Logged-in mandatory controller in Codeigniter fails on server - php

Using Codeigniter, I have certain controllers that correspond to the logged-in section of my site.
Each of these controllers is defined like that:
class Account extends MY_Controller { ... }
Where MY_Controller is a core extension of CI_Controller and this is the full code:
class MY_Controller extends CI_Controller {
public function __construct()
{
parent::__construct();
if(!$this->session->userdata('loggedIn')) { //Not logged in
$this->session->set_userdata('frontend_redirect' , current_url()); //record the URL post-login
$this->output->set_status_header('401'); //Unauthorized HTTP header
redirect('app/login'); die();
}
}
}
Basically if the user is not logged in, it saves the requested page, redirects to the login page (which will redirect to the requested page again once logged in).
That works perfectly fine locally on WAMP. But on a real server if the user is not logged in it shows a blank page and doesn't redirect to the login page at all.
Any ideas why? I'm assuming the 401 status header may be the cause.
Thanks in advance!

Related

Codeigniter default controller don't redirect to members area when session is set

I'm facing strange issue in Codeginiter 3. First I will post some code
class Front extends CI_Controller {
public function __construct()
{
parent::__construct();
}
public function index()
{
$logged_in = $this->session->userdata('logged_in');
if($logged_in){
echo "still active";
// $this->load->view('users/header');
// $this->load->view('shared/homepage');
// $this->load->view('users/footer'); etc..
}else{
echo "logged out";
// $this->load->view('public/header');
// $this->load->view('shared/homepage');
// $this->load->view('public/footer'); etc..;
}
}
}
I have Front controller which is default controller of my application and serves views for home page. These 2 views are different (they have different template parts, settings etc..) for public visitors and registered members.
So in code above I give pseudo code example how it looks
But! problem is while member is logged in still and he closes browser tab, or leave page (dont mean loggout)then again when visit site default controller loads home page for public visitor instead of home page for member who is still active.

Not able to redirect in codeigniter

I have created a user login and logout system. After login the user gets redirected to his dashboard. Currently with the help of correct url, the user can go directly to dashboard without login. to restrict this i used the following code so that user can not access any internal pages before login
class User extends CI_Controller
{
public function __construct()
{
parent::__construct();
if(!$this->session->userdata('logged_in'))
{
$this->session->set_flashdata('no_access', 'sorry you are not allowed');
redirect('user/noaccess');
}
}
}
Now when i try to access the dashboard with a correct url, but without login i am not able to view it but is is also not etting redirected to noaccess. i am getting the following error
the page not redirecting properly
Can anyone please tell how to do this properly

Sam consider doing this
public function logged_in()
{
$logged_in = $this->session->userdata('logged_in');
if (!isset($logged_in) || $logged_in != true)
{
redirect("Checkin"); //insert your login page
}
}
Then in your controller for page access you can call this method
public function admin()
{
$this->logged_in();
//rest of controller here
}
This will prevent anyone from accessing your admin pages without login. The "logged_in" method will redirect them to the login page. That way you are not redirecting to yet another page(user/noaccess) or using flashdata. Use the $this->logged_in(); on any method that requires login

Redirect to dashboard if user is loggedin in Laravel 4.2

class DashboardController extends BaseController {
protected $layout = "layouts.dashboard";
public function __construct(){
//$this->beforeFilter('csrf', array('on'=>'post'));
$this->beforeFilter('auth', array('only'=>array('getIndex')));
}
public function getIndex(){
$this->layout->content= View::make('dashboard.index');
}
}
Above given code is my dashboardController. It is ok when i login and it redirects to dashboard. When the user is in dashboard, it means the user is authenticated. Now in the url bar, i hits the url of login. in my case it is
http://localhost:8000/users/login
now it redirects to login even the user is logged in. Now when i want to know how we can redirect to dashboard authomatically if the user is logged in.
I am new to laravel 4.2. I hope you will guide me. Im lost in this section

You can try to put this into your getIndex() function:
if(Session::has('login_parameters')) return Redirect::to('foo/dashboard');
I use this code in Laravel 3, hopefully it works in laravel 4.2 as well.

Force login after ajax request

im using cake php 2.4 my problem is sometimes after session idle, or logout in other tab the ajax request doesn't work because the user is already logged out.
my question is how i can verify that to redirect the user to the login page.
my function that im using to filter requests is used on my userscontroller class
//class UsersController
public function beforefilter(){
parent::beforeFilter();
// Allow users to logout.
$this->Auth->allow('logout');
}
thank you

if (!$this->Session->read('Auth.User')) {
// redirect here
}

Codeigniter failed login direct access to controller

i have login form, and then i try to access the controller directly, it works ! how do i prevent this access ?
i got some class
class C_home extends CI_Controller{
public function __construct() {
parent::__construct();
$this->session->set_userdata('islogin'); //to set session islogin
}
function index()
{
if ($this->session->userdata('islogin') != TRUE)
{
redirect('c_home','refresh'); //caused infinite refresh
}
redirect('c_login', 'refresh');
}
}
then i try to direct access controller, the page show infinite refresh, i want the page to show the login form
how do i resolve this ?

A couple of comments:
On the $this->session->set_userdata('islogin'); line, you should pass a 2nd argument which is the value to be assigned (presumably, TRUE is what you meant to put)
I think your redirect lines are the wrong way around. If the user isn't logged in, then you want to redirect to login. Now what your code does is redirect to home if the user isn't logged in, hence the endless loop (since this code is in the home page!
The $this->session->set_userdata('islogin', TRUE); line should obviously be in your login controller, but I'm guessing you've put it here just for testing purposes?

I'd rather do this like so
class C_home extends CI_Controller {
public function __construct()
{
parent::__construct();
}
function index()
{
if ($this->session->userdata('islogin') != TRUE)
{
redirect('c_home/login','refresh'); // go for login
}
// do something for loged in users here
}
function login()
{
if ($this->session->userdata('islogin') == TRUE)
{
redirect('c_home','refresh'); // get back home
}
// perform some login logic here
// then, if successful
{
$this->session->set_userdata('islogin',TRUE);
redirect('c_home','refresh'); // get back home
}
// or else
// display login form here
}
Of course is always better to use third party login library like this one https://github.com/DaBourz/SimpleLoginSecure

You're supposed to access the controller, that is the point of them to control things. If you have specific functions you don't want accessed via URL then prefix the function name with an _ like _notForPublicFunction. As to the infinite refresh...
if(!$this->session->userdata('isLogin'))
{
redirect('c_login');
} else {
redirect('c_home');
}

What you need to do is set up a base controller that will look after the session for you and split your logged in controllers from your logged out ones via inheritance.
It is a common question on here how best to manage logged-in and logged-out states. Please refer to this answer for detailed explanation on how to do it.

Categories