Reputation: 159
How to restrict controller page from direct access from url in Codeigniter?
I have used several codes for restricting direct access of controller page from url, but its not happening. The below code in controller page is not preventing from direct url access. Is there any proper way to prevent from direct access from url?
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Cont extends CI_Controller
{
public function __construct()
{
parent ::__construct();
$this->load->model('test');
}
public function handle($function){
if($function=='abcd'){
$this->load->view('testpage');
}
}
}
Upvotes: 0
Views: 1295
Answers (4)
Reputation: 1
Codeigniter4: When a user hits the route path, it calls the function associated with it. With the exception of the login page, all pages should be restricted to the "unknown user"; when the "unknown user" tries to access any specific path, it will redirect to the login page. Use the below lines of codein your function:
if(!session()->get('isLoggedIn'))
return redirect()->to('/');
public function dashboard()
{
if(!session()->get('isLoggedIn'))
return redirect()->to('/login');
return view('dashboard');
}
Upvotes: 0
Reputation: 1501
From documentation
For the best security, both the system and any application folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn’t abide by the .htaccess.
If you want to prevent direct access to specific methods then you can try
public function _handle(){ //adding _ before the method name
}
Or
private function handle(){ //private functions cannot access by url
}
Upvotes: 0
Reputation: 1961
You can use HTTP_REFERER which holds the information(address) about the page that referred you to the current page, if it's empty you can redirect it to your 404 page. Also, you should always check for $_SESSION and redirect if not set.
if( !isset($_SERVER['HTTP_REFERER'])) {
$this->load->helper('url');
redirect('/page404');
}
Alternatively, you can also use HTTP_X_FORWARDED_FOR, but it won't help you in AJAX request. Read more about it here and here.
Upvotes: 1
Reputation: 1943
You can use _remap() function inside your Controller, where we can define where to route the method.
The following code blocks all method call to that controller.
function _remap($method)
{
return false;
}
See the DOC here
Upvotes: 0
Related Questions
- Prevent access controller methods directly from URL in Codeigniter
- Codeigniter - Restricting direct access to controller functions from URL call
- How To Prevent Direct Url Access In Codeigniter
- Prevent direct url access in codeigniter
- Codeigniter Restrict Admin Page via URL
- Codeigniter - stop direct access to a page
- Codeigniter: Remove controller from URL and disable access through the original path
- prevent accessing of controller directly from url which is in subdirectory in codeigniter
- Prevent GET access to some URI
- Only allow URL's specified in routes to be seen in Codeigniter