{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 啃猪蹄的小仙女 的问题《How to restrict access to controllers functions us》','https://www.manongdao.com/q-969274.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I made an application where there are two controllers (user and home). The user controller performs actions such as registering a user and logging them in/out, while the home controller is used to perform actions once the user is authenticated.
I found this answer on SO: What is the best practice for restricting specific pages to logged in users only in Codeigniter?
But I saw that the verifying of a session value is performed in a separate, custom controller. I was wondering why that's necessary?
In my home controller, I have a function that checks to see whether a session value for an item is set to true and allow the user the functionality provided in the home controller, otherwise redirect them back to the user controllers index method which loads the login view. This function is called in the constructor of the home controller like so:
public function __construct()
{
parent::__construct();
$this->is_loggedIn();
}
public function is_loggedIn()
{
$check_login = $this->session->userdata('isLoggedIn');
if(!isset($check_login) || $check_login != 1)
{
redirect('user');
}
}
This works great; the user is not allowed access to pages/functions within the home controller unless they are authenticated.
However, this isn't the case for functions within my user controller. If I login and then logout, I can still access a function within the user controller i.e. localhost/sitename/user/register even though I've logged out and shouldn't be able to access such functions. They should redirect to the login page (user controllers index method) instead, but instead allow the user to carry on using the functions in the user controller.
I tried including the above is_loggedin() function inside the user controller to check whether the users session is valid and call the function from the user controllers constructor, but I ended up with a redirect loop (rightfully so).
So I was wondering how it would be possible to disallow access to the user controllers functions when the user is not authenticated.
Another way I've thought of is to include the is_loggedin() function in each of the functions within the user controller, but I was wondering if there was a cleaner way to do this. For now this is my temporary fix. Please let me know if there is a more OOP friendly way
You should only check if the session === FALSE.
Be sure to delete isLoggedIn when the user logs out.