CODEWITHSUNDEEP
phpcodeignitercodeigniter-url
Linesofcode
Linesofcode

Reputation: 5903

CodeIgniter disallow URL if not in route

This is my folder structure.

|--Application
|-----Controllers
|--------Dashboard.php
|--------Projects.php
|-----Models
|--------dashboardModel.php
|--------projectsModel.php
|-----Views
|--------dashboard (folder)
|-----------index.php
|-----------projects (folder)
|--------------add.php
|--------------index.php

Now, in my route file I have the following:

$route['default_controller']  = "dashboard";

$route['dashboard/projects']        = "projects";
$route['dashboard/projects/add']    = "projects/add";

Now the problem: if I type in the url http://myproject/dashboard/projects it works AND if I type http://myproject/projects it also works..how do I deny the second url?

Upvotes: 1

Views: 2151

Answers (2)

Raggamuffin
Raggamuffin

Reputation: 1760

Codeigniter URL mapping / routing works on the following process:

  • Does an exact match for the URI exist in the routes array?
  • Does a regex exist in the route array which matches the request?
  • Try route to a controller matching the request using map: "controller[/method[/params]]"

So there is no setting to switch to stop it from routing to the last one...

you must extend the Router with a custom one like so:

in application/core/ create a file called MY_Router.php this will house your custom router, and it will look something like this:

class My_Router extends CI_Router {
    function _parse_routes()
    {
        // Turn the segment array into a URI string
        $uri = implode('/', $this->uri->segments);

        // Is there a literal match?  If so we're done
        if (isset($this->routes[$uri]))
        {
            return $this->_set_request(explode('/', $this->routes[$uri]));
        }

        // Loop through the route array looking for wild-cards
        foreach ($this->routes as $key => $val)
        {
            // Convert wild-cards to RegEx
            $key = str_replace(':any', '.+', str_replace(':num', '[0-9]+', $key));

            // Does the RegEx match?
            if (preg_match('#^'.$key.'$#', $uri))
            {
                // Do we have a back-reference?
                if (strpos($val, '$') !== FALSE AND strpos($key, '(') !== FALSE)
                {
                    $val = preg_replace('#^'.$key.'$#', $val, $uri);
                }

                return $this->_set_request(explode('/', $val));
            }
        }

        // INSTEAD show 404..
        if (count($this->uri->segments) !== 0) {
            show_404();
        }
        else {
            // If we got this far it means we didn't encounter a
            // matching route so we'll set the site default route
            $this->_set_request($this->uri->segments);
        }
    }
}

the name of your class depends on what the subclass_prefix config variable is set to (by default its MY_ but you may have changed it..

Upvotes: 2

Rob Wittman
Rob Wittman

Reputation: 31

I know it's been a year, but wanted to post for anyone else looking for an easier option.

You can always put something along these lines at the bottom of config/routes.php. It'll catch any routes that haven't been picked up by a filter, and send them to where you specify. /auth/invalid generates a standard error message and returns it.

This allows me to whitelist URLs, so users cant access controllers in a way i might not plan for.

$route['(:any)/(:any)/(:any)/(:any)'] = '/auth/invalid';
$route['(:any)/(:any)/(:any)'] = '/auth/invalid';
$route['(:any)/(:any)'] = '/auth/invalid';
$route['(:any)'] = '/auth/invalid';

Upvotes: 3

Related Questions