In view i have two folders pages, templates. Inside pages i have two folders nonmember and member. Inside templates i have header.php and footer.php. In nonmember folder i have a notification file, email_notification.php, along with other files like home.php, about.php etc.
pages are being generated dynamically using the following function
public function index(){
$this->nonmember();
}
public function nonmember($page = 'home'){
if (! file_exists(APPPATH.'views/pages/nonmember/'.$page.'.php')) {
show_404();
}
$data['title'] = ucfirst($page);
$this->load->view('templates/header', $data);
$this->load->view('pages/nonmember/'.$page, $data);
$this->load->view('templates/footer', $data);
}
And calling it in for showing login page or registration page
public function registration(){
//validation rules
if($this->form_validation->run()){
//add user to a temporary table
//send an email with an activation code
$this->nonmember('email_notification');
//that view says click the link in email for activating account
}else{
$this->nonmember('registration');
}
}
Problem is that email_notification view can also be accessed via url, which is not desirable. How do i prevent email_notification from direct access? like if user try to access it using url i want to redirect them back to home page, or show_error() ?
As James Lalor already mentioned about using session which is a good solution. What i have done is just before $this->nonmember('email_notification');
i'm creating a session using
$this->session->set_userdata('email_notification' => 1);
And in the nonmember function i'm just checking if that session is set to 1 or not.
if ($page == 'email_notification' && $this->session->userdata('email_notification') != 1) {
redirect($this->agent->referrer());
}
Later when user activate their account i'm destroying the session
To prevent navigation to the file of the view, i.e. http://[application_root]/application/views/pages/nonmember/email_notification.php
you can use the following snippet at the beginning of your CodeIgniter file:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
If, instead, you're trying to prevent web access to your controller action that shows this page, then there are CLI utilities which you can use: Codeigniter 2 restrict controller to command line
just make it a "private" method. you can use the keyword private (similar to putting the word public before the method) -- and codeigniter lets you create a private method with just an underscore before the method name
function index(){
$this->_nonmember();
}
function _nonmember($page = 'home'){
… etc etc
many advantages - the private method name is not exposed, and you can can change the method name later if needed
function index(){
$this->_someNewNonMemberMethod();
}
but for the user its exactly the same.
======== Edit
well theres many different solutions and its up to how you want to design your application. Like one consideration would be having separate controllers for members and non members. But for the code you posted, you already have a separate method for registration so the quickest would be to create a quick private method for the email view if you don't want that exposed.
public function registration(){
//validation rules
if($this->form_validation->run()){
//add user to a temporary table
//send an email with an activation code
// make this method private
$this->_nonmemberEmailNotify() ;