If you need to secure every method of a Codeigniter controller, you can do it with one line instead of checking the session in every method before doing anything else. In the constructor of the controller simply check that $this->router->fetch_method is not equal to your login method and that a user isn’t logged in. If you meet both of these criteria, redirect to the login method.
I often take shortcuts when setting up my development servers. I recently installed Linux Mint 12 x64 on my main box and wanted to setup a web developing environment on it. To cut corners during package installation, I’ll typically install phpmyadmin which grabs most of the dependencies I need to have a full LAMP dev stack, such as Apache2 and Mysql-server.
That’s how I initially set up my stack in Linux Mint. I also enabled user directories in Apache so I could develop within the public_html directory inside my home directory. All was working well until I copied a CodeIgniter project over and tried it out. I couldn’t access my controller functions from index.php. It worked well for the default controller because it was accessing it from index.php, but when I changed the URL to point to a controller like index.php/admin, it didn’t know what to do with it and I would receiver a server 404 error.
After digging around for a solution, I realized that when I installed my LAMP stack, apt had installed libapache2-mod-php5filter instead of libapache2-mod-php5. I’m not very familiar with this module or what benefits come from using it, but the quick fix was to:
sudo apt-get install libapache2-mod-php5
This removed the php5filter module and installed the plain php5 module. After that, I no longer have an issue with the controllers giving 404 errors.