如何使用会话限制访问控制器的功能 - codeIgniter [英] How to restrict access to controllers functions using sessions - CodeIgniter
问题描述
我在那里有两个控制器(用户和家庭)的应用程序。用户控制器执行如注册用户和输入/输出记录他们,而家居控制器使用,一旦用户通过验证来执行的操作动作。
I made an application where there are two controllers (user and home). The user controller performs actions such as registering a user and logging them in/out, while the home controller is used to perform actions once the user is authenticated.
我发现SO这样的回答:<一href=\"http://stackoverflow.com/questions/3819275/what-is-the-best-practice-for-restricting-specific-pages-to-logged-in-users-only\">What对限制特定页面登录的用户只在codeigniter最好的做法?
I found this answer on SO: What is the best practice for restricting specific pages to logged in users only in Codeigniter?
不过,我看到一个会话值的验证在一个单独的,定制的控制器进行。我想知道为什么这是必要的吗?
But I saw that the verifying of a session value is performed in a separate, custom controller. I was wondering why that's necessary?
在我家的控制器,我有检查,看看一个项目会话值是否设置为真正,并允许用户在家里提供的功能函数控制器,否则重定向他们回到它加载登录视图用户控制器指数法。该功能称为在家里控制器像这样的构造:
In my home controller, I have a function that checks to see whether a session value for an item is set to true and allow the user the functionality provided in the home controller, otherwise redirect them back to the user controllers index method which loads the login view. This function is called in the constructor of the home controller like so:
public function __construct()
{
parent::__construct();
$this->is_loggedIn();
}
public function is_loggedIn()
{
$check_login = $this->session->userdata('isLoggedIn');
if(!isset($check_login) || $check_login != 1)
{
redirect('user');
}
}
这个伟大的工程;除非它们认证的用户是不允许的家用控制器内访问页/功能。
This works great; the user is not allowed access to pages/functions within the home controller unless they are authenticated.
然而,这不是对我的用户控制器内的功能的情况。如果我登录,然后注销,我仍然可以在用户控制器内访问函数,即本地主机/站点名/用户/即使我退出,不应该能够访问这些功能注册。他们应该重定向到登录页面(用户控制器指数法),而不是,而是允许用户携带在用户控制器使用的功能。
However, this isn't the case for functions within my user controller. If I login and then logout, I can still access a function within the user controller i.e. localhost/sitename/user/register even though I've logged out and shouldn't be able to access such functions. They should redirect to the login page (user controllers index method) instead, but instead allow the user to carry on using the functions in the user controller.
我试过包括用户控制器内上述is_loggedin()函数来检查用户的会话是否有效,并呼吁从用户控制器的构造函数,但我结束了一个重定向循环(理应如此)。
I tried including the above is_loggedin() function inside the user controller to check whether the users session is valid and call the function from the user controllers constructor, but I ended up with a redirect loop (rightfully so).
所以我想这将是多么有可能禁止访问用户控制器的功能,当用户没有通过验证。
So I was wondering how it would be possible to disallow access to the user controllers functions when the user is not authenticated.
我想过的另一种方式是包括在每个用户控制器内的功能is_loggedin()函数,但我不知道是否有这样做一个更清洁的方式。现在这是我临时的解决办法。请让我知道如果有一个更面向对象的友好的方式
Another way I've thought of is to include the is_loggedin() function in each of the functions within the user controller, but I was wondering if there was a cleaner way to do this. For now this is my temporary fix. Please let me know if there is a more OOP friendly way
推荐答案
您应该只检查会话=== FALSE。
You should only check if the session === FALSE.
public function __construct()
{
parent::__construct();
$this->is_loggedIn();
}
public function is_loggedIn()
{
$check_login = $this->session->userdata('isLoggedIn');
if($check_login === FALSE)
{
redirect('user');
}
}
要确保当用户注销删除isLoggedIn。
Be sure to delete isLoggedIn when the user logs out.
$this->session->unset_userdata('isLoggedIn');
这篇关于如何使用会话限制访问控制器的功能 - codeIgniter的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
