-1

im trying to use codeigniter to create a simple website that involve user restricted areas,

and was wondering how can i design my log in controller so that on every page it load a controller that check if this user is allowed in this page/allow to execute that function.

Question:

  1. how can i autoload this login function at every page.
  2. what is the proper secure logic to check for if user is allowed to do this function ? noting that i have 3 different user types, 1.admin 2.secretary 3.worker so how can i assign functions to there owner ? "admin should be able to assign access to other 2 types"

i have completed my project but i have 0 experience with this login user access control thing so any advice will be appreciated

Zalaboza
  • 8,899
  • 16
  • 77
  • 142
  • 1
    Did you do a google search for "codeigniter auth library" - http://blog.pisyek.com/2011/11/5-best-authentication-libraries-for-codeigniter/ – Kai Qing Dec 04 '12 at 20:02
  • @kai wow i didnt know that, its my first day with codeigniter didnt know it have a custome already existing libraries.. ty very much i will check it now, how it allow access control – Zalaboza Dec 04 '12 at 20:09
  • Yeah, CI has a ton of existing libraries. In most cases you can just google search "codeigniter" and any need you have. There's usually an answer – Kai Qing Dec 04 '12 at 20:11
  • check this as well http://stackoverflow.com/questions/13636336/what-is-proper-way-to-secure-codeigniter-2-application-with-authentication/13655596#13655596 – cartalot Dec 04 '12 at 23:15

1 Answers1

1

You should take a look at the "MY_Controller". Basically, you create a file called MY_Controller.php and place it in application/core (http://ellislab.com/codeigniter/user-guide/general/core_classes.html)

You place a class in this file called MY_Controller that extends CI_Controller

class MY_Controller extends CI_Controller {
    public function __construct() {
        parent::__construct();
        //check if your user is logged in here
    }
}

The construct above will be called first before any other controller methods are invoked. So you can check to see if the user is logged in, and if not, redirect to your login form.

There are a lot of different auth libraries that will likely help you with your second question. Check those out and they may help you (don't remember any off the top of my head, but I know you have options).

Greg
  • 6,453
  • 9
  • 45
  • 61
  • 1
    Good point, you want to make sure he realizes his regular controllers need to extend MY_Controller now not Controller and personally I'd create a User_controller which extends MY_controller and keep MY_controller for functions that the entire site can use. That way he can build functionality for the whole site and keep the user controller to do user specific functions. – Rick Calder Dec 04 '12 at 22:44
  • What Rick said. Sounds like a solid organizational strategy. – Greg Dec 05 '12 at 20:43