ErkanaAuth: A non-invasive user authentication library

[eluser]Michael Wales[/eluser]
I don't have the time right now to create a proper post or a Wiki article (feel free to do so for me, if you'd like) so here's a copy-paste from my blog and a link to the full article:

First of all, let me be blunt about this: this is my authorization library. Of course, I will be taking user suggestions and bug fixes into account but ultimately, if it doesn’t fit within the scope of my needs, it won’t make it into the library.

User Authentication is something that many CodeIgniter developers face every single day - there are tons of libraries out there to help in doing this as well. In my opinion though, most of them are to bloated for my use.

My goal with this library was to create a small set of methods and helpers that would prove useful for a variety of user authentication while not hijacking the framework and forcing you to adopt the practices that library dictates.

What I came up with is Erkana Auth - a library of 3 methods and a helper with 2 functions. Erkana Auth supports user login (maintaining this login via a Session), logout, and a basic role system. The role system is merely the definition of roles, the actual implementation of roles is still left up to you - the developer.

http://www.michaelwales.com/2007/10/erka...n-library/

[eluser]imzyos[/eluser]
Very Nice Gratz

Small 4kbs
FLEXIBLE
WORKS

maybe addRole function

[eluser]Michael Wales[/eluser]
Nice suggestion - I'll see about adding that soon.

Although, it would be changeRole($newrole integer) - since this library only supports a single role.

Nonetheless, good idea.

[eluser]CI Lee[/eluser]
Nicely done chief... I am sure this will become another commonly used tool in the stable.

[eluser]xwero[/eluser]
I will check if it's php4 compatible as soon as i can.

I have one suggestion. Maybe the tablenames should be defined in a config array/file for more flexibility. It's not always possible to rename the tables.

It's the first authentication library i see i will try out, keep up the good work

[eluser]Michael Wales[/eluser]
Thanks for the compliment and the suggestion xwero - that's something I had already considered, but I hate the fact of adding another file that you have to open up and change to use the library.

I think I'll make a class variable to store the tables, and then a method to change those from the defaults if you wish...

[eluser]imzyos[/eluser]
Default use users and roles, but check the 2 parameter on the constructor

$tables= array('usersTable' = 'users', 'rolesTable' => 'roles');
$this->load->library('Erkanaauth',$tables);

[eluser]xwero[/eluser]
My first impression

- The try login snippet needs array() around the array content

- what is the point of the helper functions? They are just wrappers for the library methods. Do they work when the library isn't loaded, i think not but maybe i'm wrong. So the only reason why there are helper functions is to lessen the typing?

- using php4 calling the try_login method gives following error

Severity: Warning
Message: Invalid argument supplied for foreach()
Filename: database/DB_active_rec.php
Line Number: 62

I build the query and i discovered removing the limit en offset from the getwhere method did the trick.

- in the getRole method why do you use and explicit join

Code:

$this->CI->db->select('roles.name');
$this->CI->db->JOIN('roles', 'users.role_id = roles.id');
$query = $this->CI->db->getwhere('users', array('users.id'=>$this->CI->session->userdata('user_id')), 1, 0);

Don't other databases know implicit joins?

Code:

$this->CI->db->select('roles.name');
$query = $this->CI->db->getwhere('users,roles', array('users.role_id' => 'roles.id','users.id'=>$this->CI->session->userdata('user_id')), 1, 0);

- I'm wondering how the class would handle content that is visible for different roles

Code:

<? if (getRole() == 'admin' || getRole() == 'test' || getRole() == 'test2') { ?>
    <li>&lt;?= anchor('admin/users', 'Users'); ?&gt;</li>
  &lt;? } ?&gt;

This can get messy.

Maybe i'm coming on a bit too strong but i think this is good stuff so it can accept a little criticism

[eluser]Michael Wales[/eluser]
Yeah there is definitely some room for improvement - I'll come back to all of these and make a few changes in short-order. The files that I uploaded were posted as soon as I got it working, without any refactoring or really analyzing the code prior to release.

[eluser]Michael Wales[/eluser]

The try login snippet needs array() around the array content

I assume you are referring to this line:

Code:

$query = $this->CI->db->getwhere('users', $condition, 1, 0);

It doesn't need to be surrounded by array() because condition is an array. Your suggestion would make it an array, that contained an array, that included the conditions (in other words SELECT * FROM users WHERE Array() LIMIT 1,0).

The helpers are there so getRole() and getField() can be used in a view - saves on typing a little.

The foreach() error I am unsure about... if removing the limit and offset works, cool. Odd error nonetheless.

The explicit join is just because I suck at joins and have to refer to the MySQL documentation every time. I thought about giving the implicit you mention a try but didn't test it. If it works properly, I'll probably go that route in the future.

The multiple role situation is one I am aware of and I intend to correct that in the future (it will be a new method that accepts a string (or an array, I haven't decided) of user roles. If the user has one of those roles it will return TRUE.