[英]Restricting access in Codeigniter
To restrict access to pages one can check like below, 要限制对页面的访问,可以像下面一样检查,
//This code is written on every page accessed by admin. Like, products.php, categories.php
if( !isset($_SESSION['admin_id'])) {
header('Location: admin/login.php');
exit();
}
What is the equivalent of the above code in Codeigniter, if i want to restrict access to every methods of the controller? 如果我想限制对控制器的每个方法的访问,那么Codeigniter中上述代码的等价物是什么?
can i check for session in constructor like below? 我可以在下面的构造函数中检查会话吗?
//products.php
class Products extends CI_Controller {
public function __construct();
if( !isset($_SESSION['admin_id'])) {
redirect('admin/login.php');
}
}
//categories.php
class Categories extends CI_Controller {
public function __construct();
if( !isset($_SESSION['admin_id'])) {
redirect('admin/login.php');
}
}
a Simple way I usually use. 我通常使用的简单方法。
Create a controller in application/core
as Admin_Controller.php
and Extend it from the base controller, CI_Controller
as, 在application/core
创建一个控制器作为Admin_Controller.php
并从基本控制器CI_Controller
扩展它,
/* application/core/Admin_Controller.php */
class Admin_Controller extends CI_Controller
{
protected $calledClass ;
protected $calledMethod;
protected $isAuthException;
public function __construct()
{
parent::__construct();
$this->load->library("router");
/*
add the controllers and the methods which don't need auth check.
This is to assign any controller and it's methods to skip the auth
check.
Format : "{CONTROLLER}" => "{A METHOD}", "{Another METHOD}",
*/
$authExceptions = array(
"admin" => array("login", "logout")
);
$this->calledClass = $this->router->fetch_class();
$this->calledMethod = $this->router->fetch_method();
$this->isAuthException = array_key_exists($this->calledClass,$authExceptions) && in_array($this->calledMethod, $authExceptions[$this->calledClass]);
if(!$this->isAuthException && !isset($this->session->userdata('admin_id')))
{
redirect('admin/login.php');
}
}
}
Then, Extend your other admin related controllers from Admin_Controller.php
as, 然后,从Admin_Controller.php
扩展您的其他管理相关控制器,
// application/controllers/products.php
class Products extends Admin_Controller {
public function __construct();
}
// application/controllers/categories.php
class Categories extends Admin_Controller {
public function __construct();
}
Now, you don't need to check in every __contructor()
method whether admin or not. 现在,您无需检查每个__contructor()
方法是否为admin。 Also some methods such as login , logout which don't need auth check will be skipped. 还会跳过一些不需要验证检查的登录 , 注销等方法。
Hope this helps :) 希望这可以帮助 :)
In some cases, the simpler, the better 在某些情况下,越简单越好
class Admin_Controller extends CI_Controller {
public function __construct(){
parent::__construct();
if(!$this->verify_admin_level()){
redirect("home/block");
}
}
private function verify_admin_level(){
return $this->session->userdata("isAdmin");
}
}
The home/block just shows the message: You must login as admin to access the required functionality 主页/块只显示消息:您必须以管理员身份登录才能访问所需的功能
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.