How to set user previleges in array using codeigniter. for example i have a controller name prospect and its method. I have to check if the logged in user have permission to access these controller methods. how to check anyone please give me advise on this.
You can set permission to access these controller/methods in constructor of the controller.
See the example:
class Admin extends CI_Controller {
function __construct()
{
parent::__construct();
$session_user = $this->session->userdata('session_array');
$method = $this->router->fetch_method();
if(empty($session_user) && $method != 'login'){
redirect('admin/login');
}
}
public function login(){
// Login method
}
public function index(){
// home page method
}
}
Here you can only access the function login from the controller admin. If you access the other functions it redirects to login method of admin controller if the session is not present.
Related
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Login extends CI_Controller{
public function __construct()
{
parent::__construct();
// Your own constructor code
$this->is_logged_in();
}
function is_logged_in()
{
$is_logged_in=$this->session->userdata('is_logged_in');
if(!isset($is_logged_in) || $is_logged_in != true){
//$this->load->view('notlogin');
$this->load->view('admin_login');
//echo "you dont have permission to access this area";
}
}
function index()
{
$this->load->view('admin_login');
//die();
}
function adminlogin()
{
$this->load->model('loginmodel');
$query=$this->loginmodel->verify();
if($query==true){
$data=array(
'username'=>$this->input->post('username'),
'is_logged_in'=>true
);
$this->session->set_userdata($data);
redirect('Login/loginarea');
}
else
{
//$this->is_logged_in();
$this->index();
}
}
public function loginarea()
{
$this->load->view('mainadmin');
}
function logout()
{
$this->session->sess_destroy();
$this->index();
}
}
Here two function __construct and index is loading the same view twice. I don't how to logically correct this. I am checking is_logged_in variable is true or not: if true then load admin area or else admin login page. But index function is also getting executed along with it.
When you call your controller, it will always execute the constructor and the function you have specified in the second segment or by default, index().
In your case, if we assume your URL is http://example.com/index.php/Login
The first thing to be executed is the constructor which calls $this->is_logged_in();
If we assume that the login failed, you load the view with this call $this->load->view('admin_login');
That's it for the constructor.
Then codeigniter call the default function index() which also loads a view $this->load->view('admin_login');
So, that's why your view appears two times.
Imo, the easiest way to fix this is by removing the code in index(). You are not doing anything special in that function and the view is loaded inside is_logged_in() when the constructor is executed.
However, I don't understand why do you check the user status in the controller supposed to authenticate people.
It shouldn't be done that way imho :
Actually, you check if the user is not logged. Instead, I would have have check if the user is logged then I redirect to the admin area or whatever it is.
This way, index() will be the function that displays admin_login and the constructor via is_logged_in() displays the other view.
After the user logs in, I set the variable is_logged_in=true, but in some other controller how can I check is_logged_in is true in codeigniter?
Here is my login code:
public login_con extends CI_Controller
{
public function login()
{
is_logged_in=true;
}
}
I want to check this is_logged_in in another controller so how can i write code for that?
Session is best solution for this. You can read codeignitor session
// set value in session
$this->session->set_userdata('is_logged_in', true);
To get in other controller
$is_logged_in = $this->session->userdata('is_logged_in');
Please also make sure you have loaded session library.
$this->load->library('session');
First thing autoload applications/config/autoload.php, to add session library
$autoload['libraries'] = array('session');
This will include session on every page.
Now your controller file
controller1
public login_con extends CI_Controller
{
public function login()
{
//here you set session like that
$data['is_logged_in'] = TRUE;
$this->session->set_userdata($data);
}
}
Here you get your is_logged_in session on other controller
controller2
public your_con extends CI_Controller
{
public function your_function()
{
//here you get session like that
if($this->session->userdata("is_logged_in"))
{
// your code here
}
}
}
How do you implement in codeigniter access control? or exempt certain functions to be executed in your controller?
I am using ion_auth for my authentication system.
I use MY_Controller to check whether the user is logged in: where:
class MY_Controller extends CI_Controller {
public function __construct()
{
parent::__construct();
if(!$this->ion_auth->logged_in())
{
redirect('auth/login', 'refresh');
}
}
In my suggestion controller:
class Suggestion extends MY_Controller {
public function __construct()
{
parent::__construct();
$this->load->model('Suggestion_model', 'suggestion');
}
public function create()
{
//some codes
}
public function settings()
{
//some codes
}
}
Now my question is, how do I restrict each function to be accessed?
Let's say if you are a guest you are able to access
index.php/suggestion/create
and if you are admin, then you can access below controller
index.php/suggestion/settings.
but if not then you cannot access, please point me in the right direction. thank you.
I am using CodeIgniter. I have a controller named abc and i has functions named index,a,bandc.
www.example.com/abc/
I want that user can only access the area he is logged in.
www.example.com/abc/ //if loggged in else back to homepage
or
www.example.com/abc/a/ //if loggged in else back to homepage
Now to check login. I use:
if($this->auth->is_logged_in()) { .. } else { redirect('/'); }
on every function individually.
Is there any other way to do so ??
I think you can do this by overriding the constructor and call your function in it.
<?php
class Blog extends CI_Controller {
public function __construct()
{
parent::__construct();
// check login
}
}
?>
For a particular controller you can put your if check in the constructor of the controller so that when any method of the controller is called it will pass through your if check
class Abc extends CI_Controller {
public function __construct()
{
parent::__construct();
//your if goes here
}
}
And if you want to check the user is logged in or not in the whole application you can use the constructor method __construct() of CI_Controller so it will be validated when user access any of the controllers within your application
class CI_Controller {
private static $instance;
/**
* Constructor
*/
public function __construct()
{
//your if goes here
}
}
Hey! I'm very new to Codeigniter, I'm trying to protect the entire admin controller. I figured I'd start here:
function Admin()
{
parent::Controller();
if(!isset($_SESSION['loggedin'])){
$this->login();
}
}
but this is obviously incomplete. How do I also stop the method that is trying to run ( ie index() ), and am I on the right track here??
Thanks for your help!!
there is
Extend the base controllers:
MY_Controller.php
<?php
class MY_Controller extends Controller {
function __construct()
{
parent::Controller();
$user_id = $this->session->userdata('user_id');
$this->data['user'] = $this->user_lib->get($user_id);
}
}
?>
you can store all kinds of info in this construct. This just gets the currently logged in users ID and assigns it the $data['user'] . This will be adjusted depending on which sort of auth library you use but you get the gist. You now have access to the current users ID, and all their details, from within any controller that extends "MY_Controller"
now you can create an "admin" controller, or any number of other ones to restrict access. like so:
Admin_Controller.php
<?php
class Admin_Controller extends MY_Controller {
function __construct()
{
parent::Controller();
if($this->data['user']['group'] !== 'admin')
{
show_error('Error - you need to be an admin.');
}
}
}
?>
Public_controller.php
<?php
class Public_Controller extends MY_Controller {
function __construct()
{
parent::Controller();
if($this->data['user']['group'] !== 'member')
{
show_error('You need to login to see this page...');
}
}
}
?>
as you can see..possibilities are endless
So, for admin only pages - use the admin controller
for member only pages - public
for "normal" pages - use the default controller.
I'll link to Phil Sturgeon's article as it's where I read about it first
put the checking session code in every function in Admin Controller that you want to protect.
that is the easiest way to do it..