Dynamic Redirect After Login In Codeigniter

Return to the page you were viewing after accessing a login page

codeigniter,php,authentication,sessions

Codeigniter provides all of the tools you might need to implement authentication on your website, but it would be a lot of work to create login pages, a user management system, a forgot my password feature, etc. Luckily, Ben Edmunds has developed a great third party authentication system for codeigniter called ion auth which is about as close to plug and play as it gets. The only thing I found necessary to do afterward was to create some method of sending unauthenticated users who access a password protected page to the login screen, and then redirect them back to whatever page they were trying to view previously after successfully logging in.

Here's some brief instructions on how to get Ion set up and configure the redirects.

The github page for Ion Auth has everything you need to know about installing it. Just copy the files to the appropriate directories in codeigniter (make sure not to overwrite any existing folders), and then just copy the appropriate sql from the SQL folder in the github repo (use ion_auth.sql if you're running a mysql database), and paste it into the SQL command prompt in your database to build the necessary tables for ion auth. Take note that if you're using codeigniter 3 you'll need to rename a couple files.

You may additionally want to add a route to your routes.php file that redirects http://site.com/auth to the auth/index view of the auth controller:

$route['auth'] = 'auth';

Now just head to http://site.com/auth and you should be automatically redirected to the auth/login view. Until you create additional admins, your login will be:

Username: admin@admin.com
Password: password

As a next step, you may want to pretty up these views in the auth folder with some of your own css. In my case, that meant just adding my own header and footer into the views, which I did by adding the following code to each view file (ex: login.php):


load->view('templates/admin-header'); ?>

where 'templates/admin-header' would be replaced by the location of your own template header file.

Next, how to password protect an existing page in your site.

Well, assuming you are using MVC architecture and all of your logic is in your controllers, head to the desired controller and insert a check for whether a user is an admin. In my case, I might head to the "Pages" controller, and in the index function, I could add the following:


if (!$this->ion_auth->logged_in()) //visitor is not logged in as either user or admin
{
    // redirect them to the login page
    redirect('auth/login', 'refresh');
}
elseif (!$this->ion_auth->is_admin()) //user is not an admin, do the following:
{
    // redirect them to the home page because they must be an administrator to view this
    return show_error('You must be an administrator to view this page.');
}
else
{
  //user is an admin, paste the rest of the code you would normally have in this function here
}

So, that works to keep people out of your pages who aren't logged in, but how to send them to the login screen and then back to this page after login? Codeigniter has something called flash data which allows you to store session data that exists only until your next request, and then disappears. So, instead of the code above, we are going to first store in flash data the path to the page the person is trying to access, and then redirect them to the login screen:


if (!$this->ion_auth->is_admin()){
    $refer_path = $this->uri->uri_string(); //get the path
    $this->session->set_flashdata('referrer', $refer_path); //store the path
    return redirect('auth/login'); //send unauthenticated users to the login page
} else {
  //do the normal things you would do in this function
}

and then in our auth controller, in the login function, we modify it to include the following:


function login(){
  $this->session->keep_flashdata('referrer'); //add this line
We need this because, when we run form validation, we will lose our flash data, because it's only available for the next request. The line above tells codeigniter to hang on to it for one more request. Then, we modify the rest of the auth/login() function as follows:

if ($this->form_validation->run() == true)
{ //inside this function

    ...

    if ($this->ion_auth->login($this->input->post('identity'), $this->input->post('password'), $remember))
    {
        $referrer = $this->session->flashdata('referrer'); //add this
        redirect ($referrer); //add this
    }

}

Here we're just saying: if the user is logged in, grab the path they were at from flash data, and redirect them to that controller / function.

That's all there is to it.