I am using CodeIgniter. I have a controller named abc and i has functions named index,a,bandc.
www.example.com/abc/
I want that user can only access the area he is logged in.
www.example.com/abc/ //if loggged in else back to homepage
or
www.example.com/abc/a/ //if loggged in else back to homepage
Now to check login. I use:
if($this->auth->is_logged_in()) { .. } else { redirect('/'); }
on every function individually.
Is there any other way to do so ??
I think you can do this by overriding the constructor and call your function in it.
<?php
class Blog extends CI_Controller {
public function __construct()
{
parent::__construct();
// check login
}
}
?>
For a particular controller you can put your if check in the constructor of the controller so that when any method of the controller is called it will pass through your if check
class Abc extends CI_Controller {
public function __construct()
{
parent::__construct();
//your if goes here
}
}
And if you want to check the user is logged in or not in the whole application you can use the constructor method __construct() of CI_Controller so it will be validated when user access any of the controllers within your application
class CI_Controller {
private static $instance;
/**
* Constructor
*/
public function __construct()
{
//your if goes here
}
}
Related
In my header view I wrote this code:
<?php
if($this->session->userdata('logged_in')) {
$query = $this->db->get_where('instructors', array('id' => $this->session->userdata('id')));
$insdatacheck = $query->row_array();
if($insdatacheck['name'] == '') {
redirect(base_url().'user/continueregistration');
} else { ?>
<script type="text/javascript">alert('test');</script>
<?php
}
}
?>
But it does not redirect to the following page. However, if I write this in the controller, it works properly. I wrote it in header view because I want to check it in every page where enters the user. How can I improve it and write in a proper way? Thanks in advance
I think instead of your header you should put your check inside your controller constructor.
class Test extends CI_Controller {
function __construct() {
parent::__construct();
// if not logged-in redirect to login page
if ($this->session->userdata('logged_in') == false) {
redirect('login'); // where you want to redirect
}
}
}
Another option is to create a base controller. Place the function in the base controller and then inherit from this.
To achieve this in CodeIgniter, create a file called MY_Controller.php in the libraries folder of your application.
class MY_Controller extends Controller
{
public function __construct()
{
parent::__construct();
}
public function is_logged_in()
{
$user = $this->session->userdata('user_data');
return isset($user);
}
}
Then make your controller inherit from this base controller.
class X extends MY_Controller
{
public function __construct()
{
parent::__construct();
}
public function do_something()
{
if ($this->is_logged_in())
{
// User is logged in. Do something.
}
}
}
First create session in the controller only,
Then we access session in any page,
$this->load->library('session');
$user=$this->session->userdata('logged_in');
if (!isset($user)) {
redirect(base_url().'user/continueregistration');
}
else {
<script type="text/javascript">alert('test');</script>
}
I am trying to redirect to controller index if not authorized the access to other functions within same controller. According to my coding it is looking like infinite loop. Please help me to do that.
class Customer_Dashboard extends CI_Controller {
public function __construct() {
$method= $this->router->fetch_method();
if ($this->session->userdata("cus_sel_comp")) {
}else{
if($method !="index"){
redirect(base_url()."customer_dashboard");exit;
}
}
}
public function index() {
// Here do some operations and let the user to select company and update the "cus_sel_comp" session variable. After set that session user can access the other controller functions.
}
public function other_function1() {
}
public function other_function2() {
}
}
My coding is as above. I need to do this using same controller. Problem is if that session not set there is a infinite loop.
Instead of redirecting return index function. See the code below
if($method !="index"){
return $this->index();
}
You are calling the same function and redirecting it to same method.
class Customer_Dashboard extends CI_Controller {
public function __construct() {
$method= $this->router->fetch_method();
if ($this->session->userdata("cus_sel_comp")) {
}else{
if($method !="index"){
redirect(base_url()."Customer_Dashboard/index"); // Redirect it to index if other method is invoked.
}
}
}
public function index() {
// Here do some operations and let the user to select company and update the "cus_sel_comp" session variable. After set that session user can access the other controller functions.
}
public function other_function1() {
}
public function other_function2() {
}
}
Also dont use base_url() instead of that define an path in config
base_url() has many other entries present which are un-necessarily called.
I've recently started to learn OOP and Codeigniter. I've set up 2 new files in core; MY_Controller.php extending CI_Controller and MY_Model.php extending CI_Model. These files are both working, i'm able to call their methods in various controllers and models. However, I have a method in MY_Controller that checks if a user's logged in, if so it calls a method from MY_Model that updates the last active field in the user table. This method is working when I call it from say Login_model, but when I call it from MY_Controller it passes an error:
Call to undefined method Feed::update_last_active()
Why is this? I'm trying to call a core model from my core controller, should I not be doing this? Below is my code.
MY_Controller.php:
class MY_Controller extends CI_Controller{
public function __construct(){
parent::__construct();
}
/**
* Check if the users sessions logged in
*/
public function logged_in(){
//Check the flag logged_in exists in the session
if ($this->session->userdata('logged_in')){
//Update the last active field in the user db
$this->update_last_active($this->session->userdata('user_id'));
return true;
} else {
return false;
}
}
}
MY_Model.php:
class MY_Model extends CI_Model{
/**
* Updates users last active
*/
public function update_last_active($id){
$this->db->where('id', $id);
$this->db->update('users', array('last_active' => date('Y-m-d H:i:s')));
}
}
MY_Controller updated to #Tiger response (Returns Call to undefined method CI_Loader::update_last_active()):
public function logged_in(){
//Check the flag logged_in exists in the session
if ($this->session->userdata('logged_in')){
//Load my model
$my_model = $this->load->model('MY_Model');
//Update the last active field in the user db
$my_model->update_last_active($this->session->userdata('user_id'));
return true;
} else {
return false;
}
}
Controller file:
public function __construct(){
parent::__construct();
$this->load->model('My_Model'); //Load the Model here
}
public function logged_in(){
if ($this->session->userdata('logged_in')){
//Now Load Only Model Method
$my_model = $this->MY_Model->update_last_active();
$my_model->update_last_active($this->session->userdata('user_id'));
return true;
} else {
return false;
}
}
You didn't load the model in the controller, load the model in my_controller
public function __construct(){
parent::__construct();
//load the model
$this->load->model('My_Model');
}
This should solve the issue. logged_in function too have some errors, try loading the model in the _construct() first
How do you implement in codeigniter access control? or exempt certain functions to be executed in your controller?
I am using ion_auth for my authentication system.
I use MY_Controller to check whether the user is logged in: where:
class MY_Controller extends CI_Controller {
public function __construct()
{
parent::__construct();
if(!$this->ion_auth->logged_in())
{
redirect('auth/login', 'refresh');
}
}
In my suggestion controller:
class Suggestion extends MY_Controller {
public function __construct()
{
parent::__construct();
$this->load->model('Suggestion_model', 'suggestion');
}
public function create()
{
//some codes
}
public function settings()
{
//some codes
}
}
Now my question is, how do I restrict each function to be accessed?
Let's say if you are a guest you are able to access
index.php/suggestion/create
and if you are admin, then you can access below controller
index.php/suggestion/settings.
but if not then you cannot access, please point me in the right direction. thank you.
Hey! I'm very new to Codeigniter, I'm trying to protect the entire admin controller. I figured I'd start here:
function Admin()
{
parent::Controller();
if(!isset($_SESSION['loggedin'])){
$this->login();
}
}
but this is obviously incomplete. How do I also stop the method that is trying to run ( ie index() ), and am I on the right track here??
Thanks for your help!!
there is
Extend the base controllers:
MY_Controller.php
<?php
class MY_Controller extends Controller {
function __construct()
{
parent::Controller();
$user_id = $this->session->userdata('user_id');
$this->data['user'] = $this->user_lib->get($user_id);
}
}
?>
you can store all kinds of info in this construct. This just gets the currently logged in users ID and assigns it the $data['user'] . This will be adjusted depending on which sort of auth library you use but you get the gist. You now have access to the current users ID, and all their details, from within any controller that extends "MY_Controller"
now you can create an "admin" controller, or any number of other ones to restrict access. like so:
Admin_Controller.php
<?php
class Admin_Controller extends MY_Controller {
function __construct()
{
parent::Controller();
if($this->data['user']['group'] !== 'admin')
{
show_error('Error - you need to be an admin.');
}
}
}
?>
Public_controller.php
<?php
class Public_Controller extends MY_Controller {
function __construct()
{
parent::Controller();
if($this->data['user']['group'] !== 'member')
{
show_error('You need to login to see this page...');
}
}
}
?>
as you can see..possibilities are endless
So, for admin only pages - use the admin controller
for member only pages - public
for "normal" pages - use the default controller.
I'll link to Phil Sturgeon's article as it's where I read about it first
put the checking session code in every function in Admin Controller that you want to protect.
that is the easiest way to do it..