3

I have authenticated users using code igniter successfully, but now if users type in the route to one the methods in one of my controllers, they can access it without logging in.

I would like to stop this access to users which havent logged in preferably without using a 3rd party User Auth Plugin.

I have this model code:

function login(){
    $data = array(
        'username' => $this->input->post('username'),
        'logged_in' => TRUE
    );
    $this->session->set_userdata($data);
} //function login()
function logged_in(){
    if($this->session->userdata('logged_in') == TRUE)
    {
        return TRUE;
    }
    return FALSE;
} //function logged in()

I have this controller code:

    function index($condition = FALSE){
    if($this->admin_model->logged_in() === TRUE)
    {
        $this->books_page(TRUE);
    }
    else
    {
        $data = $this->style_model->admin_area();
        $data['page_intro'] = 'Oops! Sorry, you must be logged in to view this page.';
        $this->load->view('admin/not_logged_in', $data);
    }
} //function index()
    function books_page(){
        $data = $this->style_model->admin_area();
        $data['category_query'] = $this->admin_books_model->get_book_categories();
        $data['page_title'] = 'Books';
        $data['query'] = $this->admin_books_model->get_books();         
        $this->load->view('admin/books/books_admin', $data);
    }    //function books_page()

Users who have not logged in cannot access the books method but any other methods after this they can access, i simply want to stop that access and pass them the error page informing them that they have to login.

Thanks in advance, Tom

Improve this question
1
  • 3
    Just as a thought, you might consider getting into TankAuth for CodeIgniter. It's so secure and makes life very easy once you learn it. FWIW. Commented Sep 7, 2012 at 12:32

3 Answers 3

Reset to default
4

The best way is to split your logic into two (or more) controllers.

  • A 'front end' controller - where the user does not need to be logged in for ANY of it
  • A 'back end' controller(s) - where the user MUST be logged in for ALL of it

In your backend controller just do this

class Backend extends CI_Controller 
{
    public function  __construct()
    {
        parent::__construct();
        if( ! ($this->admin_model->logged_in())
        {
            // Not logged in - so force them away
            redirect ('place login page here');
       }
    }
 }

Then EVERYTHING in backend controller is protected.

To take this concept further - look into using a MY_Controller and get all your backend controllers to extend from this.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Hi everyone thank you for your help I really appreciate it, at first I tried the answer from Slave and this worked perfectly however I liked the idea of using the MY_Controller class (TheShiftExchange Answer) because it is more efficient and uses less code (not repeating). I did some research on this and now I have it working, thanks again everyone really appreciate it.
1

Either I misunderstood your question, or the solution is very simple. 

function books_page() {
   if(!$this->admin_model->logged_in()) {
      redirect('auth/login'); ## OR $this->load->view("error_page"); exit();
   }
   ## All your code, etc.
}
Improve this answer

Comments

1

I would declare a variable on top of the controller like this:

private $logged_in = false;

Then in the constructor I would initialise it like so:

$this->logged_in = $this->session->userdata('logged_in');

Then you can disable the access to desired methods (or the complete controller if you put your check in the constructor):

if($this->logged_in)
{
   //do stuff
}
else
{
   redirect(base_url().'login');
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.