EllisLab text mark
Advanced Search
Modular Extensions - HMVC version 5.4 How to prevent direct Module Method access
Posted: 30 July 2012 07:31 PM
Joined: 2012-07-30
2 posts

Hi, I am a Newbie and have been using CI for a while, and have just started with HMVC. I have modified the files etc as in the Modular Extensions 5.4 (Bitbucket) and it works fine.

My question is?

I have just set up 2 modules Module: Base (originally the welcome one) and another Module: Register.

I am experimenting with running the Module register from within the base Module/view file thus:

<div id="container">
h1>Welcome to CodeIgniter!</h1>
div id="body">
p>The page you are looking at is being generated dynamically by CodeIgniter.</p>
p>If you would like to edit this page youll find it located at:</p>
p>The corresponding controller for this page is found at:</p>
p>If you are exploring CodeIgniter for the very first timeyou should start by reading the <a href="user_guide/">User Guide</a>.</p>
class="footer">Page rendered in <strong>{elapsed_time}</strongseconds</p>

php echo Modules::run('register/register/index'); ?>


As I understand it this is a view partial?

Which I can access with the url: http://localhost/CI-HMVC/index.php/ and it loads the base module fine and also the Register Module within it.

Now if I enter http://localhost/CI-HMVC/index.php/register I can also access the Register Module directly on its own, which of course looks bad as it is not loading any of the CSS etc of the base view.

Is there a way to prevent direct access to a Module Method unless it it is called/run from another Module, in this case ‘BASE’?

Here is the simple Register Module:

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

Register extends CI_Controller {

public function index()

Many thanks, Alan

Posted: 30 July 2012 08:03 PM   [ # 1 ]   [ Rating: 0 ]
Joined: 2011-02-23
882 posts

I think what you’re looking for is some solution like this (though I cannot confirm this is supported by Modules::run - but I’m guessing it should be wink )


ignited Community Framework (WiP)  |  Read the User’s Guide. It won’t bite.

STOP! Before posting your questions, remember the WWW Golden rule:
What did you try? What did you get? What did you expect to get?

CI example .htaccess

Posted: 31 July 2012 01:07 AM   [ # 2 ]   [ Rating: 0 ]
Joined: 2007-06-10
2937 posts

@spidersbite, Add a _remap() method to your module controller and use it to display an error.

This method is explained in the Bitbucket wiki.


URI Language Identifier | Modular Extensions - HMVC | View Object | Widget plugin | Access Control library

Posted: 31 July 2012 05:00 AM   [ # 3 ]   [ Rating: 0 ]
Joined: 2012-07-30
2 posts

@PhilTom and @wiredesignz many thanks for the advice, it was early hours in the uk so my brain was a bit fried.

I did try private function _ etc but it didn’t appear to solve the issue, I am assuming that Modules::run does not support it.

However just tried @PhilTom’s suggestion using _remap() and it appears to work, here is the modified module code:

function _remap()
echo 'No direct access allowed';

public function index()

So if I try now to access the module via URL: http://localhost/CI-HMVC/index.php/register_form
I get a warning message ‘No direct access allowed’.

But loading the module via the initial Controller/view:

<?php echo Modules::run ('register_form/register_form/index'); ?> 

loads the module correctly.

Even trying to load the module via URL: http://localhost/CI-HMVC/index.php/register_form/index and I still get the warning ‘No direct access allowed’.

So in my view _remap() Works a Treat!! grin

Many thanks again for the advice/info, I know my example was just a very simple one, but I was just getting started with HMVC and modules. (old age grin )


Posted: 09 August 2012 10:50 AM   [ # 4 ]   [ Rating: 0 ]
Joined: 2012-07-30
5 posts

Thank you!  This helped me smile

Posted: 25 May 2013 06:22 AM   [ # 5 ]   [ Rating: 0 ]
Joined: 2013-05-25
2 posts

you rock. i wanted to secure my widgets, finally got the solution.