Home/ Questions/Q 8562375
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T16:43:00+00:00

I have authenticated users using code igniter successfully, but now if users type in

  • 0

I have authenticated users using code igniter successfully, but now if users type in the route to one the methods in one of my controllers, they can access it without logging in.

I would like to stop this access to users which havent logged in preferably without using a 3rd party User Auth Plugin.

I have this model code:

function login(){
    $data = array(
        'username' => $this->input->post('username'),
        'logged_in' => TRUE
    );
    $this->session->set_userdata($data);
} //function login()
function logged_in(){
    if($this->session->userdata('logged_in') == TRUE)
    {
        return TRUE;
    }
    return FALSE;
} //function logged in()

I have this controller code:

    function index($condition = FALSE){
    if($this->admin_model->logged_in() === TRUE)
    {
        $this->books_page(TRUE);
    }
    else
    {
        $data = $this->style_model->admin_area();
        $data['page_intro'] = 'Oops! Sorry, you must be logged in to view this page.';
        $this->load->view('admin/not_logged_in', $data);
    }
} //function index()
    function books_page(){
        $data = $this->style_model->admin_area();
        $data['category_query'] = $this->admin_books_model->get_book_categories();
        $data['page_title'] = 'Books';
        $data['query'] = $this->admin_books_model->get_books();         
        $this->load->view('admin/books/books_admin', $data);
    }    //function books_page()

Users who have not logged in cannot access the books method but any other methods after this they can access, i simply want to stop that access and pass them the error page informing them that they have to login.

Thanks in advance,
Tom

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The best way is to split your logic into two (or more) controllers.

    • A ‘front end’ controller – where the user does not need to be logged
      in for ANY of it
    • A ‘back end’ controller(s) – where the user MUST be
      logged in for ALL of it

    In your backend controller just do this

    class Backend extends CI_Controller 
{
    public function  __construct()
    {
        parent::__construct();
        if( ! ($this->admin_model->logged_in())
        {
            // Not logged in - so force them away
            redirect ('place login page here');
       }
    }
 }

    Then EVERYTHING in backend controller is protected.

    To take this concept further – look into using a MY_Controller and get all your backend controllers to extend from this.

    • 0