Reputation: 179
Codeigniter: check for authorization before redirect to controller on routes
I am developing a web application with codeigniter and I need to check for an authorization before any route call a controller. I couldn't find any thing related to that on the documentation.
Someone has any ideas?
Upvotes: 0
Views: 2096
Answers (2)
Reputation: 11
You can create common controller "MY_Controller.php" and extend it with all the controllers.
Your config file should have the variable as $config['subclass_prefix'] = 'MY_';
In the config file you need to add following code to load all class files inside from core folder
function __autoload($class)
{
if(strpos($class, 'CI_') !== 0 && file_exists( APPPATH . 'core/'. $class . EXT )) {
include_once( APPPATH . 'core/'. $class . EXT );
}
}
- Create MY_Controller.php in application/core folder
Put the following code in MY_Controller.php
class MY_Controller
{
function __construct() {
$this->load->library('auth');
$login_check_uris = array(
'users/profile' // users -> controller name ; profile -> function name
);
// check against logged in
if (in_array(uri_string(), $login_check_uris)) {
if ($this->auth->logged_in() == FALSE) {
// check for ajax request
if ($this->input->is_ajax_request()) {
$return = array('status' => 0, 'msg' => 'Please login to perform this request.');
echo json_encode($return);
exit;
} else {
redirect('users/login'); // login url
}
}
} else if(uri_string() == 'users/login') {
// check if already login
if ($this->auth->logged_in()) {
redirect('users/profile'); // user profile page
}
}
}
}
- Inside $login_check_uris you have to put all your urls which need to be check against login.
- Then extend MY_Controller in all your controllers.
Upvotes: 1
Reputation: 340
Codeigniter have a solution for the same - it is known as hooks. They are like event handlers which are triggered on certain events like pre-controller / post-controller. You can refer to the document for such.
But what you need to do in your case - enable hooks in the config file.
$config['enable_hooks'] = TRUE;
Since you want something to be executed before the execution of controllers method, you can either hook to pre_controller or post_controller_constructor.
A Sample piece of code ofor you to refer to:
$hook['pre_controller'] = array(
'class' => 'Security',
'function' => 'checkForSecurity',
'filename' => 'Security.php',
'filepath' => 'hooks'
);
What you need to do in here - now you need to create a file - Security.php in folder (hooks). In that, define a class Security with method - checkForSecurity.
Here, what you can do is - do your authorization before allowing any user to pass further. If you got any user who is not authorized to access a certain area of controller you wish to restrict, you can just redirect the user to login page or you can throw and error page to the user.
Happy Coding :)
Upvotes: 2
Related Questions
- Codeigniter authentication before every controller and action
- Laravel - Redirect to login if not authorised, even is route is not registered
- Load a controller if authorized
- Laravel redirect if authenticated
- allow authentication for a specific controller in codeigniter using .htaccess
- Custom authorization check before executing controller
- CodeIgniter and htaccess - Protect a specific controller and its methods via AuthType?
- CodeIgniter only allow access to certain controllers when logged in
- Redirect to a url when not authorised
- CodeIgniter: routing & authentication