Example with taking user back to referring URL after login prompt / Forums / Community / EllisLab

Forum Logo

Example with taking user back to referring URL after login prompt

stevefink

Posted: 06 September 2007 02:44 PM

[ Ignore ]

Joined: 2007-08-09
239 posts

Hope I’m elaborating on what I’m trying to do properly.

I’m looking for an elegant way for say when a user accesses:

http://foo/login/bar , this requires a validated $_SESSION, so it redirects them back to,

http://foo/login ..

After a successful login, should I just check for something like $_POST[‘referrer_url’] and refer them back to there afterwards? I’d like the user to be able to get back to http://foo/login/bar instead of say http://foo/login/success_login_landing_page

Hope that makes sense.

Cheers!

- sf

alexsancho

Posted: 06 September 2007 03:46 PM

[ Ignore ] [ # 1 ] [ Rating: 0 ]

Joined: 2007-05-30
46 posts

Take a look at http://ellislab.com/forums/viewthread/58091/

Signature

Alex Sancho
Personal Weblog
Web Studio

thurting

Posted: 06 September 2007 03:49 PM

[ Ignore ] [ # 2 ] [ Rating: 0 ]

Joined: 2007-03-12
226 posts

Here you go… should help you get going

First, extend Controller and use this as the parent class for all controllers that need security. Something like below would work - I would stick it in app/libraries - PHP5:

<?php  if (!defined('BASEPATH')) exit('<h1>Forbidden</h1>');

class Admin_Controller extends Controller
{
  const ACCESS_ID = 'admin_id';
  const LOGIN_URL = 'login';

  public function __construct ()
  {
    parent::Controller();
  }

  static function _authorizeAdmin ()
  {
    // IF not admin, redirect to login
    if (!isset($_SESSION[self::ACCESS_ID]))
    {
      redirect(self::LOGIN_URL);
    }
  }
}

?> 

Then create a controller to use it - something like the following - notice the calling of _authorizeAdmin() - if you call this in the constructor method of an inheriting controller, that controller will have security - the below example loads a model called admin_model and calls an authenticate method to process login - I didn’t include this in the post and you can write it yourself:

<?php

require_once(APPPATH . '/libraries/admin_controller.php');

class Index extends Admin_Controller 
{
  public function __construct ()
  {
    parent::__construct();
    $this->load->model('admin_model');
  }
    
  public function index ()
  {
    self::_authorizeAdmin();
    //load view
  }
    
  public function login ()
  {
    // IF logged in, logout and alert user
    if (isset($_SESSION[self::ACCESS_ID]))
    {
     unset($_SESSION[self::ACCESS_ID]);
     // user logged out
    }
        
    // IF POST, authenticate -> IF valid, set session and redirect :: ELSE, alert user
    if ($_SERVER['REQUEST_METHOD'] == 'POST')
    {
      $user = $this->admin_model->authenticate($_POST['username'], $_POST['password']);
            
      if ($user)
      {
        $_SESSION[self::ACCESS_ID] = $user->id;
        // redirect to secure page
      }
      else
      {
        // failed login attempt - maybe create a message for user
      }
    }
        
    // load login view
  }
    
  public function logout ()
  {
    self::_authorizeAdmin();
        
    // logout
    unset($_SESSION[self::ACCESS_ID]);
        
    // redirect to login
    redirect(self::LOGIN_URL);
  }
}
    
?> 

Just to clarify, any controller that inherits from Admin_Controller can have security enabled like so:

<?php

require_once(APPPATH . '/libraries/admin_controller.php');

class Index extends Admin_Controller 
{
  public function __construct ()
  {
    parent::__construct();
    // the below line acts as a gatekeeper
    self::_authorizeAdmin();
  }
} 

stevefink

Posted: 06 September 2007 04:28 PM

[ Ignore ] [ # 3 ] [ Rating: 0 ]

Joined: 2007-08-09
239 posts

Thanks folks. I’ve bookmarked the results. I wasn’t sure how to properly search the topic when I was originally looking for an answer. My lingo has been slacking!

- sf