我有一个控制器,它映射到我的网站的部分,其中的所有页面(方法)应该只在用户登录时出现.否则他们应该被重定向回登录屏幕.
为了让它工作,我刚刚完成了这个:
function index() {
if ($this->session->userdata('logged_in')) {
$this->load->view('main');
} else {
redirect('/login');
}
}
function archive() {
if ($this->session->userdata('logged_in')) {
等等......在每种方法中重复检查.对控制器中的多重或全部方法执行此检查的最简单方法是什么?
Wes*_*rch 45
您可以通过在方法中运行代码来在Controller的每个方法中运行代码__construct():
function __construct()
{
parent::__construct();
if ( ! $this->session->userdata('logged_in'))
{
// Allow some methods?
$allowed = array(
'some_method_in_this_controller',
'other_method_in_this_controller',
);
if ( ! in_array($this->router->fetch_method(), $allowed)
{
redirect('login');
}
}
}
如果要限制对整个事物的访问,可以删除"允许"位,但有更好的方法可以执行此操作,例如创建基本控制器:
// Create file application/core/MY_Controller.php
class Auth_Controller extends CI_Controller {
function __construct()
{
parent::__construct();
if ( ! $this->session->userdata('logged_in'))
{
redirect('login');
}
}
}
然后让你的受限制的控制器扩展Auth_Controller而不是CI_Controller.现在,每次加载控制器时都会运行代码.
有关扩展核心类的更多信息:http://www.codeigniter.com/user_guide/general/core_classes.html#extending-core-class
同样感兴趣的是:http://php.net/manual/en/language.oop5.decon.php
对于codeIgniter 3,我修改了Wesley Murch对此的回答
//创建文件application/core/MY_Controller.php
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class MY_Controller extends CI_Controller {
function __construct()
{
parent::__construct();
$CI = & get_instance();
$CI->load->library('session');
$CI->load->helper('url');
if ( !$this->session->userdata('logged_in'))
{
redirect('login');
}
}
}
然后在任何控制器中检查我使用的授权
class News扩展了MY_Controller {// code here}
如果您为网站用户和管理员用户使用模块和不同的会话,您可以使用此代码将它们完美地重定向到不同的登录页面 -
function __construct() {
parent::__construct();
$CI = & get_instance();
$CI->load->library('session');
$CI->load->helper('url');
// echo "<pre>";print_r($this->router);echo "</pre>";
/**
* if webmaster then check admin session else check user session
* But there may be some classes's method that doesn't requires login hence it is also need to check if
* current request is for those methods before checking session
*/
//to use $this->config->item('webmaster_name') this you have to define
// $config['webmaster_name'] = "webmaster"; in config.php file
if ($this->router->module == $this->config->item('webmaster_name')) {
if (!$this->session->userdata('admin')['id']) {
redirect($this->config->item('webmaster_name').'/login');
}
} else {
if (!$this->session->userdata('user')['id']) {
redirect('login');
}
}
}
如果您还希望用户允许从任何特定控制器访问某些方法而无需登录,则可以使用此代码 -
function __construct() {
parent::__construct();
$CI = & get_instance();
$CI->load->library('session');
$CI->load->helper('url');
//echo "<pre>"; print_r($this->router);echo "</pre>"; //_pr($this->config->item('excluded_auth'));
/**
* if webmaster then check admin session else check user session
* But there may be some classes's method that doesn't requires login hence it is also need to check if
* current request is for those methods before checking session
*/
if ($this->router->module == $this->config->item('webmaster_name')) {
if (!$this->session->userdata('admin')['id']) {
redirect($this->config->item('webmaster_name') . '/login');
}
} else {
if (array_key_exists($this->router->class, $this->config->item('exclude_auth')) && in_array($this->router->method, $this->config->item('exclude_auth')[$this->router->class])) {
//echo "escape this method. don not validate for a session";
} else {
if (!$this->session->userdata('user')['id']) {
redirect('login');
}
}
}
}
注意:您可以定义自定义配置文件,以定义排除的方法,如as-
//save file in application/config/without_auth_methods.php
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
$config['exclude_auth']['news'] = array('index', 'view');
$config['exclude_auth']['users'] = array('index');
| 归档时间: |
|
| 查看次数: |
44697 次 |
| 最近记录: |