-
Notifications
You must be signed in to change notification settings - Fork 7.6k
IgnitionKeys
I was needing something to use for keeping parts of my website away from the general public. So this is what I came up with and decided to give it back to an awesome community. This is a hook to authenticate and authorize people do make use of specific controllers/methods.
Here are the files that need to be changed or created.
Set your encryption key & enable session encryption. I also suggest enabling the store sessions in database.
[pre] <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
$hook['post_controller_constructor'] = array( 'class' => 'Ignitionkeys', 'function' => 'index', 'filename' => 'Ignitionkeys.php', 'filepath' => 'hooks' );
/* End of file hooks.php / / Location: ./system/application/config/hooks.php */ [/pre]
Here is the class that does all the work.
[pre] <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Ignitionkeys {
var $CI;
var $lang;
function Ignitionkeys() {
$this->CI =& get_instance();
if ( ! in_array('ignitionkeys_lang'.EXT, $this->CI->lang->is_loaded, TRUE))
{
$this->CI->lang->load('ignitionkeys');
}
if (!isset($this->CI->session)) {
$this->CI->load->library('session');
}
$this->CI->load->model('ignitionkeys_users', 'users');
$this->CI->load->helper('form');
$this->CI->load->helper('url');
log_message('debug', "Ignitionkeys Class Initialized");
}
function index() {
if ($this->CI->input->post('login')) {
$this->loginUser();
}
if ($this->CI->input->post('logout')) {
$this->logoutUser();
}
if (!isset($this->CI->keyLevel))
return;
if (is_array($this->CI->keyLevel)) {
if (isset($this->CI->keyLevel[$this->CI->uri->rsegment(2)])) {
$keyLevel = $this->CI->keyLevel[$this->CI->uri->rsegment(2)];
} else {
$keyLevel = 0;
}
} elseif (is_int($this->CI->keyLevel)) {
$keyLevel = $this->CI->keyLevel;
} else {
$keyLevel = 0;
}
if ($keyLevel == 0)
return;
if ($this->CI->session->userdata('keyLevel')) {
if ($this->CI->session->userdata('keyLevel') < $keyLevel) {
$this->showLogin('error_notauthorized');
}
} else {
$this->showLogin('error_loginrequired');
}
}
function loginUser() {
if ($user = $this->CI->users->get($this->CI->input->post('username'))) {
if ($user['password'] == $this->CI->input->post('password')) {
$this->CI->session->set_userdata('keyLevel', $user['keyLevel']);
$this->CI->session->set_userdata('username',
$this->CI->input->post('username'));
return;
}
}
$this->showLogin('error_baduserpass');
}
function logoutUser() {
$this->session->sess_destroy();
redirect();
}
function showLogin($errorKey='default') {
$this->CI->load->view('ignitionkeys_login',
array('error' => $this->CI->lang->line($errorKey)));
echo $this->CI->output->get_output();
exit();
}
} [/pre]
As you can see this is the default controller that comes with the framework. In order to create a controller that requires authentication you simply add the class variable $keyLevel and set it inside your construct to the level you wish to have.
[pre] <?php
class Welcome extends Controller {
var $keyLevel;
function Welcome()
{
parent::Controller();
$this->keyLevel = array('index ' => 5);
}
function index()
{
$this->load->view('welcome_message');
}
}
/* End of file welcome.php / / Location: ./system/application/controllers/welcome.php */ [/pre]
The language file has just three entries as I didn't need any more then that. I thought of keeping it in the code... but I just know someone would say something about putting it in a language file... so I beat you to the punch!
[pre] <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); $lang['error_baduserpass'] = "That Username or Password is incorrect."; $lang['error_notauthorized'] = "You are not authorized to perform this action."; $lang['error_loginrequired'] = "Login Required"; [/pre]
[quote]As I am making use of levels, rather then individual ACLs I simply place them in an array. If you have a need to track what a user is doing, you can make a change to the model class to pull the information from a database, so that you have the username of each user. Along with other information you may wish. This feature just wasn't needed by my requirements.[/quote]
[pre] <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Ignitionkeys_users extends Model {
var $keys;
function Ignitionkeys_users() {
$this->keys['admin'] = array('password' => 'admin', 'keyLevel' => 99);
$this->keys['mod'] = array('password' => 'mod', 'keyLevel' => 2);
$this->keys['user'] = array('password' => 'user', 'keyLevel' => 1);
}
function get($username) {
if (isset($this->keys[$username])) {
return $this->keys[$username];
} else {
return FALSE;
}
}
} [/pre]
This is a VERY simple login form. Take special note of the hidden field. This is how the hook knows that you are trying to submit a login form and not some other form! What is not show here is how to log out. In order to do that you will want to submit a form with just a hidden field that has the name of logout.
[pre]
<html > <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Ignitionkeys Login</title>
</head>
<body>
<?=$error?>
<?=form_open(site_url())?>
Username:<input type="text" name="username" /> </input></label>
Password:<input type="password" name="password" /> </input></label>
<input type="hidden" name="login" value="TRUE" />
<input type="submit" name="submit">
</form>
</body> </html> [/pre]