controller.php and put your code in the beforeFilter method.`
Longer Answer: Create an app_controller.php file in you app directory and put the following code in beforeFilter().
if (isset($this->params[Configure::read('Routing.admin')])) { //User is trying to access a page using the admin route
if ($this->Session->check('someSessionVariable')) { //Check user has some session variable set.
// User is accessing an admin page and has permission, do something, or in most cases do nothing.
} else { //No sessions set for user, redirect to login page.
$this->redirect('/yourLoginPage'); //Redirect
}
}
This is no substitution for proper user of the Auth component, but should do what you need. Make sure you check its secure before you put it into production.