If I made the right identification for the guests?

Develop a website for one microframework.

There's this concept that if a user is not logged in, then it is not available the website (always redirect to the page with the login).
It's not really suitable for the tasks of my site, and I did the following:

1. Changed the processing of attempts at unauthorized access (source , line 47). Changed to:
public function unauthenticated(){


 if($this->request->isAjax()) { 
 return $this->controller->error(401); 
 Session::reset(["guest_mode" => true]);

2. Later in the session changed the "essence" of its generation (the source, line 300). Changed to:
public static function reset($data){


 $_SESSION["is_logged_in"] = true;

 $_SESSION["user_id"] = 0;
 $_SESSION["role"] = "guest";

 $_SESSION["username"] = "0";


 // remove old and regenerate a session ID.
 $_SESSION = array();

 $_SESSION["is_logged_in"] = true;
 $_SESSION["user_id"] = (int)$data["user_id"];
 $_SESSION["role"] = $data["role"];

 $_SESSION["username"] = $data["username"];

 // save these values in the session
 // they are needed to avoid session hijacking and fixation
 $_SESSION['ip'] = $data["ip"];
 $_SESSION['user_agent'] = $data["user_agent"];
 $_SESSION['generated_time'] = time();

 // update session id in database
 self::updateSessionId($data["user_id"], session_id());

 // set session cookie setting manually,
 // Why? because you need to explicitly set the session expiry, path, domain, secure and HTTP.
 // @see https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet#Cookies
 setcookie(session_name(), session_id(), time() + Config::get('SESSION_COOKIE_EXPIRY') /*a week*/, Config::get('COOKIE_PATH'), Config::get('COOKIE_DOMAIN'), Config::get('COOKIE_SECURE'), Config::get('COOKIE_HTTP'));


Well, in all the places where the info is displayed about the user (mini-profiles, etc.) laid down a condition: if user_id = 0 then display the login button.

Please jump safe my these changes?
I'm not asking for me to do all the work, I just want to the release site did not have any problems with user groups.

Just ask not to advise to rewrite the website in another framework, a La Lara etc Website has been written by 80-90 percent, and migrate to another framework there is no time.

Thank you all in advance for your answers and for the tip
March 12th 20 at 07:58
1 answer
March 12th 20 at 08:00
1. I would still advise you to rewrite it in another framework. It's a way better quality, documentation, community and so on. I doubt that you have already created a huge portal which you need a year to rewrite.

2. To change the framework code is extremely bad practice, although it is possible no other way.

There's this concept that if a user is not logged in, he unavailable the website
- did not see where such a concept. The docks mentioned method isAuthorized() which decides if the page to the user. So maybe enough instead of your changes in the controller add
public function isAuthorized() 
 return true;

Find more questions by tags PHP