Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
The correct place to authenticate
  • I'm pretty new to FuelPHP (always used Wordpress before) and just want to check if I'm doing my authentication in the correct place.

    Doing a straight install (with an admin area set up) say I have a table for 'posts' and I want only logged in users to be able to create/edit/delete posts, should I add the following:

    if ( Auth::check() ) { //logged in } else { //redirect user }

    in the view to (as an example) hide the edit buttons, and then in the controller I assume I should run the same check (say in the edit/create class) just before:

    if (Input::method() == 'POST')

    in my action_create() code?

    Or is this completely the wrong way to do it, in which case - where am I going wrong?

    Sorry if this is basic FuelPHP 101 - having worked with Wordpress I've only ever needed to concern myself with how a site displays (or using ACF to add fields to the admin area), building the admin area itself is new to me and I want to make sure I get it right first off.

    Any pointers would appreciated!

    P.S. I'll be using Ormauth mainly if that makes a difference to the authentication method.
  • HarroHarro
    Accepted Answer
    Never put logic in a View. Views are only for markup of your output, so ideally they contain only HTML. If you need to use PHP, only use it for stuff like simple if's, or loops.

    If you need pre-markup logic, for example to convert a database record to something you can display (for example by fetching related data), you do that in a Presenter.

    Your control logic goes into the controller, and business logic goes into a Model.

    Back to the question, we use base controllers, so you can do

    class Authenticated extends Controller
        public function before()
            if ( ! Auth::check() ) { //redirect user }


    You can then use

    class Posts extends Authenticated {}

    instead of

    class Posts extends Controller {}

    The basic flow in a controller action method depends a bit on personal preference and complexity. If they are not complex, you can use the same method for both get and post, and use the input method to check. has a few examples that use this method.

    If they get complexer, it might be better to split them. So instead of using

    public function action_create {}

    you use

    public function get_create {}

    for loading the page, and 

    public function post_create {}

    for processing the posted form.

    The downside is that you possibly have some code repitition (which you can always split off to seperate internal methods, i.e. methods that don't start with action), the upside is that both request paths are separated, and there is (or should be) always a redirect involved at the end, making page reloads less likely (always something to check, you don't want people reposting the same form).
  • Hi Harro, thanks for the detailed reply - I think I get the gist of how it works now. I had a feeling that my initial thinking was way off base but that all goes back to how I'd work with Wordpress - I need to change my thinking somewhat.

    Moving to Fuelphp is a big leap with a lot to take in (which I was prepared for) so I'll look into presenters more and run a few tests locally for the authentication. 

    Thanks very much for the pointers, most appreciated. :)
  • HarroHarro
    Accepted Answer
    You're welcome. Just give a shout if you need to know more.

    ( and I know what you mean, we have a few WP sites to maintain, very PHP4 like... ;-)

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion