diff options
| author | Frédéric Guillot <contact@fredericguillot.com> | 2014-02-08 18:14:32 -0500 |
|---|---|---|
| committer | Frédéric Guillot <contact@fredericguillot.com> | 2014-02-08 18:14:32 -0500 |
| commit | a3f365a32458d34efbc25df32fa224ae69882d77 (patch) | |
| tree | 4cf18d66574b9f6c15852999fbd13500587c108f | |
| parent | f93ce1fd7fca1a7229a9c9da4f1f4a3f98823524 (diff) | |
Improve authentication
| -rw-r--r-- | controllers/base.php | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/controllers/base.php b/controllers/base.php index f0ae5bd2..5c48d927 100644 --- a/controllers/base.php +++ b/controllers/base.php @@ -40,16 +40,25 @@ abstract class Base $this->board = new \Model\Board; } - public function beforeAction($controller, $action) + private function noAuthAllowed($controller, $action) { - $this->session->open(); - $public = array( 'user' => array('login', 'check'), 'task' => array('add'), ); - if (! isset($_SESSION['user']) && ! isset($public[$controller]) && ! in_array($action, $public[$controller])) { + if (isset($public[$controller])) { + return in_array($action, $public[$controller]); + } + + return false; + } + + public function beforeAction($controller, $action) + { + $this->session->open(dirname($_SERVER['PHP_SELF'])); + + if (! isset($_SESSION['user']) && ! $this->noAuthAllowed($controller, $action)) { $this->response->redirect('?controller=user&action=login'); } |