Featured Posts

Codeigniter Pagination Part 3 OK so we have now covered setting up Codeigniter Pagination and passing some simple data through it. We have also managed to add categories to our posts to make it a little...

Readmore

Codeigniter Pagination Part 2 So leading on from the last screencast we now have some simple data being pushed through the pagination library. Now were going to look at adding categorys to our posts...

Readmore

Codeigniter Pagination Part 1 One of the biggest things I see being asked around the codeigniter forums & IRC channel is pagination. So I have decided to create a set of tutorials from basic setup...

Readmore

Codeigniter Preparation Hopefully if I can keep my promise and will be rolling a set of screencast on this site and part of them will be to do with the Codeigniter Framework. I though it would...

Readmore

Radio Button Replacement With Style I thought I would kick off this blog with a short tutorial on how you can make form radio buttons look and feel allot more interesting. A recent job required the user to...

Readmore

Web Lee Rss

Secure Jquery Ajax Request

Posted on : 25-06-2009 | In : Codeigniter, General, Jquery, PHP, Screencasts

14

As we have seen in our previous Ajax requests we can grab data from different sources to output the the page. But what happens if the client has logged timmed out ? Trying to send the client to a login page can be a little more tricky than it sounds.

In this screencast I will show you a quick way to listen for unauthorized access and send the client to a login page.

Screen Time: 12:20

Please see below the key piece of code you will need.


	$().ajaxError(function(xhr, status, err){
   		if(status.status == 401)
   			window.location.href = '/welcome/login.php';
 	});

Comments (14)

WOW!!!Ours! Its screencasts are very good! Please, it continues making screencasts, this save my life!! Thx so much =]….

Hi, thanks for your screencasts. I have learned a lot.
Can you please make a screencast about user access control to limit options like edit, save, delete, list, etc. in a web application. I ve been searching without success. I think it will be very usefull to the php/codeigniter comunity as there is not much information about that topic, or maybe y just did not knew how to search for it.

long time no post ,but I hope you goes on ,I will always come here .thinks for you tutorial for CI

Excellent tutorials, they are very much appreciated.

Hi Mike

Thank you for asking. Yea I will be doing more just a little busy with a project right now.

Keep watching :-)

I am not sure if you have fixed the cacheing issues you were having in firefox but what you can do is download the web developer toolbar for firefox (https://addons.mozilla.org/en-US/firefox/addon/60) and then under the first menu item “disable” just select “disable cache”.

I do this while I am developing to avoid the exact same issues you were having.

Lee, thanks for your great screencasts, they are really helpful!

Like Alex Inoa, I am also very interessted in UAC with CI! Would be great to see something about this soon :)

Regards, Toby

Hi, i am trying to make a login page that requires a local key (user-side) as well as the username and password.

the idea is to hash the user info against the users key, and use the public key to decrypt and authorize.

if i get it working i will toss you a link

Thank you so much for your tutorials, they are some of the best I’ve seen in way of the intersection of CI+jQuery+ajax…

Great screencast. I’ll be tuned for more!!

Great Idea!

You can also add the event to the jquery ajax global settings. This way you don’t have to attach the event to every ajax request (if you’re using some sort of ACL).

I added the following to my header for auto inclusion.

jQuery.ajaxSetup({
error: function(xhr, requestStatus, error)
{
if(xhr.status == 401)
{
// redirect here or do whatever…
}
}
,cache: false
});

Yes, I agree with all other posts. I am looking forward to seeing the next ones.
@Alex, CI backendpro is the one you are looking for.
@Bill Thanks for your tip.

Thanks, but the problem is that you still send the data to the client.

The better way is to not send data to the client if the client is not authorized.

Do never trust the client and do never trust code and checks wich can be manipulated by the client (javascript).

My function secure would look like:
public function secure() {
if(IS_AJAX) {
if(!$this->session->userdata(’logged_in’)) {
header(’HTTP/1.1 401 Unauthorized’);
die;
}
echo ‘Time for Coffee’;
} else {
echo ‘Direct acces not allowed’;
}
}

Greetings from germany,
Sym2k8

@Sym2k8
die(‘Direct acces not allowed’); is much better perhaps?

Write a comment